Cyber Security Consultancy

Together, we can demystify cyber security in a way that is actually useful for you.

Together, we can get your cyber security to a level you are comfortable with.

Good tactics to work by

We help your organisation's security by: educating all those involved; determining the vulnerabilities in your technology; and recommending how you can improve.

We keep the context of your organisation dead-centre, so you get advice and analysis that actually makes sense for you.

These things take time

Working together regularly means the benefits are distributed throughout the organisation in a cost-effective manner.

The principals of what we teach can be applied many times on many different systems - there is little point in us telling you the same thing over and over.

Can We Target You?

Every person, every computer, every digital service and every organisation from every country on this planet (and those in orbit) are targets for the bad guys

If they can target you, so should we.

How can this be?

They are all targets because, by volume, the majority of cyber attacks world-wide are launched in an untargeted fashion. It is also why we work with any organisation, regardless of size, industry and risk-levels: they all need protecting.

What is an untargeted attack?

Most phishing emails are "trawler net phishing", where a broad attack is sent to many millions of potential victims. This tactic works for the attackers because they only need to convert a small percentage from being potential victims, to being actual victims.

What can be done about it?

We are an information and cyber security consultancy - our business cards call us "Consultant Hackers". We do cool things with awesome tech whenever possible, however, we also know that the vast majority of what needs protecting is actually normal stuff for businesses, like yours, far and wide.

Infrastructure Penetration Testing

We simulate attacks from over the Internet to your externally-facing infrastructure, and from your office against the soft gooey inside to work out how resilient your IT systems are. Once you know what the problems are, they can be fixed.

Web & Mobile App Penetration Testing

Applications of all types can be highly complex and so deserve a more concentrated assessment. If you publish applications or have custom applications written for you, this is particularly important as it is probably holding data that is important to you.

Icon

Digital & Physical Social Engineering

Let your staff experience first hand what it feels like to be hacked, then train them to make it less likely in the future. Security training shouldn't be boring, in fact, the more exciting the better - the message is more likely to stick.

Icon

Technical Build Reviews & Compliance Consultancy

Its all about "defence in depth", push your infrastructure, servers and workstations so they are resilient against unknown threats and future problems. Then after all this hard work and effort, prove it to anyone who will listen by becoming compliant to a well-known standard.

Be confident in us

Some people would call us "sad" - typically we've been programming since we were less than ten years old and we tend to have the slightly clichéd teenage experience of going to secondary school and challenging the security capabilities of computer systems there.

One of us is fortunate enough to have an MSc in Software and Systems Security at the University of Oxford, (achieving a distinction grade both in the eyes of the university and those of GCHQ as they accredited the course, but we don't talk about that as they might get a big head).

It is important to constantly develop your skill set as a penetration tester, so we all have our own little mini crusade to gain further training and qualifications, hang-out at hacking conferences, and even go co-author books on penetration testing.

Get In Touch

By now, you either know you want to work with us, or have more questions, either way you should get in touch. These are some of the methods you can use:

Email us: helpme@yg.ht
Call us: +44 161 818 9448

If you need to use secure emails, you can email the above address, but encrypt your message using GPG or PGP. The below is one of the public encryption keys you could use to do that:

GPG public key ID:
0x396094C05C2500CC
SHA1 Hash:
deb6f15c43ee9d6f499c8a25f359f995ad4d9cc5
SHA256 Hash:
9d60f5b67279c5dc61fedd336695e3661388aef2b359b7a0be3f88b2d2886f68
SHA512 Hash:
18146e7a95095254e997a7336331bff7b4538027416c5202b9ec9f42fff38186
1e618a06787e999cdcb48d2803f28cb3e8127b154f57ceaab50796e12ee1c415

You can also find this key on Keybase: https://keybase.io/felixrr

If all else fails or an apocalyptic event occurs we will get out the CB radio. We don't yet have a fleet of carrier pigeons but this could also be arranged.