News and updates - DotSec - Cyber security specialists

Cyber: What HR and recruiters need to know.

What HR teams and recruiters need to know about cyber security Here’s an article that we wrote a while back in collaboration with Scout Talent, and it’s as relevant now as it originally was. The co-author was Victoria McGlynn who was Employer Branding Specialist and Marketing Content Producer for Scout Talent Group. Introduction The human element Cyber security extends beyond systems and technology. […]

Internet shortcuts and DLL hijacking

Internet shortcuts and DLL highjacking TL; DR DLL hijacking over WebDAV using .url files is still effective now, in 2024. Windows hardening measures don’t help if you use MSBuild .rsp files But there are videos, so you really should read on! Introduction Internet shortcut (.url) files are traditionally used to link to an (Internet-based) URL […]

CASE STUDY: MEASURABLE GAINS

CASE STUDY: MEASURABLE GAINS Cross-business testing and improvement program Background and Challenges Our client is responsible for the administration of multiple businesses, and they engaged dotSec to address a very interesting and critical cybersecurity challenge: Each business had previously functioned as an independent business unit, and over time, this had resulted in varied levels of […]

Walking the ISO 27001 walk

dotSec achieves ISO 27001 certification dotSec is thrilled to announce a recent milestone: Achievement of ISO/IEC 27001:2022 certification! This achievement represents a significant step forward in our ongoing commitment to excellence in information security management. ISO 27001 is a globally recognized standard that outlines the best practices for establishing, implementing, maintaining, and continually improving an Information […]

dotSec news – August 2024

News and updates – August 2024 In this newsletter: Recent dotSec certification achievements and training news. Read about a recent dotSec GRC project that focused on ISO/IEC 27001:2022 preparation. Meet Gautham, Head of Governance, Risk and Compliance (GRC) at dotSec and learn more about dotSec’s GRC services. Cyber security expertise through training The dotSec ethos […]

Excellence is not an act!

Excellence, then, is not an act! It’s a saying that has been attributed to Aristotle and an American pro football player, but it was probably penned by author Will Durant: “Excellence, then, is not an act, but a habit.” Whoever wrote it first, it’s a sentiment worth remembering and since the use of cyber security […]

Law Firms And Cyber Tech

Security tech and law firms: Don’t just do it! The shiny allure of technology is so enticing and the siren’s call, “Just buy this thing and all your pain will go away”, is almost irresistible. With the proper approach, various technologies really can help firms to manage their level of risk by offering capabilities such […]

A long life with ISO 27001!

Happiness and a long life with ISO 27001! “Data is the new oil!” The phrase was famously uttered by British mathematician Clive Humby nearly 20 years ago but it’s often used today, not in its original context, but to try to convey the idea that data is valuable in its own right. The reality of course […]

TPSP AOCs save you money!

TPSPs score goals and save money! Protecting sensitive information has become a vital aspect of running any business, and one area that requires a high level of vigilance is payment security, especially for businesses that handle credit card (also known as cardholder) data. These businesses must adhere to the Payment Card Industry Data Security Standard […]

SharpC2 in the real world

Introduction to SharpC2 SharpC2 is an open-source (.NET based) command-and-control framework developed by RastaMouse. The main component of SharpC2 is the TeamServer (and related .NET rich client) which is responsible for both generating implants (called drones in SharpC2 parlance) as well as communicating with said implants when they are deployed to the target. SharpC2 contains […]