Red Teaming
📅 May 29, 2026
✏ khukuririmal
Red Team engagements extend beyond identification of traditional exploitation paths such as authentication bypasses, injection flaws, exposed assets, or privilege escalation. Organizations increasingly depend on application resilience, API stability, and infrastructure availability…
Read writeup
Pentesting Fundamentals
📅 February 25, 2026
✏ khukuririmal
In modern enterprise environments, aggressive network scanning is no longer always practical or permitted. Mature organizations deploy IDS/IPS systems, EDR solutions, and strict change-control policies that quickly flag noisy reconnaissance or scanning…
Read writeup
Pentesting Fundamentals
📅 January 10, 2026
✏ khukuririmal
Kali Linux is the industry-standard operating system for penetration testing, red teaming, and security research. While Kali can be installed on a laptop or run inside a virtual machine, a bootable Kali…
Read writeup
Pentesting Fundamentals
📅 January 7, 2026
✏ khukuririmal
In real-world penetration testing, red teaming, and internal security assessments, professionals frequently operate in environments where installing tools is restricted or outright blocked. Corporate endpoints, jump servers, and internal VDIs are often…
Read writeup
Pentesting Fundamentals
📅 January 4, 2026
✏ khukuririmal
In an ideal pentesting setup, installing tools is trivial cloning a GitHub repository, installing dependencies, resolving errors, and carry the activities. Security testers often, more increasingly now come across the below: In…
Read writeup
Pentesting Fundamentals
📅 December 26, 2025
✏ khukuririmal
Inside an enterprise network, the attack surface extends far beyond web servers and Active Directory. Switches, printers, scanners, remote administration tools, virtualization platforms, and legacy services often expose ports that are overlooked…
Read writeup
Tools & Scripts
📅 December 20, 2025
✏ khukuririmal
A Practical Approach for Banking, Internal, and Regulated Environments In an ideal world, a security tester would always be provided with a fully privileged testing machine, complete with the freedom to install…
Read writeup
Pentesting Fundamentals
📅 December 18, 2025
✏ khukuririmal
Modern Vulnerability Assessment and Penetration Testing (VAPT) is no longer limited to heavyweight scanners and complex toolchains. A significant amount of reconnaissance, validation, and even exploitation can be performed directly from the…
Read writeup
Active Directory Pentesting
📅 December 18, 2025
✏ khukuririmal
Active Directory (AD) remains the backbone of identity, authentication, and authorization in most enterprise environments. Despite years of awareness around AD attacks—Kerberoasting, Pass-the-Hash, ACL abuse, delegation misconfigurations—many organizations still operate with legacy…
Read writeup
Tools & Scripts
📅 December 17, 2025
✏ khukuririmal
Burp Suite has become the de facto toolkit for security professionals assessing web applications. While the core product is powerful on its own, its real strength lies in its extensibility. The Burp…
Read writeup