Ressources

Interesting tools to help you

On this page, we share tools, training and resources that can help you improve your level of cybersecurity.

You can also check out our blog for more content. We do our best to bring you relevant content (no, our articles aren't written by ChatGPT 😉 ).

Basic tools_

Whatever the size of your organization, these are tools that can really help you improve your level of security. The basic functions of these tools do not require advanced technical expertise.
This free tool lets you know if your email, or one from your domain, ends up in a known data breach. You can also schedule notifications to be informed of upcoming ones. So you can be reactive and change your passwords to avoid an account compromise.
Read more
1password
Using a password manager can solve a lot of problems. We're often asked which one we prefer. Without a doubt, 1password tops the list for its UX, functionality and the family accounts that come with it. And it's a Canadian company!
Read more
cloudflare
Cloudflare offers a lot of features, but it's the security aspect that we're focusing on. Put your website behind Cloudflare and you'll have protection against DDoS attacks and a WAF. Its Zero Trust offer is also very interesting. Free up to 50 users.
Read more

Advanced tools_

The tools suggested below require more advanced technical skills. We use them regularly for our penetration tests, but they can also be very useful from a more defensive perspective. And bonus, they're free tools😉

PS: no, this section is not sponsored by Semperis. They're just very strong on the free material they provide 🤓
bloodhound
You'll be able to analyze relationships and permissions structures in Active Directory environments. In short, it creates a visual map of potential attack paths in a network, enabling pentesters to discover how an attacker might gain elevated privileges and move laterally across the network.
Read more
purpleknight
You can analyze the security posture of Active Directory by checking a series of essential security controls. It helps you identify vulnerabilities and misconfigurations that could be exploited by attackers. Semperis offers a number of other highly relevant fee-based products for securing your AD (we're partners needed).
Read more
forest-druid
Forest Druid simplifies the management of attack paths in hybrid Active Directory and Entra ID environments, by focusing on the paths leading to the Tier 0 perimeter. This makes it possible to prioritize critical assets by identifying excessive permissions without having to scrutinize every user-group relationship.
Read more

These tools are a gold mine for making you more autonomous in managing your security. They can, however, be a challenge to implement the first time, and you may miss out on interesting features if you're not familiar with them. Helping you get to grips with these tools can be one of the consultations included in your penetration testing package. Let's discuss it together 🤓

Courses_

Using the right tools is essential to protecting your business. That said, developing the right skills in your teams is essential to help you. Here are a few training courses we highly recommend to our customers (if applicable, of course).
apisecuniversity
You'll find short, free and high-quality training courses on the fundamentals of API security, the TOP 10 OWASP APIs, PCI DSS compliance issues, etc. If you're working on APIs, it's time well spent, and it's going to make the pentester swear a bit more during the next test 😉
Read more
Semperis
Not a training course, but a comprehensive glossary on Active Directory security. Many terms and concepts are well explained. Always handy to have on hand when reading reports or content on AD.
Read more
Resolock_logo
Social networks are often overlooked in cybersecurity initiatives. Yet they have become a vital part of corporate life. Here you'll find free, step-by-step guides to securing each of your accounts on the various social networks. These are guides for personal accounts, but they're a good starting point for everyone.
Read more

Why Yack?

First, for those of you who don't know, the yak is an animal. The energy it radiates (chill with its toupee, but we wouldn't want to piss it off with its horns...) represents us well, and the nerdiest among you might see the little nod to Linux 😉. Of course, Yack's resemblance to Hack is no mere coincidence. It's also a short, punchy name that, once again, sounds like us. Finally, it's a word that earns you 24 points in Scrabble (hello Office de la langue française). Why did you choose .one? In offensive security, all it takes is one attack..."
A little more about us

"Pourquoi Yack?

First, pour ceux qui ne le savent pas, le yack est un animal. L'énergie qu'il dégage (chill avec son toupet, mais on ne voudrait pas l'énerver avec ses cornes...) nous représente bien, et les plus nerds d'entre vous verront peut-être le petit clin d'œil à Linux 😉. Bien sûr, la ressemblance de Yack avec Hack n'est pas une simple coïncidence. C'est aussi un nom court, qui punch, et qui encore une fois, nous ressemble. Enfin, c'est un mot qui te rapporte 24 points au scrabble (bonjour office de la langue française). Pourquoi avoir choisi .one? En sécurité offensive, il suffit d'une (one) attaque..."
Un peu plus sur nous