Extremus

Extremus

Speciality: Application Security

Salvador, Brazil 5 employees
Visit Website View on LinkedIn
[01] About

Extremus is a Brazil-based cybersecurity firm specializing in offensive security, including penetration testing, red teaming, and advanced security assessments; founded in 2003 with 1 employee, it emphasizes reeducating processes and implementing controls to ensure business continuity in monitored and well-defended environments.

Usamos abordagens ofensivas avançadas para entregar segurança para os nossos clientes, reeducando processos e implementando os controles necessários para garantir a plena continuidade dos negócios. Em ambientes monitorados e bem defendidos as abordagens tradicionais de pentest não produzirão resultados e é justamente nesse ponto que entra o nosso expertise. Estamos habituados a trabalhar em ambientes realmente desafiadores, com diferentes tipos de sistemas de proteção e monitoramento, esses são os ambientes ideais para empregarmos o nosso potencial de avaliação ofensiva. Nosso background é tudo que envolve Cyber Security. DAST - Dynamic application security testing, SAST - Static application security testing, Pentesting, Reverse Engineering, Resposta a Incidentes, Provas de Conceito, Ameaças Persistentes Avançadas e Desenvolvimento de Ferramentas de Segurança de Alto e Baixo Nível. Em mais de duas décadas de existência nos envolvemos em dezenas de projetos na área de cyber security, prestamos serviços de segurança para os mais diversos e variados setores governamentais e privados, e treinamos centenas de profissionais. Trabalhamos alinhados aos melhores Frameworks de segurança do mercado, tais como NIST 800-115, NIST 800-42, OSSTMM 3, OWASP 4.0, ISSAF. Se a sua organização deseja elevar o nível das suas avaliações de segurança entre em contato e vamos avaliar juntos as suas opções. Extremus, hackeando para proteger.
[02] Services
Penetration Testing
On-demand Offensive Tools Creation Services
Binary Exploitation
Ddos Stress Testing
Proofs Of Concept And Custom Offensive Tools
Security Testing In Applications
Reverse Engineering And Binary Exploitation
[03] Certifications
OSWE

OSWE Certification Overview


Origin


The Offensive Security Web Expert (OSWE) certification was created by Offensive Security, the cybersecurity training company behind Kali Linux and the renowned OSCP certification. Introduced in 2018, the OSWE was developed to address the growing need for professionals skilled in advanced web application security and source code review. The certification emerged from Offensive Security's commitment to hands-on, practical training that goes beyond surface-level vulnerability scanning to focus on understanding and exploiting complex web application logic flaws.


Industry Value


The OSWE is highly valued in the cybersecurity industry because it demonstrates an individual's ability to perform white-box web application penetration testing and identify security vulnerabilities through source code analysis. Unlike automated scanning tools, OSWE holders can manually review code in languages like JavaScript, Python, PHP, and Java to discover subtle security flaws that typically evade detection. This certification is particularly prized by organizations with mature security programs, penetration testing firms, and companies requiring deep application security expertise, as it validates practical skills through a challenging 48-hour hands-on exam that requires candidates to exploit real vulnerabilities in live applications.
OSEP

OSEP Cybersecurity Certification


The Offensive Security Experienced Penetration Tester (OSEP) certification was created by Offensive Security, the same organization behind the renowned OSCP certification. Launched in 2020, the OSEP was developed to address the growing need for advanced penetration testing skills that go beyond basic exploitation. The certification was designed to validate professionals' abilities to conduct sophisticated attacks against modern enterprises, including evading security controls, bypassing defenses, and operating in restricted environments.


The OSEP is highly valued in the cybersecurity industry because it demonstrates hands-on expertise in advanced penetration testing techniques used in real-world scenarios. Unlike many theoretical certifications, it requires candidates to complete a challenging 48-hour practical exam where they must compromise multiple targets in a simulated corporate environment. Employers recognize OSEP holders as having proven capabilities in offensive security operations, making it particularly valuable for penetration testers, red team operators, and security consultants who need to demonstrate their ability to identify and exploit complex vulnerabilities in enterprise networks.
OSCP

Origin of the OSCP


The Offensive Security Certified Professional (OSCP) certification was created by Offensive Security, a company founded by Mati Aharoni and other security professionals in 2007. The certification was developed to address the gap between theoretical knowledge and practical penetration testing skills in the cybersecurity industry. Offensive Security designed the OSCP to be a hands-on, performance-based certification that requires candidates to demonstrate actual hacking skills in a controlled lab environment rather than simply answering multiple-choice questions.


Industry Value and Importance


The OSCP is highly valued in the cybersecurity industry because it proves that holders possess real-world penetration testing abilities. Unlike traditional certifications, the OSCP's 24-hour practical exam requires candidates to successfully compromise multiple machines in a simulated network environment and document their findings professionally. This hands-on approach has made it a gold standard for entry to intermediate-level penetration testers, and it's frequently requested or required by employers hiring for offensive security roles. The certification's difficulty and practical nature have earned it significant respect among security professionals and hiring managers.
CRTP

CRTP Certification Overview


Origin and Background


The Certified Red Team Professional (CRTP) certification was created by Pentester Academy (now part of INE Security), founded by Nikhil Mittal. Launched in the mid-2010s, the CRTP was developed to address the growing need for practical, hands-on training in Active Directory security and Windows domain exploitation. Unlike many theoretical cybersecurity certifications, CRTP was designed to provide security professionals with real-world attack simulation skills, focusing specifically on the techniques used by adversaries to compromise enterprise networks.


Industry Value and Importance


The CRTP is valued in the cybersecurity industry for its practical, lab-based approach to red team operations and Active Directory attacks. Employers recognize it as evidence that a professional can perform actual penetration testing techniques rather than simply understanding theoretical concepts. The certification is particularly respected for its focus on Windows enterprise environments, which remain the backbone of most corporate networks. For offensive security professionals, red teamers, and penetration testers, the CRTP demonstrates hands-on capability in privilege escalation, lateral movement, and domain compromise—skills that are directly applicable to real-world security assessments and are increasingly sought after as organizations prioritize proactive security testing.

PNPT
Lpi3 Security
MSCE