Hi 馃憢

I’m Mehtab Zafar, a developer who spends most of his time doing bug bounties.

Gaining access to protected components

In the previous post I talked about what activities are and how we can exploit exported activities. In this post, I鈥檒l show you how an attacker might be able to access the components which are protected i.e not exported. And in the end, I鈥檒l show you how I found one of the similar bugs on a public bug-bounty program. What is this vulnerability? Basically what happens is that an activity(let鈥檚 call it A) accepts some extras....

June 25, 2021 路 7 min

My OSCP experience

So it finally happened, I got my OSCP. This blog post is going to be just me talking about what I did right, what I did wrong and maybe some tips for people who plan to take the exam in the future. PWK Course Also, known as PEN-200 is the course one takes in order to get their OSCP Certification. The official definition for this course is as follows: Penetration Testing with Kali Linux (PEN-200) is the foundational course at Offensive Security....

April 26, 2021 路 13 min

Using Github Action for recon

Let鈥檚 see if it鈥檚 possible to use GitHub action for recon...

January 23, 2021 路 11 min

Year In Review-2020

In this post, I look back on all the stuff that I did in 2020...

December 31, 2020 路 10 min

Exploiting Exported activities in Android apps

This blog post doesn鈥檛 teach you the very basics of the android app, it just talks about the exported activity and their exploitation...

November 7, 2020 路 6 min