A fresh approach to all things I.T and with over 35 years of experience Zero42 will provide the perfect solution for any business.
Book an appointment
Raise a support ticket
A range of I.T services specially designed for home users, including sales, service, tuition and repairs.
Book a home visit
Raise a remote support ticket
Everyone needs a little extra help with technology now and again and as real I.T experts, Zero42 will support you every step of the way.
Our best selling items are all in one place.
Cyber security seems to be in the headlines so much more these days, from organised hacking groups to destructive and costly ransomware, state-sponsored attacks and lone cybercriminals we have seen it all.
Penetration testing is a modern-day necessity, and this is where someone friendly like us probes your company's entire I.T systems landscape to expose weaknesses, so you can plug any gaps before any outside threats maliciously target them, think of it as paying an "ethical" hacker to break into your systems so you can learn how they got inside.
Unlike most penetration testing firms, Zero42 specialises in helping small to medium-sized businesses uncover what threatens them the most and the steps required to protect themselves, with a host of services that even the non-I.T savvy will understand.
No two penetration test missions are the same, there are far too many variables but here are the steps each engagement will follow to give you some kind of idea of the work involved.
Both sides agree on the scope of engagement and what is on and off-limits within our mission, after all, you may have some stuff you wish to hide.
Planning always takes time, we work hard to gather as much information about our target as possible and that means watching how your business interacts digitally as well as the people around you.
During this phase of the attack, we interact with our chosen targets and send probes deep into your digital infrastructure, we look for weaknesses in open ports and systems with social engineering and manipulation just like a rogue attacker would.
Once the vulnerabilities have been identified we then carefully check each one in turn for access and to see which are exploitable and which provide us with the best leverage into the very heart of your infrastructure.
Now that we are inside your networks, we like to make sure that we can maintain access and move around without setting off any alarms or raising suspicion and that means replicating our methods of entry or creating our very own hidden entry points.
This is the phase where actual damage could be done, a real cyber attacker would try to get hold of data, compromise your systems and launch malicious code. Our experts will not however cause mayhem or do damage but prefer instead to leave behind little gifts for you to collect or pick up any flags you may have left for us.
Now we have compromised most if not all of your systems, we put together evidence of our exploits in a digital scrapbook which you get to keep. This book will provide you and your team with insight into the methods used, and the information gathered.
The final part of the penetration test is the generation of a comprehensive report detailing each of our exploits and providing you with best practices of how to prevent further attacks. We could always go further [additional fees apply] and actually implement any changes for you, or maybe run one of our fun security seminars to help educate your staff on how to best protect the business and themselves.
We have three main packages, these fit the majority of end-user scenarios but we will also custom design something different for you if you prefer.
Our basic penetration testing exercise, with everything a small business requires to evaluate security threats and assess weaknesses.
Our ever popular enhanced penetration testing package includes everything a business needs to determine potential threats and weaknesses including easy to access infrastructures such as wifi, CCTV and mobile.
Our ultimate penetration testing package, with no-holds-barred, we will simulate real-world coordinated attacks on your business data and your entire I.T landscape.
We only take on a few BLACK packages each year, as the workload involved is fairly intense and time-consuming.
For growing businesses.
No holds barred attack
Informative & Fun.
You are required to provide a suitable venue to host our seminar & workshop with forward-facing seating for every delegate. It also helps if delegates have a suitable flat writing surface, being seated behind tables is ideal.
Small groups of 20 or less work best, but each seminar is suitable for up to 30 delegates.
• Delegates are encouraged to bring laptops, tablets or mobile phones
These additional penetration testing terms are to be read in conjunction with our main set of trading terms & conditions available from the footer menu throughout our website.
THE PENETRATION TESTING SERVICE AND OUR OBLIGATIONS
Important We only accept penetration testing requests from owners/senior partners/directors of companies who will be asked to sign a declaration of authority before any reconnaissance is allowed to take place. We strongly suggest that none of your employees is aware of our involvement as this helps produce the most accurate results, and it is often best to meet with us well away from your place of business.
Zero42 shall provide the penetration testing service to the client, which the client agrees to accept and pay for, including:
The performance of security assessment services against pre-defined targets specified by the client's authorised director or business owner whose name appears on the declaration of authority. This may include any or all of the following: Business I.T infrastructure, including websites, servers, NAS, networking equipment, buildings, email addresses, telephone numbers, P.C.s, laptops, mobile devices, printers, door entry systems, CCTV, wifi, Bluetooth, logic controllers etc
Zero42 agrees not to test any targets without the client's prior authorisation.
Vulnerability scanning performed by Zero42 can take place at any time within the scope of the contract.
The client may choose to stop penetration testing at any time, either via email or telephone, and Zero42 will endeavour to cease testing as soon as this is practically possible.
Zero42 shall deliver the penetration testing service with a high degree of skill, competence and expertise and both responsibly and professionally, and shall use its best endeavour not to change or amend any applications, data, programs or components of the client's network or computer system (including hardware and software).
Zero42 shall ensure that any person involved in the provision of the penetration testing service shall have experience appropriate to the tasks to which they are allocated.
Zero42 will immediately notify the client via either email or telephone of any critical vulnerability that exposes the client to immediate risk of compromise or which exposes the client to immediate risk of reputational, financial or operational loss.
Zero42 shall not conduct any intentional Denial of Service (DoS) testing at any time unless specifically requested to do so by the client.
Zero42 shall keep logs of actions taken and in line with its data retention procedure; these shall be retained, along with all other client files, for six years and then destroyed. Details of vulnerabilities found will be destroyed once the final report has been written and accepted.
Zero42 shall store all client data within a secure data centre in the United Kingdom or other E.U. state, complying with ISO 9001, ISO 27001 and ISO 27018 standards. All client data will be encrypted using industry-standard encryption algorithms.
VULNERABILITY SCANNING BY ZER042
Vulnerability scanning is an asset discovery and vulnerability management service provided by Zero42 to the client.
The client assumes full responsibility for the accuracy of the targets provided to Zero42 for vulnerability scanning. The client shall ensure the targets provided to Zero42 (even those identified by Zero42's sub-domain enumeration tools) are the client's property or have written consent to permit Zero42 to commence vulnerability scanning all targets.
The client accepts any liability that may arise from the vulnerability scanning of targets provided, which are not the client's property, or that the client did not have written consent to commence vulnerability scanning upon.
Absolute Phishing by Zero42
Absolute phishing is an automated simulated phishing service provided by Zero42 to the client.
The purpose of the simulated phishing email is to mimic a real-world phishing attack, enticing the targeted recipient to open the email, click a link in the email (the link being to a Zero42-owned domain), and the entering of credentials into one of our web forms.
The client grants Zero42 the right to send benign simulated phishing emails to all the email addresses provided by the client.
Because phishing is not a test of technical email defences such as phishing or spam detection. It is the client's responsibility to ensure that each phishing email is not blocked by any defences that may be in place and that the sending domain of the simulated phish is sale listed by any relevant technologies and mail service providers. Zero42 accepts no responsibility for the deliverability or otherwise of the simulated phishing emails.
Zero42 records only the actions taken by individuals concerning the simulated phishing campaigns and does not record any data inputted, such as credentials.
The client is expressly forbidden to add simulated phishing targets of individuals outside of their organisation.
Zero42 shall not be liable for the accuracy of the target email addresses provided by the client. Any emails delivered to individuals in error shall be the client's sole responsibility.
The client accepts any liability that may arise from the simulated phishing of individual targets submitted in error.
The client further accepts any liability that may arise from running any of the campaigns against individuals in your organisation.
The client grants Zero42 the right to perform security assessment services against authorised targets. Zero42 will not be held responsible for any incorrectly entered target information.
The client understands Zero42 shall only identify vulnerabilities that are already known at the date on which any tests are carried out and capable of being exposed by the range of testing tools and methodologies deployed by Zero42. The client accepts that it is in the nature of security assessment services that there may be vulnerabilities that will be uncovered in the future or by the use of alternative tools and attack methodologies, none of which could usually be identified at the time of testing, and therefore agrees that it shall not, now or in the future, hold Zero42 liable for such vulnerabilities.
The client shall identify and disclose to Zero42 any third parties that may conceivably be affected by Zero42 testing activities and any damages and/or loss of service caused by the client's failure to identify and/or disclose such third parties shall remain the sole responsibility of the client. The client, therefore, indemnifies Zero42 against all and any costs or damages howsoever arising from non-disclosure.
The client shall ensure that targets are the client's property or shall be fully responsible for obtaining written consent to test the targets from the legal owner before authorising such targets for testing. Zero42 will not be held responsible for any incorrectly entered target information.
The client shall immediately notify Zero42 of any unexpected event or out-of-scope problems that may impact Zero42 or the service delivery.
The rights provided to the client under any agreement are granted to the client only and shall not be considered granted to any subsidiary or holding company of the client.
The client understands it has sole responsibility for the adequate protection and backup of data and/or equipment used in connection with Zero42 penetration test services and will not make a claim against Zero42 for lost data, re-run time, inaccurate output, work delays or lost profits resulting from the service.
Each party may be given access to confidential information from the other party to perform its obligations under the agreement. ("Confidential Information") means proprietary or confidential information and is either clearly labelled as such or identified as confidential information. Confidential information shall not be deemed to include information that: (a) is or becomes publicly known other than through any act or omission of the receiving party; or (b) was in the other party's lawful possession before the disclosure; is lawfully disclosed to the receiving party by a third party without restriction on disclosure; is independently developed by the receiving party, which independent development can be shown by written evidence; or is required to be disclosed by law including but not limited to The Freedom of Information Act 2000.
Each party shall hold the other's confidential information in confidence and, unless required by law, not make the other's confidential information available to any third party or use the other's confidential information for any purpose other than the implementation of the agreement.
Each party shall take all reasonable steps to ensure that the other's confidential information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of the agreement.
Neither party shall be responsible for any loss, destruction, alteration or disclosure of confidential information caused by any third party.
The client acknowledges that details of the service, and the results of the service, constitute Zero42's confidential information.
LIABILITY AND INDEMNITIES
The client shall indemnify and keep indemnified Zero42 (its officers, directors and employees) against all claims, costs, expenses, damages and losses (including reasonable legal and other professional fees) which may arise as a result of any claim made against Zero42 (its officers, directors and employees) and arising out of or in connection with the client's breach of its obligations, representations, warranties or covenants under the agreement.
The client shall not hold Zero42 liable for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, punitive, incidental, indirect or consequential loss, costs, damages, charges or expenses however arising under the agreement.
Zero42's total aggregate liability arising in connection with the performance or contemplated performance of this agreement shall be limited to the entire Service Fee paid for the service during the twelve (12) months immediately preceding the date on which the claim arose.
Subject only to Zero42 exercising reasonable due diligence and in using reasonable endeavours to procure any Third Party Services required in connection with the service ("Third Party Services") on the best available terms, Zero42 shall have no liability to the client to the extent Zero42 cannot perform its obligations to the client under this agreement because of any failure, outage or interruption in such Third Party Services nor shall Zero42 be liable to the client in respect of any breach of the contract and in relation to any matter which is wholly or primarily within the control of any provider of Third Party Services.
Amended 26th March 2022
If you want something fun and informative to get the security message out to your employees, then look no further than our Cyber Security Seminar, in which our top security expert and ex-hacker demonstrates several of the methods used by cybercriminals around the world to breach network security and sharing their suggestions on how your employees can prevent falling victim to these attacks both in their working environment and at home.
Be prepared for a bit of mischief and mayhem as we take your employees on a whirlwind tour of email spoofing, mobile phone interceptions, password discovery and social media manipulation, plus demonstrate how cybercriminals use simple social engineering techniques against their human targets.
Our customers love us, and you will too. Highest quality products , competitive pricing and great service. What more could you possibly want?
Network Security is the process of taking physical hardware and software preventative measures to protect the underlying network infrastructure from unauthorised access, misuse, modification, destruction, or disclosure.
Mitigating risk and prevention rather than cure is key to creating a secure platform for computers, users and programs to perform their individual functions. In today's business climate, network security must be top of the list of requirements for any I.T manager or online business.
The size of an organisation is usually pretty irrelevant to most computer hackers. However, the kudos of taking on the very biggest corporations is the driving factor behind any network attack for some. Most "unethical" attacks are carried out by individuals motivated by financial or commercial gain. While there are many things an organisation can do to reduce the risk of attack, there is no such thing as being totally un-hackable forewarned is forearmed.
We have over 35 years of experience in network design and systems security and have worked with some of the U.K.'s most prominent government agencies and blue-chip organisations. Our system security & evaluation skills are the same as those employed in signals intelligence and defence intelligence here in the U.K.
A white hat hacker is a computer security specialist who breaks into protected systems and networks to test and assess their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them.
The term "white hat" refers to an ethical computer hacker or a computer security expert who specialises in computer & network penetration testing to ensure the security of an organisation's information systems and network. Ethical hacking is a term first coined by IBM to imply a broader category than just penetration testing. Contrasted with the black hat, a malicious hacker, the name comes from Western films, where heroic and unfriendly cowboys would traditionally wear a white or black cowboy hat.
We asked Michael to sort out our telecoms and data at Pinewood Studios; we received such excellent service from his technicians that they now look after all of our UK sites. Very knowledgeable and highly recommended.
* Advice is always free