VAPT
📅 June 30, 2026
✏ khukuririmal
Mobile applications are no longer just a user interface for backend services. They store sensitive data, communicate with multiple APIs, integrate third-party SDKs, and often implement security controls such as biometrics, certificate…
Read writeup
Pentesting Fundamentals
📅 June 27, 2026
✏ khukuririmal
After successfully building a Bluetooth pentesting lab, the next logical step is learning how to enumerate Bluetooth Low Energy (BLE) devices. Enumeration is one of the most important phases of any BLE…
Read writeup
VAPT
📅 June 22, 2026
✏ khukuririmal
One situation that many penetration testers and security consultants encounter during Internal VAPT engagements or Red Team Assessments is receiving access to a client environment through a VPN-connected workstation. In many cases,…
Read writeup
Pentesting Fundamentals
📅 June 15, 2026
✏ khukuririmal
Proxy servers are a fundamental component of modern security assessments. Most security professionals are familiar with configuring their browser to route traffic through Burp Suite and intercept HTTP requests. However, not every…
Read writeup
Pentesting Fundamentals
📅 June 6, 2026
✏ khukuririmal
Web Application Firewalls (WAFs) have become a standard security control for modern web applications. Whether deployed through Cloudflare, Akamai, AWS WAF, Azure WAF, Imperva, F5, or other solutions, their primary objective is…
Read writeup
Red Teaming
📅 June 2, 2026
✏ khukuririmal
Object storage is where most of the internet’s data quietly lives like backups, user uploads, build artifacts, static website assets, logs, database dumps. It’s also where a huge share of real-world data…
Read writeup
Pentesting Fundamentals
📅 May 31, 2026
✏ khukuririmal
Content Delivery Networks (CDNs) have become a standard component of modern web applications. Whether it is a small startup application or a large enterprise platform, chances are that traffic is passing through…
Read writeup
Red Teaming
📅 May 24, 2026
✏ khukuririmal
Cloud storage has become a critical component of modern applications. Organizations frequently rely on cloud object storage services to host static assets, backups, application artifacts, logs, mobile application resources, and even sensitive…
Read writeup
VAPT
📅 April 3, 2026
✏ khukuririmal
Wireless networks often form the weakest link in an organization’s security posture. Unlike wired infrastructure, Wi-Fi signals extend beyond physical boundaries, making them inherently exposed to unauthorized access attempts. A misconfigured wireless…
Read writeup
Pentesting Fundamentals
📅 March 1, 2026
✏ khukuririmal
Getting a CVE ID (Common Vulnerabilities and Exposures) assigned to your name is a significant milestone in cybersecurity. It reflects meaningful contribution to the security ecosystem.However, let’s set expectations clearly:Finding a vulnerability…
Read writeup