Cyber Security Consultancy

Together, we can demystify cyber security in a way that is actually useful for you.

Together, we can get your cyber security to a level you are comfortable with.

Good tactics to work by

We help your organisation's security by: educating all those involved; determining the vulnerabilities in your technology; and recommending how you can improve.

We keep the context of your organisation dead-centre, so you get advice and analysis that actually makes sense for you.

These things take time

Working together regularly means the benefits are distributed throughout the organisation in a cost-effective manner.

The principals of what we teach can be applied many times on many different systems - there is little point in us telling you the same thing over and over.

Can We Target You?

Every person, every computer, every digital service and every organisation from every country on this planet (and those in orbit) are targets for the bad guys

If they can target you, so should we.

How can this be?

They are all targets because, by volume, the majority of cyber attacks world-wide are launched in an untargeted fashion. It is also why we work with any organisation, regardless of size, industry and risk-levels: they all need protecting.

What is an untargeted attack?

Most phishing emails are "trawler net phishing", where a broad attack is sent to many millions of potential victims. This tactic works for the attackers because they only need to convert a small percentage from being potential victims, to being actual victims.

What can be done about it?

We are an information and cyber security consultancy - our business cards call us "Consultant Hackers". We do cool things with awesome tech whenever possible, however, we also know that the vast majority of what needs protecting is actually normal stuff for businesses, like yours, far and wide.

Infrastructure Penetration Testing

We simulate attacks from over the Internet to your externally-facing infrastructure, and from your office against the soft gooey inside to work out how resilient your IT systems are. Once you know what the problems are, they can be fixed.

Web & Mobile App Penetration Testing

Applications of all types can be highly complex and so deserve a more concentrated assessment. If you publish applications or have custom applications written for you, this is particularly important as it is probably holding data that is important to you.

Digital & Physical Social Engineering

Let your staff experience first hand what it feels like to be hacked, then train them to make it less likely in the future. Security training shouldn't be boring, in fact, the more exciting the better - the message is more likely to stick.

Technical Build Reviews & Compliance Consultancy

Its all about "defence in depth", push your infrastructure, servers and workstations so they are resilient against unknown threats and future problems. Then after all this hard work and effort, prove it to anyone who will listen by becoming compliant to a well-known standard.

Be confident in us

Some people would call us "sad" - typically we've been programming since we were less than ten years old and we tend to have the slightly clichéd teenage experience of going to secondary school and challenging the security capabilities of computer systems there.

One of us is fortunate enough to have an MSc in Software and Systems Security at the University of Oxford, (achieving a distinction grade both in the eyes of the university and those of GCHQ as they accredited the course, but we don't talk about that as they might get a big head).

It is important to constantly develop your skill set as a penetration tester, so we all have our own little mini crusade to gain further training and qualifications, hang-out at hacking conferences, and even go co-author books on penetration testing.

Get In Touch

By now, you either know you want to work with us, or have more questions, either way you should get in touch. These are some of the methods you can use:

Email us: helpme@yg.ht
Call us: +44 161 818 9448

If you need to use secure emails, you can email the above address, but encrypt your message using GPG or PGP. The below is one of the public encryption keys you could use to do that:

GPG public key ID:
0x4B2F12C41DFAA29B
MD5 Hash:
2d89e5696bf6c72e1b7abfa7fae7daa3
SHA1 Hash:
27e65f262b498d94d03d6ca8c88e997c5c501157
SHA256 Hash:
977b8515f5abab132a6989fbb3c20a69a4765a820ccc1eb75ae95cc82575d0d2
SHA512 Hash:
601967993ea329b84efb8a59183c87f645424137081937088f96836affb63e101eb2a1f4ddeb3ae20d2af4a3da44e9039a777bba6581f3fcaa43538687ea853a

You can also find this key on Keybase: https://keybase.io/felixrr

If all else fails or an apocalyptic event occurs we will get out the CB radio. We don't yet have a fleet of carrier pigeons but this could also be arranged.