SecQuest is an Information Security Consultancy, working with you to understand and address digital or physical security threats, which may affect your company.
We assist any size company, from large corporates to smaller SMEs, all over the world. SecQuest will assist you in protecting your information, securing your systems, and avoiding potential threats.
All of our consultants hold current UK security clearance and are qualified to at least Check Team Member level (via TigerScheme QSTM/CTM).
With over 25 years' experience in the computing industry, Darren’s career started as a Technical Analyst for IBM - communicating with top-level business partners worldwide. He went on to lead large teams of security specialists in Europe, the Middle East & Africa (EMEA) as well as in India for IBM’s X-Force Security practice.
Outside of being an accomplished security expert, Darren volunteers as a crew member for a local lifeboat station.
Previous to co-founding SecQuest back in 2012, Paul specialised as a network engineer, specifically dealing with Novell and Windows networks. He migrated to the security sector within IBM’s "ethical hacking" department and became the Wireless LAN Security Officer for EMEA. Paul is a certified SCADA expert and has years of VSAT experience.
Paul is a technical whiz and even outside of work he enjoys CNC building and programming, Ham Radio (M0EYT) and electronics.
Our breadth and depth of experience allows us to undertake a wide range of security assessments across all IT related fields. We can help your business defend itself against the constant threat of electronic attacks.
SecQuest consultants have worked with large corporate security teams providing testing in a wide range of industry sectors which includes Government, Banking, Advertising, Aerospace, Intellectual Capital Management (ICM), Pharmaceutical, Broadcast, Manufacturing…and everything in between.
.... and everything in between....
Whatever your IT security assessment or health check requirements are, please discuss them with us.
Our services can be customised, creating a bespoke package for your specific requirements. We currently run a number a security assurance programs for a number of large UK businesses.
The SecQuest QuickLook Assessment is a short and affordable network security assessment, designed to look at target devices and systems from the perspective of a hacker.
The QuickLook Assessment usually finds vulnerabilities relating to password policies, security related patches, infrastructure devices, end user workstations and network management systems.
The QuickLook Assessment will take five days to complete and will highlight security weaknesses; demonstrating how hackers can gain access to your data and systems.
The internet is full of threats. It is very important to ensure that any systems connected to the public internet are operating in a secure manner, reducing any risks associated with unauthorised access. This can include script kiddies, automated bots and scanners embedded in malware.
The SecQuest External Infrastructure Assessment can be conducted in a blind (no knowledge) or targeted mode depending on the level of assurance required.
We will examine any devices found in the target network range including routers, switches, application servers and VPN endpoints. Where application servers are identified, assessment will be performed up to the authentication phase.
Wireless connections are extremely popular within any company and there are hundreds of devices that use wireless technology as a form of communication.
The SecQuest Wireless Assessment will review your wireless environment, including infrastructure equipment and client devices (laptop, phone, IoT).
The starting point will be your wireless network. We test encryption, authentication types and see if users can be forced or tricked into connecting to other rogue networks.
We can also assess signal strength, guest wireless network segregation, radio-frequency interference, identification (RFID) and Digital Enhanced Cordless Telecommunications (DECT).
DECT assessments are undertaken when there is suspicion that the DECT devices are subject to eavesdropping attacks. SecQuest can quickly test and demonstrate if this is actually possible and advise on appropriate countermeasures.
Remote access via dial-up used to be a primary method of connection into corporate networks, hardware systems such as HVAC or other environmental control systems. However, PSTN remote access devices and modems often get overlooked as an avenue for attack.
The SecQuest Telephony and Modem Assessment starts with a 'war dialling' exercise, where company number ranges are scanned - looking for modems that respond.
We use the latest in VoIP PBX technology to rapidly dial the target number ranges. Once responsive devices are located, we use a combination of manual and automated techniques to try to gain access to the remote systems.
VSAT (Very Small Aperture Terminal) technology is often used to provide a LAN or WAN extension via satellite. These are commonly found in networks that require real time connectivity to a large number of remote sites or offices covering a large geographic area.
Typically, it is possible to capture traffic directed over the VSAT link including clear text user names and passwords, VoIP calls, SMB network traffic and FTP transfers. During testing it has been found that many VSAT services are not protected against over the air eavesdropping and leak financial and personal data.
The SecQuest VSAT Assessment consists of a configuration review of the satellite modem to ensure it is correctly configured. Following this step, an over the air assessment is conducted to determine if it is possible to receive and demodulate the downlink and if so the kind of information that can be obtained.
The SecQuest iSeries / AS400 Assessment examines the target system from both a network and 'on-system' perspective, to give a complete picture of the system security posture.
Network services are examined to look for misconfigurations or security weaknesses that could allow unauthorised access to the system or its data.
Following this, an on-box assessment is performed, looking at a number of system areas including:
• System value configurations
• DST and SST access
• Application library security
• Operating System Resources
• Adopted authorities
• Spool file and Printer security
• User profile security
• Default or trivial passwords
• User profiles with excessive authorities
• Exit programs
• Inter-system communications
• Inter-LPAR communications
• ODBC and data access configuration
• IBM supplied user profile security
• Security auditing
• Database journals
• Network daemons
• Backup security
Due to the nature of the iSeries system and its business criticality, any misuse resulting in down time or leakage of confidential data could have a significant impact on your business operations.
SecQuest will help you to understand your iSeries security implementation and provide recommendations to improve your iSeries security model.
The SecQuest Internal Infrastructure Assessment examines the security posture of systems inside your network perimeter.
We can examine any devices accessible on the internal network, including routers and switches, servers and workstations, midrange and mainframes, CCTV systems, VoIP systems and physical access control systems.
Security weaknesses and configuration errors could lead to the disclosure of sensitive business information, or cause significant systems outages.
This assessment is carried out from either a blind (no knowledge) or targeted perspective.
A blind assessment can give a 'real world' view as to the state of your network security, but it requires slightly more time - this could be chosen to help answer questions such as ‘what can 3rd party staff members or contractors gain access to on our network?’
A targeted assessment is useful where only certain networks or devices need examination from a security perspective.
An ‘application’ is a front end interface for a user. This can be specific software on a computer (or other hardware) used in banking, schools, web development and retail, to name a few.
Many applications contain programmatic flaws, logic errors or misconfigurations. These coupled with poor user input validation can allow certain features to be bypassed, or permit direct access to databases and other back end systems.
Unintended use of applications can result in fraudulent transactions or corrupt databases, leading to downtime, or other significant inconvenience whilst the problems are rectified - any of these issues can cause brand damage and potential legal issues should personal data be leaked. (Talk-talk, Ashley Madison, Yahoo!)
The SecQuest Application Assessment can assess existing applications that are already deployed, or work with your application developers to check coding and security controls at each stage of the application/software development process.
In recent years, smart mobile device use has increased exponentially. The software and operating systems are becoming smarter and more intelligent; however, the hackers and hacking technology are too.
Is your banking application permitting the storage of screenshots of your account details in a temporary file?
Can your shopping application be manipulated to purchase heavily discounted products?
Are you an application developer and want to check that users cannot circumvent security measures or manipulate client/server communications?
The SecQuest Mobile Application Assessment investigates issues ranging from the installation of applications containing malware to IT departments wanting to ensure that applications are as secure as possible and operating system lock-downs are effective and cannot be bypassed.
Our consultants have experience in testing applications on Android and iOS devices, ranging from online gaming and classic client/server applications to device security and management software.
Even in today's world of broadband network connectivity, radio and microwave links still carry essential data that allows business infrastructure to correctly function.
Many of these links carry telemetry data from utility service providers in order to permit remote command and control of outstations. CCTV Security cameras are often linked back to central control via radio and microwave links, but are these feeds secure?
The SecQuest Radio Link Assessment will test how secure these radio data links are and what happens if they fail, are jammed, or false data is inserted.
Our consultants have extensive radio systems' knowledge and access to a suite of radio frequency test equipment that ensures they can deliver a quality assessment. Our radio systems' lab is equipped with signal generators and sweepers, spectrum analysers (analogue and FFT) and modulation analysers covering up to 18GHz, along with many bespoke items of radio hardware.
SecQuest can also test digital PMR radio systems such as Tetra, APCO-25, Motorola MOTOTRBO™, dPMR® and DECT and offer independent confirmation that they are operating in a secure manner.
Voice over IP (VoIP) technology allows telephone calls to be made over digital computer networks including the Internet.
The SecQuest Voice over IP Assessment will identify if the environment is secure, and check if calls can be intercepted and monitored.
We will investigate and check the authentication, authorisation, dialplan configuration, endpoint configurations and whether it is possible to fraudulently place calls via VoIP switches using malformed requests.
Supervisory Control and Data Acquisition (SCADA) gathers data in real time from remote locations in order to monitor and control industrial equipment.
It is used in many industrial environments, controlling everything from local utility company infrastructure to nuclear power stations.
The SecQuest SCADA Assessment will test network connected PLCs and RTUs operating with many of the standard communication protocols, regardless of the transmission medium (TCP/IP, Serial, Radio Link).
We routinely test SCADA supporting infrastructure and systems including HMI and Historian systems, and also the connectivity to and from corporate infrastructure into SCADA control networks.
SecQuest are officially certified SCADA security consultants.
SecQuest regularly attend and present their research at leading security events, both inside and outside of the UK.
Our consultants can assist with presentations to educate your team or company on topics relating to security or hacking.
We offer security training for staff and secure programming training for developers, helping you to secure your business where it counts.