渗透测试 Jobs

Our in-house team built the first cut of a transport ERP with Claude and ; it works for demos, but I now need it production-ready for real fleets and paying clients. Infrastructure – Deploy the application on Amazon Web Services. Please provision the full stack (compute, managed database, object storage, CI/CD) under my account, attach our domain, and issue a valid SSL certificate. A nightly snapshot and disaster-recovery plan must be in place before go-live. Core application hardening The logistics modules—inventory, fleet, fuel tracking, and invoicing—occasionally break under concurrent use. Your first task is to trace and remove those stability issues, then verify that multi-user roles and the audit-log engine behave consistently across all transactions. Securit...

Our BGMI (Battlegrounds Mobile India) infrastructure occasionally freezes when traffic surges. I want to put a permanent stop to that by building a preventive DDOS shield that covers every critical touch-point—login, in-game communication, and matchmaking. You will begin with a quick audit of the existing network layout and traffic patterns, then design and deploy a solution that blocks volumetric and application-layer attacks before they can overwhelm the servers. I expect minimal additional latency for legitimate players, clean documentation of every rule or service introduced, and a repeatable playbook I can apply to new nodes as we scale. Deliverables • Security architecture diagram and written rollout plan • Hardened configurations applied to the login, game, a...

I need a seasoned ethical hacker to carry out a full-scope security assessment of my environment. The end goal is simple: uncover any vulnerabilities before malicious actors can exploit them, then give me clear, actionable steps to fix them. Please outline your relevant experience when you reply—real-world projects, certifications (e.g., OSCP, CEH), and any notable results will help me understand how you approach engagements like this. Scope • Reconnaissance and vulnerability discovery • Exploitation and privilege escalation (within agreed boundaries) • Post-exploitation risk analysis • Clean, well-structured reporting that ranks issues by severity and urgency Deliverables 1. Executive-level summary (non-technical) 2. Detailed technical report...

I need a small, purpose-built payload that I can inject into my own desktop application to probe for buffer-overflow weaknesses. Off-the-shelf fuzzers such as libFuzzer, AFL, or similar suites are off-limits for this exercise; the whole point is to rely on clean, hand-written C code and low-level debugging techniques. You’ll be working on a recent Linux distro where I can give you SSH access to a hardened test VM. Expect to spend most of your time inside vim, gcc, and gdb (remote debugging with gdbserver is fine if you prefer). The program you’ll attack is closed-source to everyone except you and me, so everything must stay in userspace—no kernel tricks, no external libraries that do the heavy lifting. What I’m after • A minimal C source file (or small set ...

I'm looking to secure my corporate website. The entire site needs security improvements to ensure it is SURBL compliant. Requirements: - Assess current security vulnerabilities - Implement necessary measures to achieve SURBL compliance - Provide a detailed report of issues found and resolved Ideal Skills and Experience: - Expertise in corporate website security - Familiarity with SURBL compliance requirements - Experience with vulnerability assessment and remediation

My encrypted Excel workbook needs a realistic security workout. The file is protected with AWS, not sure what exact security is there, and I want to be confident that an unpaid or otherwise unauthorised user could not slip past that single control. The scope focuses on breaking the protection that could ultimately give an outsider access to the file without the key. Please capture every step, tool, and timeframe you use. Deliverables • Replicable proof-of-concept showing how access was (or was not) gained • A concise report summarising methods attempted, level of effort, and recommendations for hardening the workbook against similar attacks If the bypassing period is too short, the project will not end till we improve the security ourself and retest it with you If you...

Busco un profesional con experiencia real en recuperación de webs comprometidas, hardening de servidores Linux, seguridad web y configuración avanzada de Cloudflare. Hemos sufrido un ataque: comprometieron nuestra web y el servidor fue infectado hasta el punto de que terminó participando en un ataque DDoS hacia terceros. Como consecuencia, Google marcó nuestro dominio como spam, pese a que antes teníamos una reputación muy buena. Situación actual Tenemos una copia de seguridad completa de la web. Disponemos del servidor con Ubuntu 24.04. La web ya estaba detrás de Cloudflare, pero aun así fue comprometida. Necesitamos volver a publicar la web, dejarla plenamente operativa y blindar la infraestructura al máximo. Qu&eacu...

My encrypted Excel workbook needs a realistic security workout. The file is protected only through its built-in encryption, and although the information inside is not sensitive, I want to be confident that an unpaid or otherwise unauthorised user could not slip past that single control. The scope focuses on phishing-style techniques and any other avenue that could ultimately give an outsider access to the file without the key. Feel free to explore password-guessing, token harvesting, or creative social engineering paths—as long as they stay within legal and ethical boundaries and are fully documented. Please capture every step, tool, and timeframe you use. Deliverables • Replicable proof-of-concept showing how access was (or was not) gained • A concise report summa...

I need a certified ethical hacker to put my production web application through a thorough vulnerability assessment. The assignment is strictly white-hat: you will have full, written authorization to probe the app so long as no customer data is altered or deleted. My sole objective is to identify every exploitable weakness you can find—misconfigurations, logic flaws, injection points, broken authentication, anything that could be abused in the real world. Tools such as Burp Suite, OWASP ZAP, Nikto, or custom scripts are welcome as long as the methodology is reproducible and aligns with current OWASP Top 10 practices. Deliverables • A clear, well-structured report that lists each vulnerability, proof-of-concept evidence, severity ranking, and recommended remediation steps....

I am currently working on a cybersecurity-focused project and am seeking an experienced professional or company to collaborate with. The ideal partner should have strong expertise in penetration testing (pentesting) and the ability to provide and/or develop cybersecurity software solutions. Scope of Work: Perform penetration testing on systems and applications Identify vulnerabilities and provide detailed security reports Develop or integrate cybersecurity tools and software Support the design and development of secure applications Recommend best practices for strengthening overall security posture Requirements: Proven experience in penetration testing and vulnerability assessment Strong background in cybersecurity tools and frameworks Experience in developing cybersecurity application...

I am running a strictly white-hat engagement across several of my own iOS devices that sit on different networks and domains. The goal is to push each target as far as an ethical penetration test will allow and document every weakness uncovered. Scope • App-layer probing, OS-level hardening checks, and live network traffic inspection are all in scope. • Devices run iOS 15 (and below) as well as iOS 16, none are jailbroken and most are managed through MDM profiles. • You will have remote access or shipped test builds where needed; I can provision enterprise certificates if required. What I need from you Experience breaking down Apple’s security stack, from app sandboxing through kernel mitigations and transport-layer defenses. A comfort level with tools such a...

I’m part of Get Solution in the Kingdom of Saudi Arabia, and our team has just completed an AI-powered auditing platform that now needs a rigorous, soup-to-nuts test cycle before we take it to market. I want you to exercise the product exactly as our future users and auditors will, then hand back clear evidence of anything that slows them down, breaks, or leaves a security hole behind. What has to be covered – Functionality: you will craft and run unit, integration, and full-scale performance tests that stress every microservice, API, and data pipeline. – User Experience: walkthroughs for end users, our own internal staff, and external third-party auditors, noting friction points, confusing flows, and accessibility gaps. – Security: a focused penetration and ...