cropped cropped cybersecwriteupslogo.png
  • VAPT
  • Red Teaming
  • Tools & Scripts
  • Active Directory Pentesting
  • Pentesting Fundamentals
  • Google Dorking
  • VAPT
  • Red Teaming
  • Tools & Scripts
  • Active Directory Pentesting
  • Pentesting Fundamentals
  • Google Dorking
Category: VAPT
Pentesting Fundamentals

Practical Guide for Thick Client Penetration Testing

📅 January 15, 2026 ✏ khukuririmal

Thick client applications remain a high risk yet often under-tested attack surface in enterprise environments. Unlike thin clients (browser-based apps), thick clients run directly on end-user systems, communicate with backend services over…

Read writeup
Pentesting Fundamentals

Thick Client Security Testing: Concepts, Attack Surface, Methodology & Vulnerabilities

📅 January 14, 2026 ✏ khukuririmal

Thick client applications continue to play a critical role in enterprise environments, especially within banking, finance, ERP systems, trading platforms, HR systems, OT environments, and internal administrative tools. Despite this, thick client…

Read writeup
Pentesting Fundamentals

Nmap in Internal Networks: A Practical Port-Based Cheatsheet for VAPT & Red Teaming

📅 December 26, 2025 ✏ khukuririmal

Inside an enterprise network, the attack surface extends far beyond web servers and Active Directory. Switches, printers, scanners, remote administration tools, virtualization platforms, and legacy services often expose ports that are overlooked…

Read writeup
Pentesting Fundamentals

Directory & Endpoint Discovery Without Wordlists: Smarter Recon for Real-World VAPT

📅 December 21, 2025 ✏ khukuririmal

Applications always disclose more than intended through responses, logic, metadata, archives and integrations. Directory and endpoint discovery has traditionally been synonymous with brute-force wordlists. Tools like Dirsearch, FFUF, Gobuster, and Burp Intruder…

Read writeup
Tools & Scripts

Application VAPT in Hardened Systems – Without Installing Tools

📅 December 20, 2025 ✏ khukuririmal

A Practical Approach for Banking, Internal, and Regulated Environments In an ideal world, a security tester would always be provided with a fully privileged testing machine, complete with the freedom to install…

Read writeup
Tools & Scripts

Top 20 Useful Burp Suite Extensions for Web Application Pentesting

📅 December 17, 2025 ✏ khukuririmal

Burp Suite has become the de facto toolkit for security professionals assessing web applications. While the core product is powerful on its own, its real strength lies in its extensibility. The Burp…

Read writeup
Pentesting Fundamentals

Redefining the Traditional Black Box Web Application VAPT Approach

📅 December 17, 2025 ✏ khukuririmal

Black box testing is one of the most commonly used approaches in web application Vulnerability Assessment and Penetration Testing (VAPT). However, in practice, the definition of black box testing is often misunderstood,…

Read writeup
Pentesting Fundamentals

JavaScript File Analysis in VAPT: An Overlooked Goldmine for High-Impact Findings

📅 December 16, 2025 ✏ khukuririmal

In modern web applications, JavaScript (JS) is no longer a supporting component—it is the backbone of application logic, client-side security controls, API communication, and user interaction. Despite this, JavaScript file analysis remains…

Read writeup
VAPT

Vulnerability Assessment & Penetration Testing (VAPT): A Complete Guide for Modern Organizations

📅 December 14, 2025 ✏ khukuririmal

In an era where digital transformation is the backbone of every industry, cyberattacks have evolved faster than most organizations’ ability to defend themselves. From fintech companies securing millions of transactions per second,…

Read writeup
« Previous 1 2

YouTube

Subscribe on YouTube

Recent Posts

  • The New HTTP QUERY Method Explained: What It Might Mean for APIs and Application Testing
  • Top 20 Mobile Application Vulnerability Chaining Scenarios Every Pentester Should Know
  • Bluetooth Enumeration & GATT Analysis: A Practical BLE Security Assessment with TP-Link UB500 & Flipper Zero
  • Bluetooth Pentesting Lab Setup Guide: Building Your First BLE Security Lab with TP-Link UB500 and Flipper Zero
  • Routing Pentesting Tool Traffic Through Burp Suite: A Practical Upstream Proxy Lab

Recent Comments

  • Bluetooth Enumeration & GATT Analysis: A Practical BLE Security Assessment with TP-Link UB500 & Flipper Zero - Cyber Security Writeups on Bluetooth Pentesting Lab Setup Guide: Building Your First BLE Security Lab with TP-Link UB500 and Flipper Zero
  • Sandip Parane on JavaScript File Analysis in VAPT: An Overlooked Goldmine for High-Impact Findings
  • HariHacks on Redefining the Traditional Black Box Web Application VAPT Approach

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • About
  • Contact
  • Disclaimer
  • Privacy Policy
    © 2026 Cyber Security Writeups · authorized testing only
    • About
    • Contact
    • Disclaimer
    • Privacy Policy