Pentesting Fundamentals
📅 January 15, 2026
✏ khukuririmal
Thick client applications remain a high risk yet often under-tested attack surface in enterprise environments. Unlike thin clients (browser-based apps), thick clients run directly on end-user systems, communicate with backend services over…
Read writeup
Pentesting Fundamentals
📅 January 14, 2026
✏ khukuririmal
Thick client applications continue to play a critical role in enterprise environments, especially within banking, finance, ERP systems, trading platforms, HR systems, OT environments, and internal administrative tools. Despite this, thick client…
Read writeup
Pentesting Fundamentals
📅 December 26, 2025
✏ khukuririmal
Inside an enterprise network, the attack surface extends far beyond web servers and Active Directory. Switches, printers, scanners, remote administration tools, virtualization platforms, and legacy services often expose ports that are overlooked…
Read writeup
Pentesting Fundamentals
📅 December 21, 2025
✏ khukuririmal
Applications always disclose more than intended through responses, logic, metadata, archives and integrations. Directory and endpoint discovery has traditionally been synonymous with brute-force wordlists. Tools like Dirsearch, FFUF, Gobuster, and Burp Intruder…
Read writeup
Tools & Scripts
📅 December 20, 2025
✏ khukuririmal
A Practical Approach for Banking, Internal, and Regulated Environments In an ideal world, a security tester would always be provided with a fully privileged testing machine, complete with the freedom to install…
Read writeup
Tools & Scripts
📅 December 17, 2025
✏ khukuririmal
Burp Suite has become the de facto toolkit for security professionals assessing web applications. While the core product is powerful on its own, its real strength lies in its extensibility. The Burp…
Read writeup
Pentesting Fundamentals
📅 December 17, 2025
✏ khukuririmal
Black box testing is one of the most commonly used approaches in web application Vulnerability Assessment and Penetration Testing (VAPT). However, in practice, the definition of black box testing is often misunderstood,…
Read writeup
Pentesting Fundamentals
📅 December 16, 2025
✏ khukuririmal
In modern web applications, JavaScript (JS) is no longer a supporting component—it is the backbone of application logic, client-side security controls, API communication, and user interaction. Despite this, JavaScript file analysis remains…
Read writeup
VAPT
📅 December 14, 2025
✏ khukuririmal
In an era where digital transformation is the backbone of every industry, cyberattacks have evolved faster than most organizations’ ability to defend themselves. From fintech companies securing millions of transactions per second,…
Read writeup