CYBERSECWRITEUPS.COM · OFFENSIVE SECURITY BLOG

A Practical Guide to Modern Cyber Offense

Hands-on writeups, attack paths, exploitation notes and automation scripts across Web, Cloud, Active Directory, Mobile and AI/LLM security. All content is for authorized, ethical security testing only.

Real-world pentest & red team notes Web · Infra · Cloud · AD · AI Scripts, payloads & automation

Load Testing and Controlled DoS Assessment During Red Team Assessments

May 29, 2026 · khukuririmal · Red Teaming

Red Team engagements extend beyond identification of traditional exploitation paths such as authentication bypasses, injection flaws, exposed assets, or privilege escalation. Organizations increasingly depend on application resilience, API stability, and infrastructure availability as critical security pillars. While offensive security teams traditionally focus on confidentiality and integrity impacts, availability testing when performed safely and with authorization […]

Cloud Bucket Enumeration in VAPT & Red Teaming

May 24, 2026 · khukuririmal · Red Teaming

Cloud storage has become a critical component of modern applications. Organizations frequently rely on cloud object storage services to host static assets, backups, application artifacts, logs, mobile application resources, and even sensitive operational data. Common cloud storage services include: Misconfigured cloud storage continues to contribute to data exposure incidents because bucket names are often predictable, […]

Wireless (Wi-Fi) Penetration Testing: A Practical Checklist for Real-World Assessments

April 3, 2026 · khukuririmal · VAPT

Wireless networks often form the weakest link in an organization’s security posture. Unlike wired infrastructure, Wi-Fi signals extend beyond physical boundaries, making them inherently exposed to unauthorized access attempts. A misconfigured wireless network can allow attackers to bypass perimeter defenses, gain internal network access, and pivot toward critical systems such as Active Directory, internal applications, […]

Practical Guide To Getting Your First CVE

March 1, 2026 · khukuririmal · Pentesting Fundamentals

Getting a CVE ID (Common Vulnerabilities and Exposures) assigned to your name is a significant milestone in cybersecurity. It reflects meaningful contribution to the security ecosystem.However, let’s set expectations clearly:Finding a vulnerability in well-maintained, reputed software, tools and repo’s is somewhat difficult. It often requires deep research, time, reverse engineering, and persistence. This guide is […]

Stealth Network Recon: Differentiating Network Devices & Servers Using Native Command-Line Utilities

February 25, 2026 · khukuririmal · Pentesting Fundamentals

In modern enterprise environments, aggressive network scanning is no longer always practical or permitted. Mature organizations deploy IDS/IPS systems, EDR solutions, and strict change-control policies that quickly flag noisy reconnaissance or scanning activity. During internal pentests or red team engagements, operators are often restricted from installing external tools, running mass scans, or generating suspicious traffic […]

Android & iOS Application Security Testing: Identifying App Types and Tailoring Your VAPT Strategy

February 18, 2026 · khukuririmal · Pentesting Fundamentals

Mobile application security testing is no longer limited to just “Android vs iOS.” Modern applications span native, hybrid, WebView-based, and cross-platform architectures, each introducing unique attack surfaces, tooling requirements, and testing techniques. During Mobile Application VAPT, the first critical step is identifying what kind of app you’re dealing with. This directly influences: Misidentifying an app […]