cropped cropped cybersecwriteupslogo.png
  • VAPT
  • Red Teaming
  • Tools & Scripts
  • Active Directory Pentesting
  • Pentesting Fundamentals
  • Google Dorking
  • VAPT
  • Red Teaming
  • Tools & Scripts
  • Active Directory Pentesting
  • Pentesting Fundamentals
  • Google Dorking
Category: Pentesting Fundamentals
Pentesting Fundamentals

The New HTTP QUERY Method Explained: What It Might Mean for APIs and Application Testing

📅 July 3, 2026 ✏ khukuririmal

For nearly three decades, the HTTP protocol has relied on a familiar set of request methods GET, POST, PUT, DELETE, PATCH, HEAD, and OPTIONS. Developers and security professionals have built applications, APIs,…

Read writeup
Pentesting Fundamentals

Bluetooth Enumeration & GATT Analysis: A Practical BLE Security Assessment with TP-Link UB500 & Flipper Zero

📅 June 27, 2026 ✏ khukuririmal

After successfully building a Bluetooth pentesting lab, the next logical step is learning how to enumerate Bluetooth Low Energy (BLE) devices. Enumeration is one of the most important phases of any BLE…

Read writeup
Pentesting Fundamentals

Bluetooth Pentesting Lab Setup Guide: Building Your First BLE Security Lab with TP-Link UB500 and Flipper Zero

📅 June 26, 2026 ✏ khukuririmal

Bluetooth has become one of the most widely used wireless communication technologies in modern environments. From wireless keyboards, mice, headphones, smart watches, fitness trackers, and medical devices to industrial IoT sensors and…

Read writeup
Pentesting Fundamentals

Invisible Proxy and Upstream Proxy in VAPT & Red Team Assessments

📅 June 15, 2026 ✏ khukuririmal

Proxy servers are a fundamental component of modern security assessments. Most security professionals are familiar with configuring their browser to route traffic through Burp Suite and intercept HTTP requests. However, not every…

Read writeup
Pentesting Fundamentals

WAF Bypass Techniques in VAPT and Red Team Assessments – Part 1

📅 June 6, 2026 ✏ khukuririmal

Web Application Firewalls (WAFs) have become a standard security control for modern web applications. Whether deployed through Cloudflare, Akamai, AWS WAF, Azure WAF, Imperva, F5, or other solutions, their primary objective is…

Read writeup
Pentesting Fundamentals

CDN Security Assessment Checklist for Pentesters: A Practical Guide to Assessing CDN-Protected Applications

📅 May 31, 2026 ✏ khukuririmal

Content Delivery Networks (CDNs) have become a standard component of modern web applications. Whether it is a small startup application or a large enterprise platform, chances are that traffic is passing through…

Read writeup
Pentesting Fundamentals

Practical Guide To Getting Your First CVE

📅 March 1, 2026 ✏ khukuririmal

Getting a CVE ID (Common Vulnerabilities and Exposures) assigned to your name is a significant milestone in cybersecurity. It reflects meaningful contribution to the security ecosystem.However, let’s set expectations clearly:Finding a vulnerability…

Read writeup
Pentesting Fundamentals

Stealth Network Recon: Differentiating Network Devices & Servers Using Native Command-Line Utilities

📅 February 25, 2026 ✏ khukuririmal

In modern enterprise environments, aggressive network scanning is no longer always practical or permitted. Mature organizations deploy IDS/IPS systems, EDR solutions, and strict change-control policies that quickly flag noisy reconnaissance or scanning…

Read writeup
Pentesting Fundamentals

Android & iOS Application Security Testing: Identifying App Types and Tailoring Your VAPT Strategy

📅 February 18, 2026 ✏ khukuririmal

Mobile application security testing is no longer limited to just “Android vs iOS.” Modern applications span native, hybrid, WebView-based, and cross-platform architectures, each introducing unique attack surfaces, tooling requirements, and testing techniques.…

Read writeup
Pentesting Fundamentals

Practical Guide for Thick Client Penetration Testing

📅 January 15, 2026 ✏ khukuririmal

Thick client applications remain a high risk yet often under-tested attack surface in enterprise environments. Unlike thin clients (browser-based apps), thick clients run directly on end-user systems, communicate with backend services over…

Read writeup
1 2 3 Next »

YouTube

Subscribe on YouTube

Recent Posts

  • The New HTTP QUERY Method Explained: What It Might Mean for APIs and Application Testing
  • Top 20 Mobile Application Vulnerability Chaining Scenarios Every Pentester Should Know
  • Bluetooth Enumeration & GATT Analysis: A Practical BLE Security Assessment with TP-Link UB500 & Flipper Zero
  • Bluetooth Pentesting Lab Setup Guide: Building Your First BLE Security Lab with TP-Link UB500 and Flipper Zero
  • Routing Pentesting Tool Traffic Through Burp Suite: A Practical Upstream Proxy Lab

Recent Comments

  • Bluetooth Enumeration & GATT Analysis: A Practical BLE Security Assessment with TP-Link UB500 & Flipper Zero - Cyber Security Writeups on Bluetooth Pentesting Lab Setup Guide: Building Your First BLE Security Lab with TP-Link UB500 and Flipper Zero
  • Sandip Parane on JavaScript File Analysis in VAPT: An Overlooked Goldmine for High-Impact Findings
  • HariHacks on Redefining the Traditional Black Box Web Application VAPT Approach

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • About
  • Contact
  • Disclaimer
  • Privacy Policy
    © 2026 Cyber Security Writeups · authorized testing only
    • About
    • Contact
    • Disclaimer
    • Privacy Policy