Skip to content
Hello! We build cybersecurity tools and utilities. These often start as mind machine meanderings, research ideas, project fragments or academic outputs, call it what you like. We are drawn to things such as trust and transparency, and of course, Open Source for this very reason.
We aim to do a good job, our best endeavours, and are happy to onwards license our software once proven, over the passage of time.
We usually have a few projects on the boil or simmering away so to speak. Currently, as of late january 2020, these are:
zED is based upon some work we did for the Socitm president in 2017, which checked the dmarc status of councils in the UK. We are, as of Spring 2019 are adding to this tooling and seek to supply data to WARP members on the TLS and dmarc status of organisations with whom they work, so they can make decisions around data protection while data is in transit.
The Digital Certificate SSL/TLS Scanner came out of another larger project/code set that was being worked on. It was functional very quickly, and as an “alpha” was tested on some local government websites (with the consent of their security people) within a few days of being started. At present, it is a free to use service for the local government /broader public sector community. It was officially launched at the ISfL (London WARP) conference in November 2016 – The NCSC call this a companion product to their WebCheck product, and is used by many councils, police forces, parts of the NHS and other bits of the broader public sector, which is nice!!
GDAudit has been in development since Autumn 2014. It is now in beta and we are looking for beta partners. We heard about a problem that arose with a major drive file migration to a new domain. Links were broken and new links were created, which no one knew about. It was a bad day for all those involved. Our thoughts started small, in the Google script language, but grew into PHP running on the Google Application Developers stack. We now have a couple of test sites and are looking for a Beta site right now… This tool is also key in your Google G-Suite GDPRs reporting – do not get caught out!
click ME not was developed over the spring of 2018 and is in beta, we seek beta partners. It is a phishing training tool, for end users, based on open source tools like many of our utilities. While there are commercial offerings in this area (phishing attack end user prevention training), they can be expensive. As a practical response to various discussions, we made this one. The focus of the project is to run phishing attacks as training/guidance for public sector staff on a cost recovery basis. It is brandable to match your “house style”, cost-effective, flexible and can be customised to meet end-user training needs in terms of the type of attack, ie malicious downloads, credentials grab etc. All technical infrastructure is cloud-based in the UK, and is a fixed cost, with no upper or lower limit on email targets.
Crofton Blue (Rolling 7 day back up tool for Google Backup), work started in January 2018 and is in active use. Google Backup for G-Suite does a great job, backing up changed and new files from desktops, laptops, and servers. However, it does not provide protection against file corruption, that may be discovered some days after it has happened. This tool runs rolling seven-day backups to fix this. It runs on Raspberry Pi or Linux Distros.
Complete – Project 710/MCIR (aka H-Pulse), work started in autumn 2017 and is in pre-alpha or more of a functional primitive at this time. We are unable to say more about it at this time due to the nature of this project – although we can mention that it is a “horizontal reporting and mobilisation” tool that outputs in the form of POC shared with the WARPs and LGA/Socitm, Hemmingway – kinda faded away but learning has been stored and may be morphed in to a new project. Also as of Jan 2020 our Website scanner a new utility launched at the ISFL Annual conference in November 2017. We got to beta for websites and CMS sites using WordPress.
Aborted – An IDS (Intrusion Detection System) utility work is in effect a functional primitive, and the sensor is picking up intrusions. We have two release candidates. However, we continue to review the best way to alert, report and suppresses the digital noise that this type system always makes – oh, and keep the price and complexity down – We recommend Canary!
Some things you should know:
We host these services in UK and meet GDPR and DP act requirements in relation to any data stored. We would like you to know that we are working on a response to the Gov.uk/NCSC Cyber Security Principals in relation to things we do and that we do not store any personally identifiable data (PII). Any data we collect, in relation to any service we supply, is stored in such a way that is commensurate with UK Government OFFICIAL – hope that’s okay!
Who are we? – well at this point – as of around summer 2019 there are four of us involved in dev-ops spread out around the UK, with different skill sets, but sharing the core idea of good, simple to use cybersecurity tools, we have been around since winter 2016.