In the previous post I talked about what activities are and how we can exploit exported activities. In this post, I’ll show you how an attacker might be able to access the components which are protected i.e not exported. And in the end, I’ll show you how I found one of the similar bugs on a public bug-bounty program. What is this vulnerability? Basically what happens is that an activity(let’s call it A) accepts some extras....

So it finally happened, I got my OSCP. This blog post is going to be just me talking about what I did right, what I did wrong and maybe some tips for people who plan to take the exam in the future. PWK Course Also, known as PEN-200 is the course one takes in order to get their OSCP Certification. The official definition for this course is as follows: Penetration Testing with Kali Linux (PEN-200) is the foundational course at Offensive Security....

Let’s see if it’s possible to use GitHub action for recon...

In this post, I look back on all the stuff that I did in 2020...

This blog post doesn’t teach you the very basics of the android app, it just talks about the exported activity and their exploitation...