We are AkimboCore.

We are a cybersecurity start-up with an aim:

To work hard
on the interesting problems
and to automate
the mundane ones.

We're a team of cybersecurity professionals building new ways to perform security testing.

The Problem

Modern organisations are constantly at risk from cybercriminals. Keeping everything up-to-date and locked down is a fundamental part of cybersecurity - but things may get missed and risk may unintentionally be introduced to your systems. To ensure that these issues can be found and fixed quickly, it's critical that your security stance is constantly tested.

Traditional cybersecurity approaches such as penetration testing are often conducted annually, but that isn't in-line with the way that systems and applications are developed. Regular changes and updates can introduce risks faster than those methods can detect.

Our Solution

Launching Winter 2021

We continuously assess your online systems for security weaknesses.

AkimboCore offers Always-on Security Testing. This is a modern approach to cybersecurity that offers the benefits of penetration testing but is more effective, as we apply human intelligence to the complex parts and develop application-specific automation for the mundane tasks.

This allows us to test far more frequently, more much efficiently, and more effectively, when compared to traditional penetration testing. We provide information about your security stance through an online platform that allows you to view the security testing that's taking place, see your organisation's current level of risk, and gain assistance in remediating discovered security issues.

Akimbo Core Dashboard Screenshot

State of the Union

A dashboard shows the current security stance of your organisation, including outstanding issues as well as the on-going security testing work conducted.

Attack Surface Monitoring

New systems are highlighted within the dashboard to ensure they're not missed from the testing scope.

Vulnerability Alerts

As security issues are discovered this is communicated through the dashboard. High risk issues cause vulnerability alerts so you don't miss critical issues.

The Platform

Our system is a complete vulnerability management platform. The platform gives you complete control over your security information.

You can securely share individual issues with third-parties, present a dashboard of current risks to the board, give a read-only view of issues to your auditors, and more.

Optionally - If a new high-risk security issue is discovered, the platform can notify you of the situation - either with an app notification, an email, or text message. Ensuring you never miss anything important.

Akimbo Core Edit Issue Screenshot

Looking to learn more about Cybersecurity?

Controlled Chaos

Major outages in major public cloud providers such as Azure and AWS are rare, but they do happen. Today OVH had a major incident: “OVH datacenter burns down knocking major sites offline” and they’re not the only ones to experience these issues, for example Amazon had a major outage in November and Microsoft had one in September.

This prompted me to write up an article on Akimbo’s recent work building resilience into our platform, so today I’m going to talk a little bit about a couple of the features of AWS that allow for significant resilience and I’m going to do that by running you through my recent experiments on our platform which can be roughly summarised as “Turning things off to see what breaks.”

Read More

SQL Injection Exploitation: Out-of-Band

Out-of-band exploitation refers to exploits where the extracted information is received over a connection other than the one the payload was delivered over. It can be used to bypass defensive technologies as well as complicating the detection and response capability.

SQL Injection can be exploited out-of-band through protocols such as DNS in order to extract database contents. This is particularly useful as an alternative to Time-based exploitation where it can allow for faster extraction.

Read More

Strong Passwords

When performing security tests, we very often come across weak passwords. We often see dictionary words with suffixes such as Welcome1, Password123, or Lockdown2020. We also see "leet" substitutions, such as P@55w0rd, 3l3ph@nt, or L0ckd0wn.

In this post, we break down options for choosing more secure passwords.

Read More

Preventing Windows Accounts Being Bruteforced

In a previous article we discussed how bruteforcing Windows accounts is often easier than people expect. In this post - we'll cover some steps to harden these accounts.

Read More

Securing Wi-Fi Networks

We recently discussed how to break WPA2 keys very quickly using cloud computing. We've also looked at how to use a Rogue AP to capture user credentials from a network using PEAP (MSCHAP).

In this article we'll look at hardening Enterprise wireless networks from these attacks.

Read More

Fixing SQL Injection

SQL Injection is a vulnerability that occurs where user supplied input is insecurely concatenated into an SQL query.

We showed how easy can be to detect in our Finding SQL Injection article, and we’ve run through exploitation in many posts such as our post on Exploiting Error-based SQL Injection.

Read More