Prioritise, Keep Pace, Prevail.


Our research and development programme sets industry standards in cyber security

At Dionach we are proud of our well-established research and development programme. Our team of consultants are focused on continually uncovering new technical vulnerabilities in software and hardware, raising the bar in security assessment services and sharing our knowledge through whitepapers and various industry channels.

Through the responsible disclosure process we have published numerous vulnerabilities in leading software applications that our team has identified.

As part of our commitment to remaining vendor independent and offering the best technical solution to each client engagement, we also develop proprietary security tools for testing methods including vulnerability scanning, spear phishing and security auditing. In practice, our consultants have a wide range of commercial, open-source and custom tools at their disposal to deliver industry-leading outcomes for our client base.

Some of our custom tools are published as open source on Dionach’s GitHub page:


How to classify sensitive data within your organisation (2/2)

In this second part of our two-part blog we will discuss the requirements to correctly classify your data. Following on from part one once the identification and classification of your data has been completed you need to focus upon data handling. Establish Data Handling Requirements There are numerous forms of

Read More »

How to classify sensitive data within your organisation (1/2)

A crucial first step towards ensuring your data is secure is to identify and classify your information assets. Without considering these tasks you will neither know where your assets are nor how to keep them secure. Information · which assets are more valuable than others · which assets require additional

Read More »

The New NIS2 Directive: What do I need to know?

The Network and Information Systems (NIS) Regulations, aimed at raising levels of cyber security and resilience of key systems across the EU, came into force on 10th May 2018. On 16th January 2023, the NIS2 Directive came into force. The NIS2 Directive rescinds the original NIS Directive and creates a

Read More »

Changes in the ISO 27001:2022 Revision

Changes in the ISO 27001: 2022 Revision Overview The new version of the ISO 27001:2022 standard was released in October 2022, following the release of the revised ISO 27002:2022 guidance in February 2022. Organisations have 3 years to transition from ISO 27001:2013 to ISO 27001:2022, with the deadline being October

Read More »

PCI DSS 4: Self-Assessment Questionnaire Changes

PCI DSS v4.0 introduced some changes to each of the self-assessment questionnaires (SAQs). There is no change to the list of self-assessment questionnaires, and they have broadly the same eligibility criteria. Below is a summary table showing the SAQs and the number of requirements for each of the related PCI

Read More »

How to Conduct a Risk Assessment

Risk management is at the heart of information security and should be at the forefront of an organisation’s information security program.  The term risk management covers all the activities associated with identifying, quantifying, and addressing the risks associated with threats and vulnerabilities.   In security a risk is defined as the

Read More »

Simple 2FA Moodle Plugin: From 2FA Bypass to Account Takeover

Author: Flaviu Popescu – Technical Consultant Introduction There are times as a penetration tester that you find something unique. It may not be unique in the field of cyber security but unique to the tester themselves. This was one of those times. During testing on a web application, a couple

Read More »