SERVICES

Our penetration

Discover our main packages:

If you have OT equipment (Scada) or other special needs, we'll work with you to determine the best approach.

To help you,

Depending on the asset to be tested and the underlying need. Of course, we can adapt to your reality. For example, if you already have a vulnerability scanning tool, we think you will really value our Bring your own scanner concept 😉


📌  We would like to emphasize that we do not consider our smallest package as the Cheap option and the most complete package as the Cadillac option. The best package is the one that best suits your needs, that's it. You can count on us to guide you to the best choice(c.f. our no bullshit policy 🤓).The most effective way to determine the best strategy is to have a talk. For that, nothing could be easier, you can choose a schedule that suits you here.

Our “one shot” pentest packages

In this case, a penetration test is performed at a specific time and, once the test and the various related services are delivered, the project is considered complete.

For your

Inclusions:

for your

Inclusions:
We go the extra mile
for your internal network or API

Our annual packages

There are situations where validating your security level once a year is not enough. These packages provide year-round coverage to ensure continuous monitoring of your assets. Generally, we will prioritize this approach for internal networks and APIs.
As a side note, is it presumptuous to tell you that it comes with the pleasure of having us year-round? 🙈 (and we promise, auto-renew is off by default)

for your

Inclusions:
+

We improve your posture

+

Pentest

+

Regular retests

+

Interactive report

Presentation of the results

+

Executive report

+

2h with us after each test to brainstorm on the implementation of recommendations

Assessing the security level of your system is good. Improving it afterwards is better. To help you get started, we rent you the brain of a hacker for 2h after each test to help you adopt the best security strategies.

We simulate a hacking attempt. We use the same techniques and tools as a real hacker with realistic scenarios depending on the situation.

Our penetration tests comply with the methodologies required to obtain TGV, PCI DSS, ISO 27001 or SOC 2 Type II. certification. They are based on the guidelines and practices recommended by OWASP and Offensive Security.

(retest to validate the patches in option)

Whether you make a lot of changes to your API or just need peace of mind, this solution is for you. After the first main penetration test, we retest portions of your API at regular intervals (every month, every quarter, it's up to you). We are talking about tests performed by humans and not automated scans.

Your dedicated online platform for reporting on the list of vulnerabilities and flaws identified during the penetration test

Excels and PDFs are convenient, but being able to manage your vulnerabilities and recommendations directly online is a step up in terms of experience. Your report will be delivered right to your platform (with the export button of course 😉 ).

You will be able to see the list of your flaws fluctuate throughout the tests: fixed flaws disappear and new ones are added. You will be able to manage them in real time.

In a meeting, we explain how we managed to compromise your system and how to correct the situation (in a realistic way and adapted to your business reality) while helping you to take control of the platform.

This report is more like a one pager that gives you a summary of the situation so that you have a formal document attesting that you have carried out the test and what the result is. Ideal to present to your board of directors, your customers or investors.

We go the extra mile
for your API

for your

Inclusions:

Our vulnerability scanning tool for 12 months (automated)

You will have in hand a vulnerability scanning tool for your internal network. You will be totally independent to identify your vulnerabilities. You will discover them with their level of criticality to prioritize patches. The recommendations included will allow you to improve your security posture.

We simulate a hacking attempt. We use the same techniques and tools as a real hacker with realistic scenarios depending on the situation.

Our penetration tests comply with the methodologies required to obtain TGV, PCI DSS, ISO 27001 or SOC 2 Type II. certification. They are based on the guidelines and practices recommended by OWASP and Offensive Security.

Whether you have made significant changes to a part of your network or just want to test another scenario, this test is perfect for you. We're talking about tests performed by humans, not automated scans.

Your dedicated online platform for reporting on the list of vulnerabilities and flaws identified during the penetration test

The scan tool synchronizes directly with this platform so that you can centralize all information.

You will already have access to your list of vulnerabilities with the scan tool. In addition, this 2nd platform improves the management, display and communication of these vulnerabilities. You will also have access to remediation plans with the ability to prioritize according to your business reality. Not to mention the results of your pentest (and other tests if applicable).

No more reports scattered between PDFs and excels, you will have everything in one place.

In a meeting, we explain how we managed to compromise your system and how to correct the situation (in a realistic way and adapted to your business reality) while helping you to take control of the platform.

This report is more like a one pager that gives you a summary of the situation so that you have a formal document attesting that you have carried out the test and what the result is.

Ideal to present to your board of directors, your customers or investors.

2h with us each month to brainstorm on the implementation of recommendations

Assessing the security level of your system is good. Improving it afterwards is better. To help you get started, we rent you a hacker's brain for 2h a month to help you adopt the best security strategies.

Continuous vulnerabilities scan

+
+

Main pentest

+

Second pentest

Interactive report

+

Presentation of the results

+

Executive report

+
+

We improve your posture

We go the extra mile
pour votre réseau interne

for your

Inclusion:
We go the extra mile
pour votre réseau interne

With all our packages, we can add testing of your public IP addresses.

Whether we collaborate year-round or for a one-time project, you will feel like you belong to our team ( this is not coming from us as a comment 🤓 ). 

No client/vendor here, just humans working together to find solutions that make sense. 

We can't wait to talk solutions with you ;)

Bonus:

You already have a tool in place to scan your vulnerabilities? Good job. At your request, we can validate whether this is a good solution for your company. In any case, we will not charge you twice for the same service. If your tool is compatible, we'll even connect it to our reporting platform so you have everything in one place ☺

Yack considers itself

We will never recommend a product to make a cut. We certainly have preferences like 1password or Cloudflare, but we also know when these solutions are not viable in your context. In those cases, we'll bring you more suitable alternatives. 

Likewise, we will gladly refer you to other companies for ISO27001 assessments or awareness training, for example, but we only make the connection. When possible, we will even offer you several alternatives.

A good example of our approach is the bring your own scanner policy; we obviously had to choose a tool that was adapted to our needs and those of our clients. That being said, we don't really like the idea of forcing you to adopt our tool and even less the idea of making you pay the same service twice 😉

Why Yack?

First, for those of you who don't know, the yak is an animal. The energy it radiates (chill with its toupee, but we wouldn't want to piss it off with its horns...) represents us well, and the nerdiest among you might see the little nod to Linux 😉. Of course, Yack's resemblance to Hack is no mere coincidence. It's also a short, punchy name that, once again, sounds like us. Finally, it's a word that earns you 24 points in Scrabble (hello Office de la langue française). Why did you choose .one? In offensive security, all it takes is one attack..."
A little more about us

"Pourquoi Yack?

First, pour ceux qui ne le savent pas, le yack est un animal. L'énergie qu'il dégage (chill avec son toupet, mais on ne voudrait pas l'énerver avec ses cornes...) nous représente bien, et les plus nerds d'entre vous verront peut-être le petit clin d'œil à Linux 😉. Bien sûr, la ressemblance de Yack avec Hack n'est pas une simple coïncidence. C'est aussi un nom court, qui punch, et qui encore une fois, nous ressemble. Enfin, c'est un mot qui te rapporte 24 points au scrabble (bonjour office de la langue française). Pourquoi avoir choisi .one? En sécurité offensive, il suffit d'une (one) attaque..."
Un peu plus sur nous