VAPT
📅 June 22, 2026
✏ khukuririmal
One situation that many penetration testers and security consultants encounter during Internal VAPT engagements or Red Team Assessments is receiving access to a client environment through a VPN-connected workstation. In many cases,…
Read writeup
Pentesting Fundamentals
📅 June 15, 2026
✏ khukuririmal
Proxy servers are a fundamental component of modern security assessments. Most security professionals are familiar with configuring their browser to route traffic through Burp Suite and intercept HTTP requests. However, not every…
Read writeup
Pentesting Fundamentals
📅 June 6, 2026
✏ khukuririmal
Web Application Firewalls (WAFs) have become a standard security control for modern web applications. Whether deployed through Cloudflare, Akamai, AWS WAF, Azure WAF, Imperva, F5, or other solutions, their primary objective is…
Read writeup
Red Teaming
📅 June 2, 2026
✏ khukuririmal
Object storage is where most of the internet’s data quietly lives like backups, user uploads, build artifacts, static website assets, logs, database dumps. It’s also where a huge share of real-world data…
Read writeup
Red Teaming
📅 May 29, 2026
✏ khukuririmal
Red Team engagements extend beyond identification of traditional exploitation paths such as authentication bypasses, injection flaws, exposed assets, or privilege escalation. Organizations increasingly depend on application resilience, API stability, and infrastructure availability…
Read writeup
Red Teaming
📅 May 24, 2026
✏ khukuririmal
Cloud storage has become a critical component of modern applications. Organizations frequently rely on cloud object storage services to host static assets, backups, application artifacts, logs, mobile application resources, and even sensitive…
Read writeup
Red Teaming
📅 February 5, 2026
✏ khukuririmal
In modern security assessments, researchers and pentesters rarely start with direct exploits, they start with gathering information. One of the most underestimated reconnaissance tools is sitting in front of everyone which is…
Read writeup
Red Teaming
📅 January 19, 2026
✏ khukuririmal
In reconnaissance, what you fail to enumerate is often what hurts the most. Subdomain enumeration is one of the most critical phases of reconnaissance in any Red Team Assessment. Missed subdomains often…
Read writeup
Active Directory Pentesting
📅 January 3, 2026
✏ khukuririmal
Active Directory Pentesting has evolved significantly over the last few years. Gone are the days when attackers or red teamers could reliably depend on dropping Python tools, importing PowerShell scripts, or executing…
Read writeup
Pentesting Fundamentals
📅 December 26, 2025
✏ khukuririmal
Inside an enterprise network, the attack surface extends far beyond web servers and Active Directory. Switches, printers, scanners, remote administration tools, virtualization platforms, and legacy services often expose ports that are overlooked…
Read writeup