Freelancers using Kali Linux
Freelancers using Kali Linux
Sign Up
Post a job
Sign Up
Log In
Filters
1
Projects
People
Dragos Moruz
Timișoara, Romania
Seasoned cybersecurity leader.
5.0
Rating
4
Followers
Follow
Message
Seasoned cybersecurity leader.
1
Free Vulnerability Scanning Demo - Instant Security Insight
1
26
2
Firewall Configuration & Rule Review
2
17
1
Security Testing for iOS and Android Mobile Applications
1
14
1
Automated Vulnerability Scanning and Security Assessment
1
8
Kali Linux
(6)
Follow
Message
Ahmed Khan
Lahore, Pakistan
Cybersecurity specialist with ability to identify flaws
New to Contra
Follow
Message
Cybersecurity specialist with ability to identify flaws
0
I discovered a stored cross-site scripting (XSS) vulnerability in a practice web application's comment section that allowed me to inject malicious JavaScript that would execute in any user's browser. By submitting a comment containing a script payload, I successfully stole session cookies from other users and could have hijacked their accounts, performed actions on their behalf, or defaced the website. This finding was documented in a comprehensive report including proof-of-concept screenshots showing cookie theft, CVSS risk scoring of 6.5 (Medium), and step-by-step remediation guidance including input sanitization and output encoding. This assessment demonstrates my ability to find client-side vulnerabilities that can compromise every user visiting the site.
0
34
0
I discovered a SQL injection vulnerability in a practice web application that allowed me to bypass the login system and access the entire user database without any credentials. By inserting a simple payload into the username field, I successfully logged in as the first user in the database and extracted sensitive information including usernames, password hashes, and user email addresses. This finding was documented in a detailed report with proof-of-concept screenshots, risk analysis showing potential data breach impact, and step-by-step remediation guidance including parameterized queries and input validation. This assessment demonstrates my ability to find critical database vulnerabilities that could expose thousands of customer records.
0
32
0
During a security assessment of a practice web application, I discovered an exposed FTP directory with directory listing enabled, revealing multiple sensitive files including a password database, backup configurations, compiled source code, and error logs. After finding a clue in robots.txt, I navigated to the /ftp directory and documented over ten exposed files with their associated risks. My final report included an executive summary, detailed findings with screenshots, risk ratings for each exposed file, and step-by-step remediation guidance including disabling directory listing and removing sensitive data. This finding highlights how simple misconfigurations can lead to critical data exposure.
0
35
0
I discovered an Insecure Direct Object Reference (IDOR) vulnerability in a practice web application that allowed unauthorized users to access other people's private snippets simply by changing a number in the URL. Using whatweb and manual inspection, I identified parameter tampering points and successfully accessed private data for five different users without authentication. The finding was documented in a comprehensive report including executive summary, technical details with screenshots, CVSS risk scoring, and step-by-step remediation instructions. This assessment demonstrates my ability to find broken access controls that automated tools miss and deliver clear, actionable fixes.
0
43
Kali Linux
(4)
Follow
Message
MD MESBAUL ISLAM
Dhaka, Bangladesh
Certified Penetration Tester | Web, Mobile & API Sec. Expert
New to Contra
Follow
Message
Certified Penetration Tester | Web, Mobile & API Sec. Expert
0
Capture The Flag (CTF) Challenge Development & Competition Support Designed and developed hands-on Capture The Flag (CTF) challenges for cybersecurity competitions, covering multiple domains such as web exploitation, cryptography, reverse engineering, OSINT, forensics, and binary exploitation. Assisted in planning, testing, and hosting the competition to ensure a smooth participant experience. Responsibilities: Created original CTF challenges with varying difficulty levels Developed flags, hints, and challenge validation Tested challenges for stability and fairness Assisted with competition infrastructure and event support Prepared write-ups and solutions for post-event learning Outcome: Successfully contributed to a well-organized CTF event that provided participants with practical, real-world cybersecurity challenges and an engaging learning experience.
0
8
0
Mobile Application Penetration Testing (VAPT) Conducted a comprehensive Mobile Application Penetration Test to assess the security of Android/iOS applications and their backend APIs. Identified and validated multiple Critical and High-risk vulnerabilities through manual and automated testing. Scope of Work: OWASP Mobile Top 10 testing Authentication & authorization testing API security assessment Insecure data storage analysis SSL/TLS & certificate pinning validation Session management and business logic testing Professional VAPT reporting with PoC and remediation guidance Outcome: Delivered a detailed VAPT report with verified findings, business impact analysis, proof of concept (PoC), and prioritized remediation recommendations to help improve the application's security and resilience against real-world attacks.
0
12
1
Web Application Vulnerability Assessment & Penetration Testing (VAPT) Performed a comprehensive Web Application VAPT to identify and validate security vulnerabilities through manual and automated testing. The assessment uncovered multiple Critical and High-risk vulnerabilities that could lead to unauthorized access, data exposure, and business impact. Scope of Work: OWASP Top 10 security testing Authentication & authorization testing API security assessment Session management analysis Business logic testing Manual exploitation and validation Professional VAPT reporting with risk ratings, PoC, and remediation guidance Outcome: Delivered an executive-level security report containing verified findings, proof of concept (PoC), business impact analysis, and actionable remediation recommendations, enabling the client to strengthen their overall security posture.
1
50
0
Account Takeover (ATO) via Token Vulnerability Identified a critical Account Takeover (ATO) vulnerability during web application and API penetration testing of a financial platform. By exploiting insecure token validation, I gained unauthorized access to user accounts without credentials. Key Findings: Weak token validation Missing session/device binding No token expiration or rotation Impact: Unauthorized account access, financial data exposure, and fraud risk. Outcome: Delivered a professional VAPT report with proof of concept (PoC), risk assessment, and remediation recommendations based on OWASP best practices.
0
21
Kali Linux
(4)
Follow
Message
Guilherme Farinassi
São Paulo, Brazil
Penetration Tester & Security Researcher | Web, Mobile & API
New to Contra
Follow
Message
Penetration Tester & Security Researcher | Web, Mobile & API
2
Bug Bounty Research - Web Vulnerability Discovery Conducted independent bug bounty research on public VDP and paid programs (Bugcrowd/HackerOne). Discovered and reported multiple valid vulnerabilities including IDOR exposing PII, stored XSS in user-controlled fields, SSRF via internal metadata endpoint, authentication bypass via JWT manipulation, and sensitive data exposure through misconfigured S3 buckets. Findings spanned government agencies, SaaS platforms, and financial services targets. Documented all findings with full reproduction steps, CVSS scoring, and business impact analysis following responsible disclosure guidelines.
2
41
2
API Security Assessment - REST and GraphQL Endpoints Performed a black-box API security assessment covering REST and GraphQL endpoints for a fintech platform. Identified BOLA/IDOR vulnerabilities allowing unauthorized access to other users financial data, mass assignment flaws exposing admin-only fields, broken function-level authorization on privileged endpoints, and GraphQL introspection exposing internal schema. Also found SSRF via webhook URL parameter and JWT algorithm confusion (RS256 to HS256). Delivered OWASP API Top 10 aligned report with curl-based PoC for each finding and remediation guidance.
2
35
2
Mobile Application Pentest - Android Banking App Conducted a full black-box mobile penetration test on an Android banking application following OWASP MASTG methodology. Identified 17 vulnerabilities including 5 critical findings: hardcoded AES encryption keys in SharedPreferences, SSL pinning bypass via Frida instrumentation, root detection bypass via LIEF binary patching, exported Activities without permission checks, and sensitive data exposed in Logcat. Delivered MASTG-aligned report with CVSS scoring and PoC code for all critical findings.
2
42
2
Web Application Pentest — Insurance Portal Conducted a full black-box web application penetration test on an insurance client portal. Identified 11 vulnerabilities including 3 critical findings: unauthenticated access to customer PII (CPF, phone, address), broken authentication allowing account takeover, and exposed debug endpoints with Facelets stack traces. Delivered a structured report with CVSS scoring, PoC for each finding, and prioritized remediation guidance. All critical findings were reproduced and confirmed in a retest cycle. Stack targeted: Java EE, REST APIs, JWT auth, LGPD-sensitive data.
2
54
Kali Linux
(4)
Follow
Message
Muhamed Ali
Egypt
Versatile Cybersecurity & HR Expert
Follow
Message
Versatile Cybersecurity & HR Expert
0
Training project , Enhancing Security Awareness: Understanding t
0
10
0
Onsite Network Pentest
0
14
0
Onion Circuit for a special purpose research client
0
17
View more →
Kali Linux
(3)
Follow
Message
Nitin Yadav
Gurugram, India
Top-Notch Cybersecurity & Penetration Testing
Follow
Message
Top-Notch Cybersecurity & Penetration Testing
0
Pen-Test for Real Estate Marketing Platform
0
1
0
Security Assessment of Satellite Comm GUI System
0
1
0
Comprehensive Web Application Penetration Testing
0
0
View more →
Kali Linux
(3)
Follow
Message
Timur çapkın
Turkey
Senior Security Researcher | Autonomous Recon Specialist | B
Follow
Message
Senior Security Researcher | Autonomous Recon Specialist | B
0
This project represents my work in building secure digital infrastructures and developing autonomous security tools. It focuses on proactive threat detection, vulnerability assessment, and implementing robust encryption protocols to safeguard sensitive data. Key Expertise: Penetration Testing, Bug Bounty Research, and Cyber Defense Strategy. Technologies: Python-based security automation and advanced web design security. Goal: To provide businesses with a "Digital Fortress" through comprehensive security audits and SEO-optimized, secure web solutions.
0
8
0
I am Timur Capkin; a security researcher and digital strategist awarded by giants like Mercedes-Benz on platforms such as HackerOne and Bugcrowd. I don't just build websites; I construct high-performance digital fortresses armored against cyber threats. With 10+ years of experience, I maximize your profitability while protecting your business from risks.
0
17
0
Who is the Founder of Cyber Ad World? I am Timur Capkin; a security researcher and digital strategist awarded by giants like Mercedes-Benz on platforms such as HackerOne and Bugcrowd. I don't just build websites; I construct high-performance digital fortresses armored against cyber threats. With 10+ years of experience, I maximize your profitability while protecting your business from risks.
0
20
0
As a Senior Security Researcher and Digital Strategist with over 15 years of experience, I provide a comprehensive digital package that bridges professional creativity with advanced technical security.
0
36
Kali Linux
(1)
Follow
Message
Nirjhar Banik
Kolkata, India
Cybersecurity & QA: Affordable Expert Solutions
Follow
Message
Cybersecurity & QA: Affordable Expert Solutions
0
Accelerated Security & QA Excellence
0
7
0
Securing Flagship Products: P0 Bug Fixes, API Rate-Limiting
0
6
0
Accelerated Test Automation & Fortified Security
0
10
View more →
Kali Linux
(2)
Follow
Message
Explore people