cropped cropped cybersecwriteupslogo.png
  • VAPT
  • Red Teaming
  • Tools & Scripts
  • Active Directory Pentesting
  • Pentesting Fundamentals
  • Google Dorking
  • VAPT
  • Red Teaming
  • Tools & Scripts
  • Active Directory Pentesting
  • Pentesting Fundamentals
  • Google Dorking
Category: Pentesting Fundamentals
Pentesting Fundamentals

Thick Client Security Testing: Concepts, Attack Surface, Methodology & Vulnerabilities

📅 January 14, 2026 ✏ khukuririmal

Thick client applications continue to play a critical role in enterprise environments, especially within banking, finance, ERP systems, trading platforms, HR systems, OT environments, and internal administrative tools. Despite this, thick client…

Read writeup
Pentesting Fundamentals

Creating a Bootable Kali Linux USB for Professional Pentesting

📅 January 10, 2026 ✏ khukuririmal

Kali Linux is the industry-standard operating system for penetration testing, red teaming, and security research. While Kali can be installed on a laptop or run inside a virtual machine, a bootable Kali…

Read writeup
Pentesting Fundamentals

Downloading Files in Windows via CLI – Native Techniques Every Pentester Should Know

📅 January 7, 2026 ✏ khukuririmal

In real-world penetration testing, red teaming, and internal security assessments, professionals frequently operate in environments where installing tools is restricted or outright blocked. Corporate endpoints, jump servers, and internal VDIs are often…

Read writeup
Pentesting Fundamentals

Building Portable Static Binaries for Pentesting, Red Teaming & Active Directory Assessments

📅 January 4, 2026 ✏ khukuririmal

In an ideal pentesting setup, installing tools is trivial cloning a GitHub repository, installing dependencies, resolving errors, and carry the activities. Security testers often, more increasingly now come across the below: In…

Read writeup
Active Directory Pentesting

The Power of Windows Native Command-Line Utilities in Active Directory Pentesting and Internal Red Teaming

📅 January 3, 2026 ✏ khukuririmal

Active Directory Pentesting has evolved significantly over the last few years. Gone are the days when attackers or red teamers could reliably depend on dropping Python tools, importing PowerShell scripts, or executing…

Read writeup
Pentesting Fundamentals

Nmap in Internal Networks: A Practical Port-Based Cheatsheet for VAPT & Red Teaming

📅 December 26, 2025 ✏ khukuririmal

Inside an enterprise network, the attack surface extends far beyond web servers and Active Directory. Switches, printers, scanners, remote administration tools, virtualization platforms, and legacy services often expose ports that are overlooked…

Read writeup
Pentesting Fundamentals

Directory & Endpoint Discovery Without Wordlists: Smarter Recon for Real-World VAPT

📅 December 21, 2025 ✏ khukuririmal

Applications always disclose more than intended through responses, logic, metadata, archives and integrations. Directory and endpoint discovery has traditionally been synonymous with brute-force wordlists. Tools like Dirsearch, FFUF, Gobuster, and Burp Intruder…

Read writeup
Pentesting Fundamentals

Browser Extensions in VAPT: Turning Your Browser into a Lightweight Pentesting Arsenal

📅 December 18, 2025 ✏ khukuririmal

Modern Vulnerability Assessment and Penetration Testing (VAPT) is no longer limited to heavyweight scanners and complex toolchains. A significant amount of reconnaissance, validation, and even exploitation can be performed directly from the…

Read writeup
Pentesting Fundamentals

Redefining the Traditional Black Box Web Application VAPT Approach

📅 December 17, 2025 ✏ khukuririmal

Black box testing is one of the most commonly used approaches in web application Vulnerability Assessment and Penetration Testing (VAPT). However, in practice, the definition of black box testing is often misunderstood,…

Read writeup
Pentesting Fundamentals

JavaScript File Analysis in VAPT: An Overlooked Goldmine for High-Impact Findings

📅 December 16, 2025 ✏ khukuririmal

In modern web applications, JavaScript (JS) is no longer a supporting component—it is the backbone of application logic, client-side security controls, API communication, and user interaction. Despite this, JavaScript file analysis remains…

Read writeup
« Previous 1 2 3 Next »

YouTube

Subscribe on YouTube

Recent Posts

  • The New HTTP QUERY Method Explained: What It Might Mean for APIs and Application Testing
  • Top 20 Mobile Application Vulnerability Chaining Scenarios Every Pentester Should Know
  • Bluetooth Enumeration & GATT Analysis: A Practical BLE Security Assessment with TP-Link UB500 & Flipper Zero
  • Bluetooth Pentesting Lab Setup Guide: Building Your First BLE Security Lab with TP-Link UB500 and Flipper Zero
  • Routing Pentesting Tool Traffic Through Burp Suite: A Practical Upstream Proxy Lab

Recent Comments

  • Bluetooth Enumeration & GATT Analysis: A Practical BLE Security Assessment with TP-Link UB500 & Flipper Zero - Cyber Security Writeups on Bluetooth Pentesting Lab Setup Guide: Building Your First BLE Security Lab with TP-Link UB500 and Flipper Zero
  • Sandip Parane on JavaScript File Analysis in VAPT: An Overlooked Goldmine for High-Impact Findings
  • HariHacks on Redefining the Traditional Black Box Web Application VAPT Approach

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • About
  • Contact
  • Disclaimer
  • Privacy Policy
    © 2026 Cyber Security Writeups · authorized testing only
    • About
    • Contact
    • Disclaimer
    • Privacy Policy