Cyber Security
Cyber security seems to be in the headlines so much more these days, from organised hacking groups to destructive and costly ransomware, state-sponsored attacks and lone cybercriminals we have seen it all.
Penetration testing is a modern-day necessity, and this is where someone friendly like us probes your company's entire I.T systems landscape to expose weaknesses, so you can plug any gaps before any outside threats maliciously target them, think of it as paying an "ethical" hacker to break into your systems so you can learn how they got inside.
Unlike most penetration testing firms, Zero42 specialises in helping small to medium-sized businesses uncover what threatens them the most and the steps required to protect themselves, with a host of services that even the non-I.T savvy will understand.
A typical mission
No two penetration test missions are the same, there are far too many variables but here are the steps each engagement will follow to give you some kind of idea of the work involved.
-
01. Agreement & Scope
Both sides agree on the scope of engagement and what is on and off-limits within our mission, after all, you may have some stuff you wish to hide.
-
02. Planning & Reconnaissance
Planning always takes time, we work hard to gather as much information about our target as possible and that means watching how your business interacts digitally as well as the people around you.
-
03. Scanning Vulerabilities
During this phase of the attack, we interact with our chosen targets and send probes deep into your digital infrastructure, we look for weaknesses in open ports and systems with social engineering and manipulation just like a rogue attacker would.
-
04. Gaining Access
Once the vulnerabilities have been identified we then carefully check each one in turn for access and to see which are exploitable and which provide us with the best leverage into the very heart of your infrastructure.
-
05. Maintaining Access
Now that we are inside your networks, we like to make sure that we can maintain access and move around without setting off any alarms or raising suspicion and that means replicating our methods of entry or creating our very own hidden entry points.
-
06. Exploitation
This is the phase where actual damage could be done, a real cyber attacker would try to get hold of data, compromise your systems and launch malicious code. Our experts will not however cause mayhem or do damage but prefer instead to leave behind little gifts for you to collect or pick up any flags you may have left for us.
-
07.Evidence Gathering
Now we have compromised most if not all of your systems, we put together evidence of our exploits in a digital scrapbook which you get to keep. This book will provide you and your team with insight into the methods used, and the information gathered.
-
08. Final Reporting
The final part of the penetration test is the generation of a comprehensive report detailing each of our exploits and providing you with best practices of how to prevent further attacks.
We could always go further [additional fees apply] and actually implement any changes for you, or maybe run one of our fun security seminars to help educate your staff on how to best protect the business and themselves.
Penetration testing packages
We have three main packages, these fit the majority of end-user scenarios but we will also custom design something different for you if you prefer.
Yellow Package
Attack Mode One
Our basic penetration testing exercise, with everything a small business requires to evaluate security threats and assess weaknesses.
Red Package
Attack Mode Two
Our ever popular enhanced penetration testing package includes everything a business needs to determine potential threats and weaknesses including easy to access infrastructures such as wifi, CCTV and mobile.
Black Package
Attack Mode Three
Our ultimate penetration testing package, with no-holds-barred, we will simulate real-world coordinated attacks on your business data and your entire I.T landscape. We only take on a few BLACK packages each year, as the workload involved is fairly intense and time-consuming.
Attack Mode One
For startups
- Social Engineering
- Phishing Expedition
- SQL Injection
- Denial of Service
- Domain &Mail Server Security
- Social Media Scanning
Attack Mode Two
For growing businesses.
- Perimeter Scanning
- Wireless Vulnerability
- LAN Injection
- Access Point Clone
- Finance Manipulation
- Recovery / Resilience Check
Attack Mode Three
No holds barred attack
- Physical Access
- Canary Trap
- Honey Pot Checks
- Director Manipulation
- VoIP & Mobile Clone
- Employee Awareness Seminar
Cyber Security Seminar & Workshop
Informative & Fun.
- Maximum 30 people
- Phishing Demonstration
- Mobile Device Interception
- Account Discovery
- Social Media Manipulation
- Social Engineering
Compare our mission attack plans
| Yellow | Red | Black | |
|---|---|---|---|
| Warm Up | |||
| Information Gathering | |||
| Reconnaissance | |||
| Vulnerability Assessment | |||
| Attack | |||
| Social Engineering | |||
| Phishing | |||
| Perimeter | |||
| Wireless | |||
| Physical | |||
| Additions | |||
| Canary Trap | |||
| Honey Pot | |||
| Penetration Test | |||
| Exploitation | |||
| Evidence | |||
| Final Report | |||
| Extras | |||
| Employee Awareness |
Cyber Security Seminar
If you want something fun and informative to get the security message out to your employees, then look no further than our Cyber Security Seminar, in which our top security expert and ex-hacker demonstrates several of the methods used by cybercriminals around the world to breach network security and sharing their suggestions on how your employees can prevent falling victim to these attacks both in their working environment and at home.
Be prepared for a bit of mischief and mayhem as we take your employees on a whirlwind tour of email spoofing, mobile phone interceptions, password discovery and social media manipulation, plus demonstrate how cybercriminals use simple social engineering techniques against their human targets.
- Seminar handouts + USB
- Online security quiz
- Suitable for up to 30 delegates
Our customers love us, and you will too. Highest quality products , competitive pricing and great service. What more could you possibly want?
Network Security Basics
- Other Useful Resources:
- Action Fraud
- Action Fraud is the UK’s national reporting centre for fraud and cybercrime where you should report fraud if you have been scammed, defrauded or experienced cybercrime in England, Wales and Northern Ireland.
The service is run by the City of London Police working alongside the National Fraud Intelligence Bureau (NFIB) who are responsible for the assessment of the reports and ensuring that your fraud reports reach the right place. The City of London Police is the national policing lead for economic crime. - Link to Action Fraud
- National Cyber Security Centre
- Launched in October 2016, the NCSC has headquarters in London and brought together expertise from CESG (the information assurance arm of GCHQ), the Centre for Cyber Assessment, CERT-UK, and the Centre for Protection of National Infrastructure.
The NCSC provides a single point of contact for SMEs, larger organisations, government agencies, the general public and departments. They NCSC also work collaboratively with other law enforcement, defence, the UK’s intelligence and security agencies and international partners. - National Cyber Security Centre
- MI5 Security Service
- The men and women of MI5 are ordinary people who do extraordinary things. They have a strong public service ethos, yet their work often goes unnoticed in the public domain. They are intensely committed to keeping the country safe, and they are tirelessly professional and ethical in the way they conduct their work.
- MI5 Security Service
- Gov.uk
- The best place to find government services and information
- Link to UK government website
- Centre for the Protection of National Infrastructure
- CPNI’s role is to protect UK national security. We help to reduce the vulnerability of the UK to a variety of threats such as Terrorism, Espionage and Sabotage.
CPNI works with partners in government, police, industry and academia to reduce the vulnerability of the national infrastructure. - Centre for the Protection of National Infrastructure
- Get Safe Online
- Get Safe Online is the UK’s leading source of unbiased, factual and easy-to-understand information on online safety.
Their website is a unique resource providing practical advice on protecting yourself, your computers and mobile devices, and your business against fraud, identity theft, viruses, and many other problems encountered online. It contains guidance on many other related subjects, including performing backups and avoiding theft or loss of your computer, smartphone or tablet.
Every conceivable topic is included on the site, including safe online shopping, gaming, and dating to stay safe with everything you do online. - Link to Get Safe Online
Network Security is the process of taking physical hardware and software preventative measures to protect the underlying network infrastructure from unauthorised access, misuse, modification, destruction, or disclosure.
Mitigating risk and prevention rather than cure is key to creating a secure platform for computers, users and programs to perform their individual functions. In today's business climate, network security must be top of the list of requirements for any I.T manager or online business.
The size of an organisation is usually pretty irrelevant to most computer hackers. However, the kudos of taking on the very biggest corporations is the driving factor behind any network attack for some. Most "unethical" attacks are carried out by individuals motivated by financial or commercial gain. While there are many things an organisation can do to reduce the risk of attack, there is no such thing as being totally un-hackable forewarned is forearmed.
We have over 35 years of experience in network design and systems security and have worked with some of the U.K.'s most prominent government agencies and blue-chip organisations. Our system security & evaluation skills are the same as those employed in signals intelligence and defence intelligence here in the U.K.
Hacktivate.
A white hat hacker is a computer security specialist who breaks into protected systems and networks to test and assess their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them.
The term "white hat" refers to an ethical computer hacker or a computer security expert who specialises in computer & network penetration testing to ensure the security of an organisation's information systems and network. Ethical hacking is a term first coined by IBM to imply a broader category than just penetration testing. Contrasted with the black hat, a malicious hacker, the name comes from Western films, where heroic and unfriendly cowboys would traditionally wear a white or black cowboy hat.
PENETRATION TESTING
- We offer a wide range of "pen test" services tailored to each individual client's needs and system-specific requirements. We thoroughly document the entire testing process and demonstrate system vulnerabilities by adding pre-agreed code to weak points in your corporate network.
- The methods employed by our security specialists will be varied and designed to replicate "real world" attacks, whether by curious individuals or talented hacking teams and government agencies.
ETHICAL HACKING
- Aside from the regular penetration testing service, we also conduct a more aggressive approach to breaking into your corporate network. This may involve social engineering tasks such as employee exploitation or so-called "honey pots" designed to catch the more sophisticated network users.
- Due to differing legislation worldwide, we only offer this service to U.K. based businesses, and only then upon the sanction of the board of directors. We do not provide this service to individual clients or those involved in political activities.
SECURITY CONSULTANCY
- We recognise that not every business has the ability to recruit their own in house security specialist nor has the capacity to do so. With this in mind, we offer a one-to-one consultancy service, where we take that employee's place and can offer practical real-time advice to management or those tasked with providing your I.T services.
- We regularly attend development meetings on behalf of clients and liaise with equipment and software suppliers should this be necessary or beneficial. Our consultancy service also extends to cover all aspects of forensic auditing and data reclamation.
We asked Michael to sort out our telecoms and data at Pinewood Studios; we received such excellent service from his technicians that they now look after all of our UK sites. Very knowledgeable and highly recommended.
Need some help with your security just call the experts
* Advice is always free
0800 640 6042