• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Bucharest: +40 316 301 707 
  • Tokyo: +81 (3) 4588 8181 


You are here

By Adrian

So, you want to get Cyber Essentials certified?

Sep 16, 2019

This will give you an understanding of the key elements of the Cyber Essentials standard, help you determine if you're ready to be assessed, and what you need to do. Continue reading

By Casey

Active Directory Password Auditing Part 3 – Analysing the Hashes

Sep 04, 2019

In two previous blog posts we discussed how to dump password hashes from a Domain Controller and how to crack these hashes to obtain a list of clear text passwords. In this blog post, we'll learn how to obtain useful metrics from cracked password hashes in order to determine improvements to a password policy. Continue reading

By Jiaky

ShareAudit – The File Share Auditing Tool

Aug 28, 2019

In the previous blog post, we have discussed the steps in identifying sensitive information in file shares, as well as file servers with inappropriate access controls configured. It was aimed to provide organisations with a guide on how to perform internal file share audits. Dionach have now released a tool, ShareAudit, to further improve the process of performing these audits. The tool is now publicly available on GitHub. Continue reading

By Rokas

Mitigating Social Engineering Risks

Aug 15, 2019

Social engineering is the process of manipulating people through various channels such as phishing, phone calls and physical instrustions. This post provides a walkthough of an example attack using emails and phone calls, and what organisations can do to reduce the risk of these kind of social engineering attacks. Continue reading

By Wes

Printer Server Bug to Domain Administrator

Aug 08, 2019

During a recent internal network penetration testing engagement, a number of common attack paths were unavailable as a number of security mechanisms were implemented such as the Local Administrator Password Solution (LAPS) and the prevention of lo Continue reading

By Mary

The Security of Voice-Activated Technology

Jul 31, 2019

Adoption of voice-activated technology has accelerated in recent years. Voice-controlled functionality on smartphones and voice-controlled devices for home use, such as Amazon Echo and Google Home, have become widespread. Continue reading

By Oliver

Minimising the Risks of Using Flash

Jun 04, 2019

Flash is well-known to people within the cyber security industry to have a long history of security vulnerabilities as well as functionality flaws. However, it is impossible to completely uninstall Flash, as the plugin has been integrated in both Internet Explorer and Microsoft Edge, which are core applications that come with Windows builds. Therefore, the purpose of this blog post is to provide possible solutions for organisations to minimize the risks of having Flash. Continue reading

By Antti

Moodle Jmol Plugin Multiple Vulnerabilities

May 20, 2019

In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years. Continue reading

By Guy

Common Mistakes with PCI DSS Compliance

Apr 29, 2019

I've been a PCI Qualified Security Assessor (QSA) for PCI DSS requirements for some years, and I have detailed some of the more common mistakes I encounter whenever discussing PCI DSS with organisations, be they business owners, website developers Continue reading

By Marius

Compromising Jira Externally to Get Internal Network Access

Mar 25, 2019

In a recent external network engagement, which had a fairly large number of external services, I found a Jira login page available on the client's external network. Continue reading