• English UK
    • English US

Prioritise, Keep Pace, Prevail.

Research

Our research and development programme sets industry standards in cyber security

At Dionach we are proud of our well-established research and development programme. Our team of consultants are focused on continually uncovering new technical vulnerabilities in software and hardware, raising the bar in security assessment services and sharing our knowledge through whitepapers and various industry channels.

Through the responsible disclosure process we have published numerous vulnerabilities in leading software applications that our team has identified.

As part of our commitment to remaining vendor independent and offering the best technical solution to each client engagement, we also develop proprietary security tools for testing methods including vulnerability scanning, spear phishing and security auditing. In practice, our consultants have a wide range of commercial, open-source and custom tools at their disposal to deliver industry-leading outcomes for our client base.

Some of our custom tools are published as open source on Dionach’s GitHub page: https://github.com/Dionach.

Technical blog

Insecure Mobile Apps Can Lead to AWS Account Compromise

Author: Mike Manzotti – Senior Consultant
Nowadays the number mobile apps available on market stores such as Google Play or Apple’s App Store are constantly increasing. This fast-paced industry does not always consider cyber security a priority, especially when deadlines are tight, and often it is an afterthought.

In this blog I will guide you through part of a mobile app penetration test that allowed me to fully compromise an AWS account, which amongst other assets, included a WordPress website hosted on a EC2 instance.

read more

Active Directory Password Auditing Part 3 – Analysing the Hashes

In two previous blog posts we discussed how to dump password hashes from a Domain Controller and how to crack these hashes to obtain a list of clear text passwords. In this blog post, we’ll learn how to obtain useful metrics from cracked password hashes in order to determine improvements to a password policy.

read more

ShareAudit – The File Share Auditing Tool

In the previous blog post, we have discussed the steps in identifying sensitive information in file shares, as well as file servers with inappropriate access controls configured. It was aimed to provide organisations with a guide on how to perform internal file share audits. Dionach have now released a tool, ShareAudit, to further improve the process of performing these audits. The tool is now publicly available on GitHub.

read more

Mitigating Social Engineering Risks

Social engineering is the process of manipulating people through various channels such as phishing, phone calls and physical instrustions. This post provides a walkthough of an example attack using emails and phone calls, and what organisations can do to reduce the risk of these kind of social engineering attacks.

read more

Printer Server Bug to Domain Administrator

During a recent internal network penetration testing engagement, a number of common attack paths were unavailable as a number of security mechanisms were implemented such as the Local Administrator Password Solution (LAPS) and the prevention of logged on credentials...

read more

The Security of Voice-Activated Technology

Adoption of voice-activated technology has accelerated in recent years. Voice-controlled functionality on smartphones and voice-controlled devices for home use, such as Amazon Echo and Google Home, have become widespread. Voice control is also being implemented in...

read more