Pentesting Fundamentals
📅 July 3, 2026
✏ khukuririmal
For nearly three decades, the HTTP protocol has relied on a familiar set of request methods GET, POST, PUT, DELETE, PATCH, HEAD, and OPTIONS. Developers and security professionals have built applications, APIs,…
Read writeup
Pentesting Fundamentals
📅 June 27, 2026
✏ khukuririmal
After successfully building a Bluetooth pentesting lab, the next logical step is learning how to enumerate Bluetooth Low Energy (BLE) devices. Enumeration is one of the most important phases of any BLE…
Read writeup
Pentesting Fundamentals
📅 June 26, 2026
✏ khukuririmal
Bluetooth has become one of the most widely used wireless communication technologies in modern environments. From wireless keyboards, mice, headphones, smart watches, fitness trackers, and medical devices to industrial IoT sensors and…
Read writeup
Pentesting Fundamentals
📅 June 15, 2026
✏ khukuririmal
Proxy servers are a fundamental component of modern security assessments. Most security professionals are familiar with configuring their browser to route traffic through Burp Suite and intercept HTTP requests. However, not every…
Read writeup
Pentesting Fundamentals
📅 June 6, 2026
✏ khukuririmal
Web Application Firewalls (WAFs) have become a standard security control for modern web applications. Whether deployed through Cloudflare, Akamai, AWS WAF, Azure WAF, Imperva, F5, or other solutions, their primary objective is…
Read writeup
Pentesting Fundamentals
📅 May 31, 2026
✏ khukuririmal
Content Delivery Networks (CDNs) have become a standard component of modern web applications. Whether it is a small startup application or a large enterprise platform, chances are that traffic is passing through…
Read writeup
Pentesting Fundamentals
📅 March 1, 2026
✏ khukuririmal
Getting a CVE ID (Common Vulnerabilities and Exposures) assigned to your name is a significant milestone in cybersecurity. It reflects meaningful contribution to the security ecosystem.However, let’s set expectations clearly:Finding a vulnerability…
Read writeup
Pentesting Fundamentals
📅 February 25, 2026
✏ khukuririmal
In modern enterprise environments, aggressive network scanning is no longer always practical or permitted. Mature organizations deploy IDS/IPS systems, EDR solutions, and strict change-control policies that quickly flag noisy reconnaissance or scanning…
Read writeup
Pentesting Fundamentals
📅 February 18, 2026
✏ khukuririmal
Mobile application security testing is no longer limited to just “Android vs iOS.” Modern applications span native, hybrid, WebView-based, and cross-platform architectures, each introducing unique attack surfaces, tooling requirements, and testing techniques.…
Read writeup
Pentesting Fundamentals
📅 January 15, 2026
✏ khukuririmal
Thick client applications remain a high risk yet often under-tested attack surface in enterprise environments. Unlike thin clients (browser-based apps), thick clients run directly on end-user systems, communicate with backend services over…
Read writeup