Information and Cyber Security services are delivered by experienced professionals who have been working in the field of Information and Cyber Security for many years.
Our Skills
Every member of our team is hands on and can compromise any target, anywhere in the world with ease and surgical precision. You may wonder how these individuals got to this level, the obvious truth is that they didn’t acquire the skills at school or while studying for a degree at Uni. The trade-craft they can demonstrate is hard to match in the real-world scenario. There are only few threat actors such as nation state actors, professional Black Hat hackers, or self-taught talented individuals who may have similar capabilities. We could describe our team as people who help others in need while showing respect, and at times admiration for capabilities of our adversaries.
Professional Qualifications
For anybody working in the corporate world and for compliance purposes we listed some of the professional qualifications that our team members have. However, in reality, qualifications don’t tell the full story because they don’t offer the real-world experience that is essential to being successful in this field. We support professional development, training and qualifications even though we equally value talented people with no qualifications who are good at what they do.
Our team members have professional qualifications that they obtained either for a challenge or as a part of on the job training programmes e.g Offensive Security OSCE and OSCP qualifications, and at some point of their careers also passed rigorous CREST exams that are golden standard of professional competency in the UK. They are also former members of CHECK team who worked on public and private sector projects.
The lead Consultant has been involved in 1000s of penetration tests, and security assessments over his career. He compromised applications, and infrastructure of clients from all over the world during assessments. He discovered 0 day vulnerabilities, developed exploits and unique solutions to security issues, and provided consultancy services to clients. He also worked as an assessor for Cyber Essentials and Cyber Essentials Plus schemes.
Public and Private Sector Experience
Our team has experience with working for both public and private sector clients operating in multiple sectors e.g. financial services, retail, non-for-profit, manufacturing, banking, insurance and many more. We also worked with clients from different continents, countries, time zones and jurisdictions, and understand the specific needs that they may have.
Our Methodology
We know that automated testing and vulnerability scans are used during assessment to save time. However, we prefer to use manual techniques to achieve our objectives. Nine out of ten times we find critical issues manually that others missed because they were using automated tools.
In addition to our own checklists, while testing applications we follow OWASP (Open Web Application Security Project) guidelines, for configuration reviews we follow CIS (Center for Internet Security) benchmark guidelines, and for anything else we use golden industry standards developed by CREST (Council of Registered Ethical Security Testers) and NCSC (National Cyber Security Centre). We support, respect and appreciate, the incredible work that these organisations (OWASP, CIS, CREST, NCSC and many others not mentioned here) have been doing to improve the security posture of businesses and consumers.
We are research led team who use the latest techniques and attack vectors to achieve objectives. We use in-house developed tools and exploits that are effective against any target. Our team utilises dedicated lab environment to prepare enterprise grade exploits and test them against targets in a safe environment before deployment in production. We also use publicly available tools and OSINT techniques for reconnaissance.
We understand that availability of services is the most important factor for our clients while conducting security testing. Using our experience we minimise the risk of anything going wrong while testing or when working on targeted attacks. We work collaboratively with clients and their internal teams to achieve desired objectives, and minimise the risk to the target environment.