Hi 馃憢

I’m Mehtab Zafar, a developer who spends most of his time doing bug bounties.

Year In Review-2021

Looking back to all the 2021 stuff that I did...

December 22, 2021 路 8 min

Introduction to Cardano components

A few months ago one of my friends asked me to help him mint some NFT on the Cardano blockchain. At that point, I had no idea how transactions work on Cardano and how to actually mint any NFT on it. So I started reading all the blog posts I could find and started banging my head on the Cardano documentation. Now I鈥檓 writing this series (hopefully) of blog posts because I had to learn things from different places and couldn鈥檛 find everything in the Cardano documentation because it鈥檚 not very frequently updated....

November 5, 2021 路 10 min

Gaining access to protected components

In the previous post I talked about what activities are and how we can exploit exported activities. In this post, I鈥檒l show you how an attacker might be able to access the components which are protected i.e not exported. And in the end, I鈥檒l show you how I found one of the similar bugs on a public bug-bounty program. What is this vulnerability? Basically what happens is that an activity(let鈥檚 call it A) accepts some extras....

June 25, 2021 路 7 min

My OSCP experience

So it finally happened, I got my OSCP. This blog post is going to be just me talking about what I did right, what I did wrong and maybe some tips for people who plan to take the exam in the future. PWK Course Also, known as PEN-200 is the course one takes in order to get their OSCP Certification. The official definition for this course is as follows: Penetration Testing with Kali Linux (PEN-200) is the foundational course at Offensive Security....

April 26, 2021 路 13 min

Using Github Action for recon

Let鈥檚 see if it鈥檚 possible to use GitHub action for recon...

January 23, 2021 路 11 min