← Home Security — mamoru, to protect

We find the flaw before the attacker.

Pentest, vulnerability analysis, privacy compliance and social engineering — with method and reports the board understands.

Why security

Every growing operation accumulates attack surface: integrations, exposed APIs, scattered credentials and people clicking on what they shouldn’t. Security is not a product you buy — it is the continuous practice of finding the weakness before it is exploited. We work both offensively (find the flaw) and defensively (close it), always with proof and clear priority.

How we work

Reconnaissance, controlled exploitation, documentation and remediation. No generic scanner report: every finding comes with a proof of concept, business impact and a step-by-step fix. We go to the genba — the real environment — because the vulnerability that matters is the one in your operation, not the one in theory.

What we do

Security services.

01

Pentest (Intrusion Testing)

We simulate real attacks — black, grey and white box — on networks, web apps and APIs. Controlled exploitation, proof of concept and a remediation plan prioritized by risk.

02

Vulnerability Analysis

Continuous mapping of the attack surface (infrastructure, systems and dependencies), severity classification (CVSS) and guided remediation — not just the list, the path.

03

Ransomware (Data Hostage)

Prevention, detection and recovery against data hostage-taking: immutable, tested backups, network segmentation, lateral-movement monitoring and a response plan. If the worst happens, you restore operations — without paying ransom.

04

Privacy Compliance (LGPD)

Mapping of personal data, impact assessment (DPIA), policies and technical compliance from collection to disposal. Privacy by design, not by patch.

05

Social Engineering

Controlled phishing campaigns, pretexting and awareness testing. The human link is tested and trained — never blamed.

06

Hardening & Incident Response

Server hardening, secure configuration and incident response. We close the doors the test opened and prepare the team for the next round.

07

Technical + Executive Reports

Two levels: technical, with evidence and reproduction; executive, with business risk and priorities. Language the board understands.

Ransomware · Data hostage

Before, during and after the attack.

Ransomware is not “if”, it’s “when”. The difference between a scare and a shutdown is preparation — and the ability to restore without paying ransom.

Before

Prevention

  • Immutable, tested backups — the 3-2-1 rule
  • Network segmentation and least privilege
  • MFA, patch management and phishing-hardened email
  • Inventory and classification: know what to protect first
During

Containment

  • Lateral-movement detection and immediate isolation
  • Response plan triggered — roles and decisions already defined
  • Preserve evidence; don’t pay on impulse
  • Controlled communication (legal, privacy authority if personal data is involved)
After

Recovery

  • Clean-backup restore within the agreed RTO/RPO
  • Forensics: how it got in, what it touched, which gap to close
  • Honest post-mortem and hardening of what failed
  • Operations back — without funding the crime
3-2-1 rule: 3 copies of the data, on 2 different media, with 1 off-site (offline/immutable).  ·  RPO — how much data you can afford to lose.  RTO — how fast you need to be operating again. We define both before the incident and actually test the restore — a backup never restored is not a backup.
Incident response

From alarm to learning.

When something happens, improvising is expensive. We follow a defined flow — each step with an owner and decisions agreed in advance.

1

Preparation

Plans, access and backups ready before they’re needed.

2

Detection

Identify the incident, its scope and severity.

3

Containment

Isolate to contain the spread.

4

Eradication

Remove the threat and close the entry gap.

5

Recovery

Restore and validate operations (RTO/RPO).

6

Lessons

Pós-morte honesto e hardening do que falhou.

Who leads

Academic rigor, offensive practice.

The security we deliver comes from cutting-edge scientific training and the Israeli-school method — a world reference in cybersecurity.

USP
Doctorate

Scientific rigor and state of the art — real research behind every analysis.

ITA
Engineering

Engineering method forged at one of the country’s most demanding schools.

Ben-Gurion University
Israeli school

Approach inspired by the Israeli offensive-cybersecurity methodology (Beer Sheva).

What you get

A report that turns into action.

We don’t deliver a scanner PDF. We deliver clarity to decide and a path to fix.

Executive report

Risk view for the board: what’s at stake, priorities and business impact — no jargon.

Technical report

Every finding with evidence, CVSS score, step-by-step reproduction and the recommended fix.

Remediation plan

A list prioritized by risk × effort — what to fix first and how, not just what’s wrong.

Validation retest

We confirm the fix closed the door — and that nothing new opened in the process.