Identify your vulnerabilities with our penetration testing and cybersecurity services.
Resilience to cyberattacks is key to protecting your reputation and sensitive data.
Use our services and become known for defending your client's information.
We help organisations to identify, evaluate, mitigate & respond to cyber threats.
Together, we can demystify cybersecurity in a way that is actually useful for you.
We help your organisation's security by: educating all those involved; determining the vulnerabilities in your technology; and recommending how you can improve.
We keep the context of your organisation dead-centre, so you get advice and analysis that actually makes sense for you.
Working together regularly means the benefits are distributed throughout the organisation in a cost-effective manner.
The principals of what we teach can be applied many times on many different systems - there is little point in us telling you the same thing over and over.
Every person, every computer, every digital service and every organisation from every country on this planet (and those in orbit) are targets for the bad guys
If they can target you, so should we.
They are all targets because, by volume, the majority of cyber attacks world-wide are launched in an untargeted fashion. It is also why we work with any organisation, regardless of size, industry and risk-levels: they all need protecting.
Most phishing emails are "trawler net phishing", where a broad attack is sent to many millions of potential victims. This tactic works for the attackers because they only need to convert a small percentage from being potential victims, to being actual victims.
We are an information and cyber security consultancy - our business cards call us "Consultant Hackers". We do cool things with awesome tech whenever possible, however, we also know that the vast majority of what needs protecting is actually normal stuff for businesses, like yours, far and wide.
The Internet of Things (IoT) is increasingly prevalent in our everyday lives. These devices range hugely in their importance and complexity and so do their security requirements. Our skilled team attacks IoT systems from many approaches, including attack surface assessments, reverse engineering, protocol analysis, and attacks against alternative wireless technologies such as ZigBee, Z-Wave, Bluetooth and LoraWAN.
Industrial Control Systems (ICS) consist of many devices working as part of a larger operation. Individual ICS devices are typically very simple and have primitive levels of security. As these devices are networked a breach at one point in the system has a serious impact. Assessments of ICS involve understanding the vulnerabilities of each individual component and the potential impact of different types of breach.
We simulate attacks from over the Internet to your externally-facing infrastructure, and from your office against the soft gooey inside to work out how resilient your IT systems are. Once you know what the problems are, they can be fixed.
Applications of all types can be highly complex and so deserve a more concentrated assessment. If you publish applications or have custom applications written for you, this is particularly important as it is probably holding data that is critical to your success.
Let your staff experience first hand what it feels like to be hacked, then train them to make it less likely in the future. Security training shouldn't be boring, in fact, the more exciting the better - the message is more likely to stick.
Organisation's with mature cyber security might not get the satisfaction from regular penetration tests. Consider having adversarial testing, red teaming or other specialist services designed around your exact requirements.
Some people would call us "sad" - typically we've been programming since we were less than ten years old and we tend to have the slightly clichéd teenage experience of going to secondary school and challenging the security capabilities of computer systems there.
One of us is fortunate enough to have an MSc in Software and Systems Security at the University of Oxford, (achieving a distinction grade both in the eyes of the university and those of GCHQ as they accredited the course, but we don't talk about that as they might get a big head).
It is important to constantly develop your skill set as a penetration tester, so we all have our own little mini crusade to gain further training and qualifications, hang-out at hacking conferences, and even go co-author books on penetration testing.
By now, you either know you want to work with us, or have more questions, either way you should get in touch. These are some of the methods you can use:
Email us: helpme@yg.ht
Call us: +44 161 818 9448
Sometimes only encrypted emails will do. If so, encrypt your message with GPG or PGP using this key.
If you want to speak with us straight away, our office opening hours are Monday to Friday 9 am to 5pm UK time and we don't open on bank holidays.
If all else fails or an apocalyptic event occurs we will get out the CB radio.
We don't yet have a fleet of carrier pigeons but this could also be arranged.