Contact us:
Akimbo Cast - Ep.2 Breaking Through


Akimbo Testing Logo

Penetration Testing Services

Akimbo Core are a Penetration Testing company offering world leading cybersecurity testing services, as well as cybersecurity training and consultancy, with our team of UK experts.

When it comes to locking down systems, there's a lot to keep track of and it's easy to miss something. Plus with so many different options for approaching cybersecurity, it can be difficult to know what is the best approach to achieve your goals. Our Penetration Testing service can give you confidence in your security stance. We'll work with your team, to tailor our approach to what you're trying to achieve.

Our PenTesting Services

Web Applications

With many companies now relying heavily on web and mobile applications the impact of a security vulnerability in one of these systems can be devastating. We offer testing for web technologies, covering everything from simple brochure websites to complex web applications and Application Programming Interfaces (API).

Learn More


Whether you're looking to secure an on-prem internal network or your external infrastructure services. We can perform security testing of your systems. These reviews can cover internet-based threats, or the risks from guests, visitors, and disgruntled staff.

Learn More

Cloud Security

With so many companies moving workloads to major cloud platforms such as Azure and AWS, it's important to keep on top of your cloud security. We offer cybersecurity testing against cloud hosted applications, and infrastructure, as well as the cloud configuration itself.

Learn More


WiFi networks are just another weak point in networks that can be targeted by attackers. We can review the configuration, encryption, and signal bleed of wireless networks to ensure that they're hardened against attack. As well as performing segmentation attacks to jump between networks.

Learn More

Firewall Reviews

Many organisations networks are configured to rely on strong perimeters; if your firewall is poorly configured then attackers may target services thought to be protected. Firewall reviews ensure that the device and its ruleset are properly hardened.

Learn More

Cybersecurity Assessment Services

Our Security Review services help organisations ensure that their approach to cybersecurity covers all the key details needed to keep their organisation safe. These are not penetration testing services, but instead are open-book reviews designed to highlight weaknesses within your approach and offer guidance on improving your security maturity.

Build Reviews

Staff leaving laptops unlocked over lunch or unattended on trains. What's the worst that can happen? We can review device builds to ensure they are secured against local vulnerabilities such as privilege escalation and that staff members can only access the resources they're authorised to.

Learn More

Cybersecurity Maturity Review

We review your security stance in four key objectives against incidents of best practice, to provide an action plan of improvements to increase your overall security maturity.

Learn More

Active Directory Security Reviews

Active Directory is a critical part of most organisations network security, as it controls authentication and authorisation across the network – we'll help ensure that it's locked down.

Learn More

Want to get in touch?

If you'd like to talk to the team about cybersecurity testing, get in touch below:

Name *
E-mail *
Message *

Looking to learn more about Cybersecurity?

What do you mean by "Threat Actor"?

Habitually in our articles we use the term “Threat Actors” where you might expect us to use a term like “attacker” or “cybercriminal”. So why do we do that? In short, we find that threat actor is a more accurate term where something like “cybercriminal” may, in some cases, be overly specific.

You see, there are a whole bunch of different individuals and groups out there which may cause damage to an organisation that the term “cybercriminal” might not cover. So, who might target your organisation?

Read More

Hardening SSL/TLS: Common Certificate Issues

I recently wrote a quick start guide to hardening SSL/TLS configurations, to help people to better understand all the different aspects of securing their transport layer security configuration – however, during that article I skipped over a big section: SSL Certificates.

In this article, we’ll focus on the certificates themselves and the impact of common certificate issues. It’s also worth noting that whilst they’re commonly called “SSL Certificates”, we learned in the last article that of course all version of SSL should be disabled, since we know SSL was deprecated in 2015 and is “comprehensively broken”.

Therefore, if you prefer the term “TLS Certificate”, or even the technically more accurate “X.509 Certificate” then that’s great – but you’ll rarely see the latter term used outside of technical documentation, it seems “SSL Certificate” has stuck as the common term.

Read More

Hardening SSL/TLS: Common SSL Security Issues

Secure Sockets Layer (SSL) was a protocol designed to protect network traffic in transit, however it was superseded by Transport Layer Security (TLS) in 1999. These protocols are well-known for protecting web traffic with HTTPS. However, they can be used to protect lots of different kinds of traffic, for example they can also be used to protect email traffic, instant messaging, and more.

Read More

Hashcracking with Hashcat and AWS

A couple of years ago I wrote an article about hashcracking with Hashcat and AWS; but that was back on Ubuntu 16.04 and it involved manually compiling the packages. So I thought I’d best update it for Ubuntu 22.04 and why not use the Nvidia ubuntu repos to make things easier too.

Read More

Preventing Username Enumeration

First of all, what is username enumeration? It is when a web application has a feature that allows a user to supply a username and the application will disclose (not necessarily intentionally) if the username is valid or not. This is closely related to Username Disclosure, except in the latter the application is including valid usernames in server responses in some way, which allows a threat actor to determine a username is valid without having to specify it first themselves. Both of these are an issue and both should be addressed.

Read More

Multifactor Authentication (MFA)

An authentication factor is something that is supplied to verify an identity – the most common example of an authentication factor is a password, a secret word used to authenticate yourself for access to an account. Multi-factor authentication is the requirement to supply several factors during authentication. This is often called “Two Factor Authentication” (2FA) as, most commonly, two factors are required, but it could, in some instances, be more and so MFA is the more general term.

Read More