Teste de Penetração Jobs

I'm seeking a security assessment for my corporate website. The primary concern is phishing attacks. I'm looking for a detailed report and provides actionable recommendations to enhance security. Key Requirements: - Assessment of current security measures (basic) - Identification of phishing vulnerabilities - Recommendations for improvement Ideal Skills and Experience: - Experience with corporate website security - Expertise in phishing attack prevention

Loki Locker has locked the core system files on our main server. Every boot now triggers “Access denied” errors tied to the ransomware, and we can no longer load critical services or reach our data partitions. The immediate goal is to safely decrypt every affected system file without risking further corruption, confirm full file integrity, and then remove any remaining Loki Locker components so the machine can start cleanly again. A full post-recovery report outlining the exact steps taken and tools used will complete the engagement.

I want a thorough penetration test against my organisation’s external-facing infrastructure with the sole objective of uncovering every exploitable vulnerability before anyone else does. The scope is limited to the public IP ranges and cloud assets I will provide; nothing on the internal network is in play this time. You are free to use the standard toolkit—Nmap, Nessus, Burp Suite, Metasploit, custom scripts—so long as the testing remains non-disruptive and fully documented. OWASP and PTES methodology are both acceptable; feel free to blend them if it yields deeper coverage. Deliverables I need: • An executive-level summary that highlights critical findings in plain language. • A detailed technical report listing each vulnerability, proof-of-concept evide...

For this project I'm looking for a VERY competent consultant on Windows systems and (maybe) on ethical hacking. Standard approach is not useful and doesn't solve the task. I want to clarify that the request is made for purely educational and exercise purposes. The goal is to make a client accessible/usable again (ethical hacking techniques). The target client is really closed/blocked. The client is Windows 11 Enterprise 23H2 - Experience Pack 1000 - 64bit (OS build 22631.5908) Actual landscape: - Windows user is not local machine Administrator. - The local disk is encrypted via BitLocker (booting from the outside therefore does not allow reading the data); - BIOS has a password, not known; - Unauthorized applications are not allowed (no possible to install nothing more). - ...

My Shopify account has been compromised, and I need a thorough investigation. Key tasks: - Investigate account access issues - Identify and document unauthorized marketing activities - Provide evidence of account abuse Ideal skills and experience: - Strong background in cybersecurity - Experience with Shopify platform security - Ability to generate detailed investigative reports - Prior experience handling similar security breaches I expect a detailed report with evidence of abuse.

Looking for a Security Specialist to conduct a Grey-Box Penetration Test on a SaaS platform built with Laravel and React. The app helps real estate sourcers package deals using AI and third-party data. The objective of this project is to collate the results of a gray box test, identifying vulnerabilities and weaknesses at minimum in the application's authentication and authorization mechanisms, input validation, state management, access control and encryption of a web application. Testing will focus on identifying potential security risks and providing recommendations for remediation. Scope of Work: • Audit the Authentication/Authorization flow (JWT/Laravel Sanctum). • Test for IDOR and Broken Access Control between user accounts. • Audit API security (integrations ...

I’m running an upskilling program for mid-level IT engineers and need an experienced cybersecurity practitioner to host live, practical sessions online. The cohort already grasps the fundamentals; they now want to dive deeper into Network Security, Application Security, and Cloud Security through real-world demonstrations, guided labs, and discussion of current threats. You should be based in Pune, Mumbai, Bengaluru, Chennai, or Hyderabad so we can stay in the same time zone and All teaching will take place online. Time commitment is light but consistent—about 1-2 hours each week, preferably in the evenings or on weekends. I’ll provide a virtual lab environment; your role is to design and deliver a concise curriculum, walk the class through tool-driven exercises (Wiresh...

I’m running an upskilling program for mid-level IT engineers and need an experienced cybersecurity practitioner to host live, practical sessions online. The cohort already grasps the fundamentals; they now want to dive deeper into Network Security, Application Security, and Cloud Security through real-world demonstrations, guided labs, and discussion of current threats. You should be based in Pune, Mumbai, Bengaluru, Chennai, or Hyderabad so we can stay in the same time zone and All teaching will take place online. Time commitment is light but consistent—about 1-2 hours each week, preferably in the evenings or on weekends. I’ll provide a virtual lab environment; your role is to design and deliver a concise curriculum, walk the class through tool-driven exercises (Wiresh...

I’m bringing a multi-layer system back online—a native PHP-MySQL web backend that drives a Node.js WebSocket service and a client-management console. Before launch, the entire codebase needs a deep security sweep, but the web backend is my first target. I suspect hidden backdoors and unpatched vulnerabilities; I need them located, removed, and the fixes thoroughly documented. There’s no existing audit playbook, so I rely on you to propose and carry out a full methodology that mixes code review, penetration testing, patching, and verification. The environment is classic XAMPP (Apache, PHP, MySQL/MariaDB) with a standalone Node.js layer handling real-time connections, so hands-on experience with that exact stack is essential. Deliverables • A concise audit plan out...

I am conducting an authorised security assessment on a website that currently sits behind Cloudflare. The owner has given me written permission to verify how well the service hides the origin server, and my first objective is simple: locate the true, routable IP address of that server. What I need from you • Discover the origin IP without disrupting production traffic or triggering any Cloudflare security events. • Confirm that browsing directly to the uncovered IP renders the site identically to the public domain (same content, layout, and functionality). • Provide a concise report describing the exact approach—whether you relied on passive DNS enumeration (dig, SecurityTrails, Shodan etc.), historical records, sub-domain leakage, server misconfiguration, or ...

I need a seasoned PHP security specialist to comb through an existing application, locate and remove every hidden backdoor, then harden the code so it stands up to malicious probing—SQL Injection is my top worry. Once the cleanup is finished, you’ll redeploy the patched build to my live PHP stack and confirm that all features operate normally under real traffic. A successful engagement means: • a brief, private report pinpointing each issue you discovered and how you neutralised it • a fully patched source tree returned to me, ready for version control • the application running stably on my server, with verification that the fixes prevent the SQL Injection vectors you identified Please come prepared with practical exploitation knowledge, the usual security ...

Project: Beta-Stage Web Application Security Setup Role Needed: Web Application Security Engineer Project Overview I’m preparing a coaching-based web platform for public beta and need an experienced professional to implement industry-standard security best practices suitable for handling sensitive user data. The application is built using a modern low-code/no-code frontend with Supabase as the primary backend and database. Custom SQL integrations via secure APIs are possible if needed. Objective Prepare the platform for public beta by implementing professional, scalable security foundations that: Protect user and client data Build trust with end users Lay groundwork for future enterprise compliance (SOC 2 / ISO later — not required now) Scope of Work (Deliverables) ...

Project Overview I’m looking for an experienced WordPress developer to perform a forensic audit and cleanup of a site that previously used custom developer-created code and automation. After a hosting migration, the site experienced admin access issues, login loops, and plugin behaviour reverting unexpectedly. Hosting support stabilised access but confirmed that custom plugins and non-standard configurations existed and fall outside their support scope. An automated deployment mechanism has been removed, but I need confirmation that no residual scripts, hooks, or configurations remain that could overwrite files, revert settings, or affect admin access. Scope Audit custom plugins, theme code, and mu-plugins Check for role/capability filters and forced redirects As...

I need help with my ethical hacking homework, specifically in network security. The task involves penetration testing on a Local Area Network (LAN). Requirements: - Expertise in ethical hacking and penetration testing. - In-depth knowledge of network security protocols. - Ability to identify and exploit vulnerabilities within a LAN. Ideal Skills: - Certified Ethical Hacker (CEH) or equivalent certification. - Experience with penetration testing tools (e.g., Metasploit, Nmap). - Strong understanding of network architecture and security measures. Please provide a detailed plan and any relevant experience.

I have just released , a zero-knowledge SaaS that lets freelancers and companies exchange secrets (.env files, API keys, etc.) through client-side AES-256 encryption, self-destructing links, Slack notifications and a small CLI. To make sure everything works—and is as secure as advertised—I need two to three sharp-eyed testers to put the free tier through its paces from both desktop and mobile browsers. What I’d like you to do • Create and share secrets, view them before and after expiry, and upload files in the Pro-mode flow. • Try every edge case you can think of: malformed inputs, long filenames, simultaneous opens, expired links, clipboard interactions, potential encryption bypasses, URL leakage—you name it. • Note any UI or UX rough spots, ...