Pentesting Fundamentals
📅 January 14, 2026
✏ khukuririmal
Thick client applications continue to play a critical role in enterprise environments, especially within banking, finance, ERP systems, trading platforms, HR systems, OT environments, and internal administrative tools. Despite this, thick client…
Read writeup
Pentesting Fundamentals
📅 January 10, 2026
✏ khukuririmal
Kali Linux is the industry-standard operating system for penetration testing, red teaming, and security research. While Kali can be installed on a laptop or run inside a virtual machine, a bootable Kali…
Read writeup
Pentesting Fundamentals
📅 January 7, 2026
✏ khukuririmal
In real-world penetration testing, red teaming, and internal security assessments, professionals frequently operate in environments where installing tools is restricted or outright blocked. Corporate endpoints, jump servers, and internal VDIs are often…
Read writeup
Pentesting Fundamentals
📅 January 4, 2026
✏ khukuririmal
In an ideal pentesting setup, installing tools is trivial cloning a GitHub repository, installing dependencies, resolving errors, and carry the activities. Security testers often, more increasingly now come across the below: In…
Read writeup
Active Directory Pentesting
📅 January 3, 2026
✏ khukuririmal
Active Directory Pentesting has evolved significantly over the last few years. Gone are the days when attackers or red teamers could reliably depend on dropping Python tools, importing PowerShell scripts, or executing…
Read writeup
Pentesting Fundamentals
📅 December 26, 2025
✏ khukuririmal
Inside an enterprise network, the attack surface extends far beyond web servers and Active Directory. Switches, printers, scanners, remote administration tools, virtualization platforms, and legacy services often expose ports that are overlooked…
Read writeup
Pentesting Fundamentals
📅 December 21, 2025
✏ khukuririmal
Applications always disclose more than intended through responses, logic, metadata, archives and integrations. Directory and endpoint discovery has traditionally been synonymous with brute-force wordlists. Tools like Dirsearch, FFUF, Gobuster, and Burp Intruder…
Read writeup
Pentesting Fundamentals
📅 December 18, 2025
✏ khukuririmal
Modern Vulnerability Assessment and Penetration Testing (VAPT) is no longer limited to heavyweight scanners and complex toolchains. A significant amount of reconnaissance, validation, and even exploitation can be performed directly from the…
Read writeup
Pentesting Fundamentals
📅 December 17, 2025
✏ khukuririmal
Black box testing is one of the most commonly used approaches in web application Vulnerability Assessment and Penetration Testing (VAPT). However, in practice, the definition of black box testing is often misunderstood,…
Read writeup
Pentesting Fundamentals
📅 December 16, 2025
✏ khukuririmal
In modern web applications, JavaScript (JS) is no longer a supporting component—it is the backbone of application logic, client-side security controls, API communication, and user interaction. Despite this, JavaScript file analysis remains…
Read writeup