Pengujian Penetrasi Jobs

I need to obtain hard-to-reach details—specifically the IP address, associated phone number, and any location-related information—linked to one particular Telegram account. Standard OSINT searches have already been exhausted, so I’m explicitly open to advanced, purely technical hacking techniques that dig directly into Telegram traffic or MTProto behaviour. If this is within your skill set, tell me how you would approach the task, which tools or exploits you prefer to leverage, and what minimal input you require from my side (e.g., username, recent message, session file). Deliverables • Verified current or last-seen IP address for the target account • Recovered phone number (or clear statement if technically impossible) • Any additional address or geo...

I need a thorough, methodical security assessment of my production-ready web application. The goal is to expose any weaknesses before launch, demonstrate real-world exploitability, and give me a clear, prioritized plan for remediation. Scope • Full application security testing: authentication, authorization logic, input validation, business-logic flows, session management, server configuration, and third-party integrations. • Black-box techniques are fine, but I can supply test credentials for deeper analysis if that helps you reach code paths hidden behind login. • Industry-standard tooling such as Burp Suite, OWASP ZAP, Nikto, or your preferred commercial scanner is expected, followed by manual verification so I’m not just getting automated false positives. ...

My iPhones and several smart-home devices have almost certainly been compromised. Unexplained behaviour, network slow-downs and repeated password lockouts suggest an active intrusion that I have not been able to stop remotely. I need an experienced cyber-security professional to visit in person, trace the breach and leave every device—and the Wi-Fi network itself—clean, secured and fully documented. What I expect during the visit • A thorough forensic check of each affected iPhone and the smart-home hub/gear, including router or mesh nodes you judge relevant. • Immediate containment and removal of any malicious profiles, apps, firmware or network configurations you uncover. • Clear advice on whether each device can be salvaged or should be replaced, follow...

I'm seeking a security assessment for my corporate website. The primary concern is phishing attacks. I'm looking for a detailed report and provides actionable recommendations to enhance security. Key Requirements: - Assessment of current security measures (basic) - Identification of phishing vulnerabilities - Recommendations for improvement Ideal Skills and Experience: - Experience with corporate website security - Expertise in phishing attack prevention

Loki Locker has locked the core system files on our main server. Every boot now triggers “Access denied” errors tied to the ransomware, and we can no longer load critical services or reach our data partitions. The immediate goal is to safely decrypt every affected system file without risking further corruption, confirm full file integrity, and then remove any remaining Loki Locker components so the machine can start cleanly again. A full post-recovery report outlining the exact steps taken and tools used will complete the engagement.

For this project I'm looking for a VERY competent consultant on Windows systems and (maybe) on ethical hacking. Standard approach is not useful and doesn't solve the task. I want to clarify that the request is made for purely educational and exercise purposes. The goal is to make a client accessible/usable again (ethical hacking techniques). The target client is really closed/blocked. The client is Windows 11 Enterprise 23H2 - Experience Pack 1000 - 64bit (OS build 22631.5908) Actual landscape: - Windows user is not local machine Administrator. - The local disk is encrypted via BitLocker (booting from the outside therefore does not allow reading the data); - BIOS has a password, not known; - Unauthorized applications are not allowed (no possible to install nothing more). - ...

My Shopify account has been compromised, and I need a thorough investigation. Key tasks: - Investigate account access issues - Identify and document unauthorized marketing activities - Provide evidence of account abuse Ideal skills and experience: - Strong background in cybersecurity - Experience with Shopify platform security - Ability to generate detailed investigative reports - Prior experience handling similar security breaches I expect a detailed report with evidence of abuse.

Looking for a Security Specialist to conduct a Grey-Box Penetration Test on a SaaS platform built with Laravel and React. The app helps real estate sourcers package deals using AI and third-party data. The objective of this project is to collate the results of a gray box test, identifying vulnerabilities and weaknesses at minimum in the application's authentication and authorization mechanisms, input validation, state management, access control and encryption of a web application. Testing will focus on identifying potential security risks and providing recommendations for remediation. Scope of Work: • Audit the Authentication/Authorization flow (JWT/Laravel Sanctum). • Test for IDOR and Broken Access Control between user accounts. • Audit API security (integrations ...

I’m running an upskilling program for mid-level IT engineers and need an experienced cybersecurity practitioner to host live, practical sessions online. The cohort already grasps the fundamentals; they now want to dive deeper into Network Security, Application Security, and Cloud Security through real-world demonstrations, guided labs, and discussion of current threats. You should be based in Pune, Mumbai, Bengaluru, Chennai, or Hyderabad so we can stay in the same time zone and All teaching will take place online. Time commitment is light but consistent—about 1-2 hours each week, preferably in the evenings or on weekends. I’ll provide a virtual lab environment; your role is to design and deliver a concise curriculum, walk the class through tool-driven exercises (Wiresh...

I’m running an upskilling program for mid-level IT engineers and need an experienced cybersecurity practitioner to host live, practical sessions online. The cohort already grasps the fundamentals; they now want to dive deeper into Network Security, Application Security, and Cloud Security through real-world demonstrations, guided labs, and discussion of current threats. You should be based in Pune, Mumbai, Bengaluru, Chennai, or Hyderabad so we can stay in the same time zone and All teaching will take place online. Time commitment is light but consistent—about 1-2 hours each week, preferably in the evenings or on weekends. I’ll provide a virtual lab environment; your role is to design and deliver a concise curriculum, walk the class through tool-driven exercises (Wiresh...

I’m bringing a multi-layer system back online—a native PHP-MySQL web backend that drives a Node.js WebSocket service and a client-management console. Before launch, the entire codebase needs a deep security sweep, but the web backend is my first target. I suspect hidden backdoors and unpatched vulnerabilities; I need them located, removed, and the fixes thoroughly documented. There’s no existing audit playbook, so I rely on you to propose and carry out a full methodology that mixes code review, penetration testing, patching, and verification. The environment is classic XAMPP (Apache, PHP, MySQL/MariaDB) with a standalone Node.js layer handling real-time connections, so hands-on experience with that exact stack is essential. Deliverables • A concise audit plan out...

I am conducting an authorised security assessment on a website that currently sits behind Cloudflare. The owner has given me written permission to verify how well the service hides the origin server, and my first objective is simple: locate the true, routable IP address of that server. What I need from you • Discover the origin IP without disrupting production traffic or triggering any Cloudflare security events. • Confirm that browsing directly to the uncovered IP renders the site identically to the public domain (same content, layout, and functionality). • Provide a concise report describing the exact approach—whether you relied on passive DNS enumeration (dig, SecurityTrails, Shodan etc.), historical records, sub-domain leakage, server misconfiguration, or ...

I need a seasoned PHP security specialist to comb through an existing application, locate and remove every hidden backdoor, then harden the code so it stands up to malicious probing—SQL Injection is my top worry. Once the cleanup is finished, you’ll redeploy the patched build to my live PHP stack and confirm that all features operate normally under real traffic. A successful engagement means: • a brief, private report pinpointing each issue you discovered and how you neutralised it • a fully patched source tree returned to me, ready for version control • the application running stably on my server, with verification that the fixes prevent the SQL Injection vectors you identified Please come prepared with practical exploitation knowledge, the usual security ...

Project: Beta-Stage Web Application Security Setup Role Needed: Web Application Security Engineer Project Overview I’m preparing a coaching-based web platform for public beta and need an experienced professional to implement industry-standard security best practices suitable for handling sensitive user data. The application is built using a modern low-code/no-code frontend with Supabase as the primary backend and database. Custom SQL integrations via secure APIs are possible if needed. Objective Prepare the platform for public beta by implementing professional, scalable security foundations that: Protect user and client data Build trust with end users Lay groundwork for future enterprise compliance (SOC 2 / ISO later — not required now) Scope of Work (Deliverables) ...

Project Overview I’m looking for an experienced WordPress developer to perform a forensic audit and cleanup of a site that previously used custom developer-created code and automation. After a hosting migration, the site experienced admin access issues, login loops, and plugin behaviour reverting unexpectedly. Hosting support stabilised access but confirmed that custom plugins and non-standard configurations existed and fall outside their support scope. An automated deployment mechanism has been removed, but I need confirmation that no residual scripts, hooks, or configurations remain that could overwrite files, revert settings, or affect admin access. Scope Audit custom plugins, theme code, and mu-plugins Check for role/capability filters and forced redirects As...