A few months ago one of my friends asked me to help him mint some NFT on the Cardano blockchain. At that point, I had no idea how transactions work on Cardano and how to actually mint any NFT on it. So I started reading all the blog posts I could find and started banging my head on the Cardano documentation. Now I’m writing this series (hopefully) of blog posts because I had to learn things from different places and couldn’t find everything in the Cardano documentation because it’s not very frequently updated....

In the previous post I talked about what activities are and how we can exploit exported activities. In this post, I’ll show you how an attacker might be able to access the components which are protected i.e not exported. And in the end, I’ll show you how I found one of the similar bugs on a public bug-bounty program. What is this vulnerability? Basically what happens is that an activity(let’s call it A) accepts some extras....

So it finally happened, I got my OSCP. This blog post is going to be just me talking about what I did right, what I did wrong and maybe some tips for people who plan to take the exam in the future. PWK Course Also, known as PEN-200 is the course one takes in order to get their OSCP Certification. The official definition for this course is as follows: Penetration Testing with Kali Linux (PEN-200) is the foundational course at Offensive Security....

Let’s see if it’s possible to use GitHub action for recon...

In this post, I look back on all the stuff that I did in 2020...