#استخدام #کارشناس_تست_نفوذ
تیم امنیت ابرآمد، از متخصصان حوزه تست نفوذ و امنسازی Web Application از شما دعوت به همکاری میکند 🛸
مهارتهای تخصصی مورد نیاز:
👾 آشنایی با متدلوژی OWASP (ASVS & WSTG)
👾 تسلط بر حملات Server-side & Client-side
👾 تسلط بر تجزیه و تحلیل آسیبپذیریها و توانایی اجرا و تغییر اکسپلویتها
👾 تسلط بر کار با ابزارهای تست نفوذ (Burp suite ,nuclei, …)
👾 تسلط بر گزارشنویسی و ارائه راهکارهای برطرفسازی آسیبپذیری
👾 آشنایی با وب اپلیکیشن فایروالهای متداول و تسلط بر تکنیکهای ارزیابی و دور زدن آنها
👾 داشتن مهارت کار تیمی
مهارتهایی که برخورداری از آنها مزیت محسوب میشود:
⭐️ علاقهمند به اجرای فرآیندهای Red Teaming (آشنا با فریمورک MITRE ATT&CK)
⭐️ سابقه فعالیت در پلتفرمهای داخلی و خارجی باگ بانتی
⭐️ دارا بودن تفکر تحلیلی و علاقهمند به رویارویی با چالشهای فنی تست نفوذ
⭐️ علاقهمند به R&D در حوزه حملات پیشرفته و تحلیل آسیبپذیریها
نیازمندیهای همکاری:
🔶 ۳ تا ۵ سال سابقه تست نفوذ وب
🔶 داشتن کارت پایان خدمت یا معافیت دائمی برای آقایان
🔶 امکان حضور در شرکت (تهران)
برای اطلاع از مزایای همکاری با ابرآمد و ارسال رزومه، از لینک زیر استفاده کنید:
🔗 https://www.abramad.com/jobs/
بخشی از داستان ما باشید 💙
#WebSecurity #PenetrationTesting #OWASP #BurpSuite #VulnerabilityAssessment #ExploitDevelopment #RedTeam #CyberSecurityJobs #BugBounty #AppSec #WAFBypass #SecurityExperts #InfosecCareers #EthicalHacking #SecurityHiring
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
تیم امنیت ابرآمد، از متخصصان حوزه تست نفوذ و امنسازی Web Application از شما دعوت به همکاری میکند 🛸
مهارتهای تخصصی مورد نیاز:
👾 آشنایی با متدلوژی OWASP (ASVS & WSTG)
👾 تسلط بر حملات Server-side & Client-side
👾 تسلط بر تجزیه و تحلیل آسیبپذیریها و توانایی اجرا و تغییر اکسپلویتها
👾 تسلط بر کار با ابزارهای تست نفوذ (Burp suite ,nuclei, …)
👾 تسلط بر گزارشنویسی و ارائه راهکارهای برطرفسازی آسیبپذیری
👾 آشنایی با وب اپلیکیشن فایروالهای متداول و تسلط بر تکنیکهای ارزیابی و دور زدن آنها
👾 داشتن مهارت کار تیمی
مهارتهایی که برخورداری از آنها مزیت محسوب میشود:
⭐️ علاقهمند به اجرای فرآیندهای Red Teaming (آشنا با فریمورک MITRE ATT&CK)
⭐️ سابقه فعالیت در پلتفرمهای داخلی و خارجی باگ بانتی
⭐️ دارا بودن تفکر تحلیلی و علاقهمند به رویارویی با چالشهای فنی تست نفوذ
⭐️ علاقهمند به R&D در حوزه حملات پیشرفته و تحلیل آسیبپذیریها
نیازمندیهای همکاری:
🔶 ۳ تا ۵ سال سابقه تست نفوذ وب
🔶 داشتن کارت پایان خدمت یا معافیت دائمی برای آقایان
🔶 امکان حضور در شرکت (تهران)
برای اطلاع از مزایای همکاری با ابرآمد و ارسال رزومه، از لینک زیر استفاده کنید:
🔗 https://www.abramad.com/jobs/
بخشی از داستان ما باشید 💙
#WebSecurity #PenetrationTesting #OWASP #BurpSuite #VulnerabilityAssessment #ExploitDevelopment #RedTeam #CyberSecurityJobs #BugBounty #AppSec #WAFBypass #SecurityExperts #InfosecCareers #EthicalHacking #SecurityHiring
Please open Telegram to view this post
VIEW IN TELEGRAM
👍1
We're Hiring at Securetackles 🚀
Open Position:
🔒 Web Penetration Testing Intern (Remote, 6-8 weeks, Unpaid)
🔍 Passion for cybersecurity and learning
💻 Basic understanding of web technologies (HTML, HTTP, JavaScript) beneficial
🕵🏼 Strong analytical mindset and curiosity
Potential for Full-Time Role:
📈 Successful interns may be considered for full-time positions within Securetackles
Gain hands-on experience in web penetration testing and launch your cybersecurity career! 💼
Apply here:
📧 [email protected] (CC: [email protected])
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
#Securetackles #Hiring #RemoteJobs #Internship #Cybersecurity #WebPenetrationTesting #CareerDevelopment
#PenetrationTesting
#EthicalHacking
Open Position:
🔒 Web Penetration Testing Intern (Remote, 6-8 weeks, Unpaid)
🔍 Passion for cybersecurity and learning
💻 Basic understanding of web technologies (HTML, HTTP, JavaScript) beneficial
🕵🏼 Strong analytical mindset and curiosity
Potential for Full-Time Role:
📈 Successful interns may be considered for full-time positions within Securetackles
Gain hands-on experience in web penetration testing and launch your cybersecurity career! 💼
Apply here:
📧 [email protected] (CC: [email protected])
#Securetackles #Hiring #RemoteJobs #Internship #Cybersecurity #WebPenetrationTesting #CareerDevelopment
#PenetrationTesting
#EthicalHacking
Please open Telegram to view this post
VIEW IN TELEGRAM
🚨 We're Hiring: Security Consultant (Penetration Testing)
📍 Location: Bangalore
💼 Work Mode: Hybrid
🛡 Experience Level: 3–5 years
Are you passionate about cybersecurity and penetration testing? Join our team as a Security Consultant, where you'll lead hands-on engagements, work with global and regulated industry clients, and play a key role in strengthening their security posture.
🔍 What You'll Do:
> Lead network, application, API, and cloud penetration testing
> Conduct Red & Purple Team assessments
> Identify vulnerabilities and provide expert remediation guidance
> Collaborate with clients and internal teams to deliver actionable security insights
> Mentor junior team members and contribute to research & tool development
🛠 What We're Looking For:
> 3–5 years of hands-on pen testing experience
> Strong scripting and problem-solving skills
> Certifications like OSCP, GPEN, GWAPT, GXPN, CREST (preferred)
> Excellent communication and project leadership skills
> Experience with Cobalt Strike is a plus
If you're self-driven, detail-oriented, and thrive in a collaborative and fast-paced environment, we want to hear from you!
🔗 Scan the below QR code and apply now or DM us to learn more.
Let’s build a safer digital world together.
#CyberSecurityJobs #PenetrationTesting #InfoSec #SecurityConsultant #Hiring #RedTeam #PurpleTeam #OSCP #InfosecCareers
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
📍 Location: Bangalore
💼 Work Mode: Hybrid
🛡 Experience Level: 3–5 years
Are you passionate about cybersecurity and penetration testing? Join our team as a Security Consultant, where you'll lead hands-on engagements, work with global and regulated industry clients, and play a key role in strengthening their security posture.
🔍 What You'll Do:
> Lead network, application, API, and cloud penetration testing
> Conduct Red & Purple Team assessments
> Identify vulnerabilities and provide expert remediation guidance
> Collaborate with clients and internal teams to deliver actionable security insights
> Mentor junior team members and contribute to research & tool development
🛠 What We're Looking For:
> 3–5 years of hands-on pen testing experience
> Strong scripting and problem-solving skills
> Certifications like OSCP, GPEN, GWAPT, GXPN, CREST (preferred)
> Excellent communication and project leadership skills
> Experience with Cobalt Strike is a plus
If you're self-driven, detail-oriented, and thrive in a collaborative and fast-paced environment, we want to hear from you!
🔗 Scan the below QR code and apply now or DM us to learn more.
Let’s build a safer digital world together.
#CyberSecurityJobs #PenetrationTesting #InfoSec #SecurityConsultant #Hiring #RedTeam #PurpleTeam #OSCP #InfosecCareers
Please open Telegram to view this post
VIEW IN TELEGRAM
🚨 We're Hiring: Remote Penetration Tester Trainer (Egypt Region) 🛡
Are you passionate about offensive security? Do you love sharing knowledge and helping others think like hackers.
We’re looking for a Penetration Testing Trainer to join our team remotely and help build the next generation of ethical hackers and red teamers in the Egypt region.
💼 Position: Penetration Tester Trainer
🌍 Location: Remote (Egypt-based candidates preferred)
🕐 Type: Part-Time
✅What You’ll Do
Deliver interactive training on ethical hacking, red teaming, and exploitation techniques.
Develop hands-on labs, CTF challenges, and real-world scenarios.
Guide and mentor learners — from beginners to advanced students.
Stay updated with the latest tools, vulnerabilities, and trends.
Contribute to a unique, modern, and ethical hacker learning experience.
💡 You Should Have:
Strong experience in penetration testing or red teaming
Deep knowledge of tools like Burp Suite, Nmap, Metasploit, etc.
Clear communication skills and a passion for teaching.
Experience with CTF platforms or lab creation is a big bonus.
Based in Egypt and able to commit remotely.
🚀 Whether you're an experienced ethical hacker ready to share your knowledge, or a trainer with deep red teaming expertise — we want to hear from you!
📩 Apply Now and send your cv to:
[email protected]
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
#CyberSecurityJobs #PenetrationTesting #TrainerJob #RedTeam #RemoteWork #EthicalHacking #CybersecurityEgypt #InfoSecJobs #HiringNow #CTF #Penforce
Are you passionate about offensive security? Do you love sharing knowledge and helping others think like hackers.
We’re looking for a Penetration Testing Trainer to join our team remotely and help build the next generation of ethical hackers and red teamers in the Egypt region.
💼 Position: Penetration Tester Trainer
🌍 Location: Remote (Egypt-based candidates preferred)
🕐 Type: Part-Time
✅What You’ll Do
Deliver interactive training on ethical hacking, red teaming, and exploitation techniques.
Develop hands-on labs, CTF challenges, and real-world scenarios.
Guide and mentor learners — from beginners to advanced students.
Stay updated with the latest tools, vulnerabilities, and trends.
Contribute to a unique, modern, and ethical hacker learning experience.
💡 You Should Have:
Strong experience in penetration testing or red teaming
Deep knowledge of tools like Burp Suite, Nmap, Metasploit, etc.
Clear communication skills and a passion for teaching.
Experience with CTF platforms or lab creation is a big bonus.
Based in Egypt and able to commit remotely.
🚀 Whether you're an experienced ethical hacker ready to share your knowledge, or a trainer with deep red teaming expertise — we want to hear from you!
📩 Apply Now and send your cv to:
[email protected]
#CyberSecurityJobs #PenetrationTesting #TrainerJob #RedTeam #RemoteWork #EthicalHacking #CybersecurityEgypt #InfoSecJobs #HiringNow #CTF #Penforce
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🕊1👨💻1
🛡 End-to-End Web Security Architecture: FortiWeb WAF + FortiGate in Reverse Proxy Mode
Recently completed a comprehensive lab implementation and full documentation of a production-grade web security architecture using FortiWeb as a Web Application Firewall behind FortiGate, deployed on PNETLAB with KVM-based VMs.
🔹 Traffic Flow Architecture:
Client → FortiGate (WAN/VIP) → FortiWeb (WAF Inspection) → Apache2 Real Server → Response back to Client
🔹 Key Implementation Highlights:
✅ Linux Web Server hardening with Apache2 and static IP configuration via Netplan
✅ FortiWeb interface setup across three segments (Real Server / Client-LAN / Management)
✅ Complete WAF policy chain: Virtual IP → Server Pool → Virtual Server → Server Policy
✅ FortiGate perimeter configuration with DNAT Virtual IP (100.100.100.50 → 192.168.100.50)
✅ Firewall policy with full session logging for HTTP/HTTPS/PING traffic
✅ CLI-based traffic logging activation on FortiWeb (a step many engineers miss!)
✅ End-to-end verification through Forward Traffic logs on both devices
🔹 Why Reverse Proxy Mode?
It provides deep HTTP/HTTPS inspection, granular WAF policy enforcement, and clean separation between perimeter firewalling (FortiGate) and application-layer protection (FortiWeb) — a layered defense approach aligned with Zero Trust principles.
🔹 Key Lesson Learned:
The order of WAF policy configuration matters → Virtual IP must exist before the Server Pool, which must exist before the Virtual Server, which must exist before the Server Policy. Skipping the sequence breaks the binding chain.
💼 Currently exploring new opportunities in Network & Cybersecurity Engineering — open to on-site, hybrid, or remote roles. I deliver hands-on services in network design, firewall deployment (Fortinet, Cisco), WAF implementation, ICS/OT security (IEC 62443, NIST), and infrastructure hardening.
#CyberSecurity #FortiWeb #FortiGate #WAF #NetworkSecurity #Fortinet #ReverseProxy #InfoSec #OpenToWork #NetworkEngineer #PenetrationTesting #ICS #OTSecurity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Recently completed a comprehensive lab implementation and full documentation of a production-grade web security architecture using FortiWeb as a Web Application Firewall behind FortiGate, deployed on PNETLAB with KVM-based VMs.
🔹 Traffic Flow Architecture:
Client → FortiGate (WAN/VIP) → FortiWeb (WAF Inspection) → Apache2 Real Server → Response back to Client
🔹 Key Implementation Highlights:
✅ Linux Web Server hardening with Apache2 and static IP configuration via Netplan
✅ FortiWeb interface setup across three segments (Real Server / Client-LAN / Management)
✅ Complete WAF policy chain: Virtual IP → Server Pool → Virtual Server → Server Policy
✅ FortiGate perimeter configuration with DNAT Virtual IP (100.100.100.50 → 192.168.100.50)
✅ Firewall policy with full session logging for HTTP/HTTPS/PING traffic
✅ CLI-based traffic logging activation on FortiWeb (a step many engineers miss!)
✅ End-to-end verification through Forward Traffic logs on both devices
🔹 Why Reverse Proxy Mode?
It provides deep HTTP/HTTPS inspection, granular WAF policy enforcement, and clean separation between perimeter firewalling (FortiGate) and application-layer protection (FortiWeb) — a layered defense approach aligned with Zero Trust principles.
🔹 Key Lesson Learned:
The order of WAF policy configuration matters → Virtual IP must exist before the Server Pool, which must exist before the Virtual Server, which must exist before the Server Policy. Skipping the sequence breaks the binding chain.
💼 Currently exploring new opportunities in Network & Cybersecurity Engineering — open to on-site, hybrid, or remote roles. I deliver hands-on services in network design, firewall deployment (Fortinet, Cisco), WAF implementation, ICS/OT security (IEC 62443, NIST), and infrastructure hardening.
#CyberSecurity #FortiWeb #FortiGate #WAF #NetworkSecurity #Fortinet #ReverseProxy #InfoSec #OpenToWork #NetworkEngineer #PenetrationTesting #ICS #OTSecurity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
❤2
Network Security Channel
1777790686123.pdf
🔍 Active Directory Enumeration Walkthrough: Mapping a Domain with pywerview
Just published a hands-on lab write-up demonstrating how an authenticated attacker with low-privileged credentials can enumerate a full Active Directory environment using pywerview — the Python port of the legendary PowerView module — and uncover real privilege escalation paths from a single foothold.
🔹 Lab Scenario:
Starting credentials: raj / Password@1 against the ignite.local domain. From this minimal access, mapping out users, groups, computers, delegation settings, ACLs, GPOs, and trust relationships — entirely over LDAP.
🔹 Key Findings Uncovered Through Enumeration:
✅ Domain Admin discovery — identified the aaru account via --admin-count filter (adminCount=1, member of Domain Admins)
✅ Kerberoastable SPN — the kavish account exposed via --spn, configured with TRUSTED_TO_AUTH_FOR_DELEGATION against a SQL server (constrained delegation w/ protocol transition)
✅ Unconstrained Delegation hosts — flagged via --unconstrained (a classic path to DC compromise)
✅ Backup Operators abuse path — user shivam enumerated as a member, opening NTDS.dit dump potential
✅ Trust enumeration — bidirectional forest trust to pentest.local discovered via get-netdomaintrust
✅ Domain policy extraction — password length, complexity, lockout thresholds, and Kerberos ticket lifetimes all readable from SYSVOL
🔹 pywerview Modules Demonstrated:
get-netdomain, get-netuser, get-netgroup, get-netgroupmember, get-netcomputer, get-netshare, get-netsession, get-netloggedon, get-netou, get-netsite, get-netsubnet, get-netgpo, get-domainpolicy, invoke-userhunter, invoke-processhunter, invoke-checklocaladminaccess, get-objectacl, get-netdomaintrust
🔹 Why This Matters for Defenders:
Every red-team finding above is a blue-team checklist item. Misconfigured delegation, stale adminCount=1 flags, over-privileged Backup Operators, and SPN sprawl on user accounts are the silent killers of AD environments. You can't harden what you can't see.
🔹 Key Lesson From the Lab:
A single low-privileged user is enough to map your entire domain, identify Tier 0 assets, and build a full attack graph — without ever touching a tool that triggers EDR. LDAP queries are noisy only if you're watching for them.
💼 Currently exploring new opportunities in Network & Cybersecurity Engineering — open to on-site, hybrid, or remote roles. I deliver hands-on services in network design, firewall deployment (Fortinet, Cisco), Active Directory hardening, ICS/OT security (IEC 62443, NIST), penetration testing, and infrastructure hardening.
#CyberSecurity #ActiveDirectory #RedTeam #PenetrationTesting #pywerview #PowerView #ADSecurity #LDAP #Kerberoasting #PrivilegeEscalation #InfoSec #BlueTeam #OpenToWork #NetworkSecurity #OffensiveSecurity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Just published a hands-on lab write-up demonstrating how an authenticated attacker with low-privileged credentials can enumerate a full Active Directory environment using pywerview — the Python port of the legendary PowerView module — and uncover real privilege escalation paths from a single foothold.
🔹 Lab Scenario:
Starting credentials: raj / Password@1 against the ignite.local domain. From this minimal access, mapping out users, groups, computers, delegation settings, ACLs, GPOs, and trust relationships — entirely over LDAP.
🔹 Key Findings Uncovered Through Enumeration:
✅ Domain Admin discovery — identified the aaru account via --admin-count filter (adminCount=1, member of Domain Admins)
✅ Kerberoastable SPN — the kavish account exposed via --spn, configured with TRUSTED_TO_AUTH_FOR_DELEGATION against a SQL server (constrained delegation w/ protocol transition)
✅ Unconstrained Delegation hosts — flagged via --unconstrained (a classic path to DC compromise)
✅ Backup Operators abuse path — user shivam enumerated as a member, opening NTDS.dit dump potential
✅ Trust enumeration — bidirectional forest trust to pentest.local discovered via get-netdomaintrust
✅ Domain policy extraction — password length, complexity, lockout thresholds, and Kerberos ticket lifetimes all readable from SYSVOL
🔹 pywerview Modules Demonstrated:
get-netdomain, get-netuser, get-netgroup, get-netgroupmember, get-netcomputer, get-netshare, get-netsession, get-netloggedon, get-netou, get-netsite, get-netsubnet, get-netgpo, get-domainpolicy, invoke-userhunter, invoke-processhunter, invoke-checklocaladminaccess, get-objectacl, get-netdomaintrust
🔹 Why This Matters for Defenders:
Every red-team finding above is a blue-team checklist item. Misconfigured delegation, stale adminCount=1 flags, over-privileged Backup Operators, and SPN sprawl on user accounts are the silent killers of AD environments. You can't harden what you can't see.
🔹 Key Lesson From the Lab:
A single low-privileged user is enough to map your entire domain, identify Tier 0 assets, and build a full attack graph — without ever touching a tool that triggers EDR. LDAP queries are noisy only if you're watching for them.
💼 Currently exploring new opportunities in Network & Cybersecurity Engineering — open to on-site, hybrid, or remote roles. I deliver hands-on services in network design, firewall deployment (Fortinet, Cisco), Active Directory hardening, ICS/OT security (IEC 62443, NIST), penetration testing, and infrastructure hardening.
#CyberSecurity #ActiveDirectory #RedTeam #PenetrationTesting #pywerview #PowerView #ADSecurity #LDAP #Kerberoasting #PrivilegeEscalation #InfoSec #BlueTeam #OpenToWork #NetworkSecurity #OffensiveSecurity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer