Delivering World Class
Offensive Security Assessments

Advanced Security For Advanced Threats

High Quality. Fair Prices. Full Transparency.

About Us

Nanorisk is a UK based Cyber Security Consultancy providing a wealth of world-class knowledge, expertise, and experience in Cyber Security. We provide a wide variety of comprehensive Vulnerability Assessment, Penetration Testing, Red Team and Research based services. Our team of dedicated security consultants deliver a top tier testing capability as well as strong mitigation advice and guidance. We aim to be the 1%. Offering high quality professional services at a fraction of the cost of other consultancies. We'll find the vulnerabilities in your organisation before the bad guys do! Advanced Security for Advanced Threats.

At Nanorisk we believe in three core values:
Quality
Price
Transparency
READ MORE
7M +
Rise in Cyberattacks
3M +
Skills Shortage in Cybersecurity
$7B +
Ransomware Impact

How We Work

1. Initial Communications

An introduction will be given and the client will be provided with 4 documents:

  • Offered Services
  • Example Report
  • Terms and Conditions
  • Project Plan

2. Agree Scope

Various interactions must be undertaken, by phone, email, video etc. The purpose of these interactions is to determine the exact requirements for the assessment, to discuss the assets within scope, the types of testing required and for any other details to be provided. Nanorisk will use this information to create a scope and quote in terms of project days required.

3. Document Signing

A ‘Statement Of Works’ document is provided. At this stage the client must review and complete the following sections:

  • Executive Summary
  • Project Scope & Pre-Requisites
  • Project Quote
  • Project Authorisation

4. Assessment Delivered

The assessment will be carried out based on the ‘Statement Of Works’ provided and agreed upon. Contact will be maintained with the client throughout unless agreed otherwise. The client will be notified immediately should any Critical, High or findings with significant interest be discovered.

5. Report Completed

A report will be created and completed for the assessment carried out. This will be in the same format as that shown in the example report. Any specific report formatting requests must be made before this stage is completed such as adding custom client logos or information etc.

6. Report QA & Delivery

The report will be submitted internally into our QA (Quality Assurance) system in order to ensure no small grammatic mistakes exist and to help maintain a high quality reporting process. Once QA is completed the report will be delivered to the client using a transmission method specified in the scoping document.

7. Invoice & Additional Work

The project invoice will be delivered to the client along with further information on additional work suggested and offered by Nanorisk. Retesting is also provided as an option at this point in order to help retest mitigated discovered vulnerabilities. Should retesting be chosen this will be scheduled during the wash-up call.

8. Wash-Up Call

A call, either via phone or video call, will be provided in order to help talk through the report once the appropriate team has had chance to digest the information within. This is a good chance for developers or other technical staff to discuss findings in detail and for Nanorisk to provide any additional help and support as required.

9. Invoice Paid

The client is expected to pay the invoice within 30 days of receipt unless otherwise explicitly stated during the engagement.

Our Services

Vulnerability Scanning

Vulnerability Scanning provides you with an overview of vulnerabilities present in your systems. By using state of the art automated vulnerability scanners we can detect the latest vulnerabilities, allowing you to mitigate them before they're exploited by adversaries.

Penetration Testing - Infrastructure

Our Infrastructure Assessments are broken into various individual services, each specialising on a specific infrastructure element. From an Open Source Intelligence Gathering exercise, scouring the deepest parts of the web for leaked data, right through to escalating our privileges on your internal network. There will most definetly be a service in here to help make your infrastructure more secure!

Penetration Testing - Application

Applications play a huge part in an organisation's attack surface. Web Applications, Web Services and Mobile Applications are a key area which threat actors will attempt to exploit into order to gain a foothold into the organisation's internal systems. Our Application offering will help to ensure this doesn't happen, by discovering and documenting vulnerabilities existing in these systems we'll ensure you are protected in no time!

Penetration Testing - Social Engineering

People are often said to be the weakest element in an organisations attack surface. With our Social Engineering services we'll put this to the test! We offer a customisable range of Phishing, Smishing and Vishing services to really find out how vulnerable you are! Building each Social Engineering campaign with you to suit your specific requirements.

We also have a dedicated service offering to Physical Security Assessments, coming on site and using specialised entry tools and tactics in an attempt to gain access to a location, or compromise physical machines.

Specialised Services

Our most advance service offerings are very specialised and highly customisable to your specific requirements. Our Full Spectrum Attack Scenarios including Red Teaming and Purple Teaming work alongside your Computer Incident Response Teams (CIRT) or Security Operations Center (SOC) to ensure you are getting the most out of these engagements. Depending on whether Red or Purple Teaming is chosen will determine on how we work with your internal teams to detect, mitigate and prevent future attacks.

Other services we include in this offering include Web3.0 Security Assessments where we'll perform auditing of Blockchain Smart Contracts, Ransomware Simulation where we'll test the SOC's ability to deal with such scenarios, iOT Security Assessments where we'll use cutting edge techniques to Reverse Engineer and develop PoC exploits against the technology at various levels, and Operational Technology Security Assessments focusing on discovering vulnerabilities with Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.

Cyber Essentials & Cyber Essentials Plus

Coming Soon

Vulnerability Scanning

Vulnerability Scanning provides you with an overview of vulnerabilities present in your systems. By using state of the art automated vulnerability scanners we can detect the latest vulnerabilities, allowing you to mitigate them before they're exploited by adversaries.

Penetration Testing - Infrastructure

Our Infrastructure Assessments are broken into various individual services, each specialising on a specific infrastructure element. From an Open Source Intelligence Gathering exercise, scouring the deepest parts of the web for leaked data, right through to escalating our privileges on your internal network. There will most definitely be a service in here to help make your infrastructure more secure!

Penetration Testing - Application

Applications play a huge part in an organisation's attack surface. Web Applications, Web Services and Mobile Applications are a key area which threat actors will attempt to exploit into order to gain a foothold into the organisation's internal systems. Our Application offering will help to ensure this doesn't happen, by discovering and documenting vulnerabilities existing in these systems we'll ensure you are protected in no time! 

Penetration Testing - Social Engineering

People are often said to be the weakest element in an organisations attack surface. With our Social Engineering services we'll put this to the test! We offer a customisable range of Phishing, Smishing and Vishing services to really find out how vulnerable you are! Building each Social Engineering campaign with you to suit your specific requirements.

We also have a dedicated service offering to Physical Security Assessments, coming on site and using specialised entry tools and tactics in an attempt to gain access to a location, or compromise physical machines.

Specialised Services

Our most advance service offerings are very specialised and highly customisable to your specific requirements. Our Full Spectrum Attack Scenarios including Red Teaming and Purple Teaming work alongside your Computer Incident Response Teams (CIRT) or Security Operations Center (SOC) to ensure you are getting the most out of these engagements. Depending on whether Red or Purple Teaming is chosen will determine on how we work with your internal teams to detect, mitigate and prevent future attacks.

Other services we include in this offering include Web3.0 Security Assessments where we'll perform auditing of Blockchain Smart Contracts, Ransomware Simulation where we'll test the SOC's ability to deal with such scenarios, iOT Security Assessments where we'll use cutting edge techniques to Reverse Engineer and develop PoC exploits against the technology at various levels, and Operational Technology Security Assessments focusing on discovering vulnerabilities with Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.

Cyber Essentials & Cyber Essentials Plus

Coming Soon...

Industries - We Work With All Industries

Client's Reviews

Unparalleled Service in Security Assessments

We have had the privilege of engaging with several companies for Security Assessments and Penetration Testing, and without a doubt, Nanorisk has proven to be the most reliable and trustworthy partner.

What sets Nanorisk apart is not just their technical expertise, but also the clarity and precision with which they deliver their services. The reporting for both the initial testing and retest reportsis exceptionally clear and easy to understand. This level of transparency is invaluable, providinginsights to strengthen any organisations security posture effectively.

Nanorisk's commitment to excellence is further exemplified by their outstanding customer service. From the beginning of our engagement, the team has consistently demonstrated adedication to client satisfaction that surpassed our expectations. Their communication style is clear and concise but also tailored to ensure that even the most complex security issues areconveyed in an understandable manner.

One of the standout qualities of Nanorisk is their rapid response to all questions and queries. In an industry where time is of the essence, their agility in addressing concerns has been instrumental. It's evident that Nanorisk value client relationships by promoting an environment of trust and collaboration.

In conclusion, we wholeheartedly endorse Nanorisk for their unparalleled reliability in Security Assessments and Penetration Testing. Their expertise, coupled with exceptional customer service, makes them the go-to partner for any organisation serious about safeguarding its digital assets.

Rob Kneller

Director @ Kit365 Limited

We contracted Nanorisk to provide our annual penetration test and will be continuing the working relationship with them moving forwards. Ben was fantastic from the initial conversation discussing our infrastructure and use-case of each component to communicating throughout the test ensuring we were happy and kept up to date with everything going on. When the test was completed we received a full comprehensive report outlining any issues found with how it was found and suggested resolutions. Overall we were very happy with the service provided by Nanorisk!

James Scott

Systems and Network Operations Manager @ TripIQ

The LMA engaged Nanorisk to conduct an overall cyber security assessment. Primarily to benchmark our current posture and provide a baseline for organisational risk exposure and the prioritisation of any remedial works.

Nanorisk competently worked to understand our architecture and systems as part of a scoping exercise with minimal disruption to business operations. The exercise commenced, running to schedule with regular engagement to ensure any issues were dealt with promptly. We were particularly impressed when an area of potential concern was immediately raised with us midway through the assessment. The report was of a high standard with actionable steps identified to remediate identified vulnerabilities. Nanorisk spent the time post assessment discussing various aspects of the report which provided context and assisted with the risk management process.

We can wholeheartedly recommend Nanorisk for their professionalism, attention to detail and timely delivery.

Rory Carlton

Head of Projects and Programmes at Loan Market Association (LMA)

Contact Us

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.