Printer Server Bug to Domain Administrator
During a recent internal network penetration testing engagement, a number of common attack paths were unavailable as a number of security mechanisms were implemented such
8th August 2019
Prioritise, Keep Pace, Prevail.
RESEARCH
Our research and development programme sets industry standards in cyber security
At Dionach we are proud of our well-established research and development programme. Our team of consultants are focused on continually uncovering new technical vulnerabilities in software and hardware, raising the bar in security assessment services and sharing our knowledge through whitepapers and various industry channels.
Through the responsible disclosure process we have published numerous vulnerabilities in leading software applications that our team has identified.
As part of our commitment to remaining vendor independent and offering the best technical solution to each client engagement, we also develop proprietary security tools for testing methods including vulnerability scanning, spear phishing and security auditing. In practice, our consultants have a wide range of commercial, open-source and custom tools at their disposal to deliver industry-leading outcomes for our client base.
Some of our custom tools are published as open source on Dionach’s GitHub page: https://github.com/Dionach.
TECHNICAL BLOG
The Security of Voice-Activated Technology
Adoption of voice-activated technology has accelerated in recent years. Voice-controlled functionality on smartphones and voice-controlled devices for home use, such as Amazon Echo and Google
31st July 2019
Minimising the Risks of Using Flash
Flash is well-known to people within the cyber security industry to have a long history of security vulnerabilities as well as functionality flaws. However, it is impossible to completely uninstall Flash, as the plugin has been integrated in both Internet Explorer and Microsoft Edge, which are core applications that come with Windows builds. Therefore, the purpose of this blog post is to provide possible solutions for organisations to minimize the risks of having Flash.
4th June 2019
Moodle Jmol Plugin Multiple Vulnerabilities
In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years.
20th May 2019
Compromising Jira Externally to Get Internal Network Access
In a recent external network engagement, which had a fairly large number of external services, I found a Jira login page available on the client’s
25th March 2019
From Internal Web Application To Domain Admin
In a recent internal network penetration test I found a slightly less conventional route to get domain administrator privileges. This type of attack is certainly
20th February 2019
Minimising the risk of using Java
Much as they may wish to do otherwise, organisations may need to install the Java Runtime Environment (JRE) so users have the Java Plugin they
4th January 2019
CVE-2018-18863 ResourceLink Local File Inclusion
In a recent penetration test ResourceLink version 20.0.2.1 was found to be vulnerable to local file inclusion (LFI). ResourceLink is a payroll web application that
8th November 2018
Combining Issues to Compromise the Domain
Internal penetration tests, as approached by Dionach, are a good exercise to assess the security of the internal networks of our clients. Typically, we spend
29th October 2018
