1ucr1Hello! We build cybersecurity tools and utilities. These often start as mind machine meanderings, research ideas, project fragments or academic outputs, call it what you like. We are drawn to things such as trust and transparency, and for that very reason, Open Source.
We aim to do a good job with our best endeavors. Once proven, we are happy to onwards license our software over the passage of time.
We usually have a few projects on the boil or at least simmering away. Currently, as of late October 2020, these are:
zED is based upon work we did for the Socitm president in 2017, which checked the dmarc status of councils in the UK. We are, as of Spring 2019 adding to this in order to seek and supply data to WARP members on the TLS and dmarc status of organisations with whom they work. They can then make decisions around data protection while data is in transit.
  • The Digital Certificate SSL/TLS Scanner came out of another larger project/code set that was being worked on.  It was functional very quickly, and as an “alpha” was tested on some local government websites (with the consent of their security people) within a few days of being started. At present, it is a free-to-use service for the local government /broader public sector community. It was officially launched at the ISfL (London WARP) conference in November 2016. The NCSC call it a companion product to their WebCheck product, and is used by many councils, police forces, parts of the NHS, and other bits of the broader public sector, which is nice!
  • Crofton Blue (Rolling 7 day back up tool for Google Backup), work started in January 2018 and is in active use. Google Backup for G-Suite does a great job, backing up changed and new files from desktops, laptops, and servers. However, it does not provide protection against file corruption, which may be discovered some days after it has happened. This tool runs rolling seven-day backups to fix this.  It runs on Raspberry Pi or Linux Distros. There is no further development planned and is available for licensed use.
  • GDAudit aka Google Drive Auditor (part of G-Suite/Workspace), as of summer 2020, this project is now closed. We had been looking for beta test partners. It is focused on finding things in Google G-Suite that breach GDPR regulations and enabling you to report this within the 72 hours available. However, Google reporting has overtaken us, the code is available under license and upon application. 
  • Project 710/MCIR (aka H-Pulse), work started in autumn 2017 and is in pre-alpha or more of a functional primitive at this time. We are unable to say more about it at this time due to the nature of this project – although we can mention that it is a “horizontal reporting and mobilisation” tool that outputs in the form of POC shared with the WARPs and LGA/Socitm.
  • Hemmingway – kinda faded away but learning has been stored and may be morphed in to a new project. 
  • An IDS (Intrusion Detection System) utility work is in effect a functional primitive, and the sensor is picking up intrusions. We have two release candidates. However, we continue to review the best way to alert, report and suppresses the digital noise that this type of system always makes – and keep the price and complexity down – We recommend Canary!  
  • click ME not which was developed over the spring of 2018 based on open source tools like many of our utilities, techniques, and concepts and is now rolled up into our training workshops.
Some things you should know:  We host these services in UK and meet GDPR and DP act requirements in relation to any data stored. We would like you to know that we are working on a response to the Gov.uk/NCSC Cyber Security Principals in relation to things we do and that we do not store any personally identifiable data (PII). Any data we collect, in relation to any service we supply, is stored in such a way that is commensurate with UK Government OFFICIAL – hope that’s okay!
Who are we? Well at this point, around Winter 2020, there are four of us involved in dev-ops spread out around the UK, each with different skill sets, but sharing the core idea of good, simple-to-use cybersecurity tools. We have been around since winter 2016.