Cyber Security Writeups

Pentesting Fundamentals

Directory & Endpoint Discovery Without Wordlists: Smarter Recon for Real-World VAPT

December 21, 2025 · khukuririmal

Applications always disclose more than intended through responses, logic, metadata, archives and integrations. Directory and endpoint discovery has traditionally been synonymous with brute-force wordlists. Tools like Dirsearch, FFUF, Gobuster, and Burp Intruder dominate this space, relying heavily on predefined lists of common paths. While effective in controlled or legacy environments, this approach often falls short […]

Browser Extensions in VAPT: Turning Your Browser into a Lightweight Pentesting Arsenal

December 18, 2025 · khukuririmal

Modern Vulnerability Assessment and Penetration Testing (VAPT) is no longer limited to heavyweight scanners and complex toolchains. A significant amount of reconnaissance, validation, and even exploitation can be performed directly from the browser using carefully chosen extensions. When used responsibly within scope, browser extensions can drastically improve testing efficiency, reduce blind spots, and complement traditional […]

Redefining the Traditional Black Box Web Application VAPT Approach

December 17, 2025 · khukuririmal

Black box testing is one of the most commonly used approaches in web application Vulnerability Assessment and Penetration Testing (VAPT). However, in practice, the definition of black box testing is often misunderstood, inconsistently applied, or overly simplified based on textbook explanations.Traditionally, black box testing is defined as a testing methodology where no internal knowledge of […]

JavaScript File Analysis in VAPT: An Overlooked Goldmine for High-Impact Findings

December 16, 2025 · khukuririmal

In modern web applications, JavaScript (JS) is no longer a supporting component—it is the backbone of application logic, client-side security controls, API communication, and user interaction. Despite this, JavaScript file analysis remains one of the most underutilized yet high-yield techniques in Vulnerability Assessment and Penetration Testing (VAPT).This blog explores why JS file analysis is critical, […]

The Importance of Technology Stack Enumeration in VAPT

December 16, 2025 · khukuririmal

In any vulnerability assessment, penetration test, or red-team engagement, technology stack enumeration is one of the earliest and most critical activities. Before a single exploit is attempted, before payloads are fired or scanners are unleashed, a skilled security professional first answers a fundamental question:“What exactly is this application built on?”Understanding the underlying technology stack is […]

Regex: The Unsung Hero Behind Modern VA Tools

December 15, 2025 · khukuririmal

When we talk about Vulnerability Assessment and Penetration Testing (VAPT), the first things that come to mind are using tools like Burp Suite, ZAP, Nmap, Nuclei, SQLMap, etc to perform VA, False Positive Removal and Manual Penetration Testing. However, one unsung hero that makes many of these tools powerful and helps penetration testers in manual […]