Rafay is also author of two books on the subject of "Ethical Hacking And Security", Both of these books have been written for people who would like to learn how to hack, but have no prior knowledge regarding this subject.
A Beginners Guide To Ethical Hacking
- Released in April 2010
- Sold more than 15000$ worth of copies
- Reviewed and recommended by more than 100 blogs on hacking and security.
An Introduction To Keylogger RATS And Malware
- Free e-book for absolute beginners
- More than 15000 copies downloaded so far.
Hall Of FamesGoogle Hall Of Fame
Microsoft Security Researchers Award Microsoft
http://technet.microsoft.com/en-us/security/cc308575.aspx (August) http://technet.microsoft.com/en-us/security/cc308589.aspx (October) http://technet.microsoft.com/en-us/security/cc308589.aspx (November)
Ebay Responsible Disclosure Page
Ebay Reported an XSS in Ebay, bypassed their security filters to make the vulnerability work: http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
Adobe Security Acknowledgments
“Adobe would like to thank the following individuals and organizations for reporting a security vulnerability or vulnerabilities in an Adobe online service, and for working with Adobe to help protect our customers.”
Acknowledged By RedHat And Twitter Found a Non-Persistent XSS:
https://access.redhat.com/knowledge/articles/66234 Twitter WhiteHat: https://twitter.com/about/security
Apple's Responsible Disclosure Page:
Dropbox Hall Of Fame (Reported Oauth CSRF):
Zynga Whitehat (Got listed for reporting an XSS and a sqli) http://company.zynga.com/security/whitehats
Constant Contact Responsible Disclosures Page:
OwnCloud And Tuneti Hall-of-Fame:
http://owncloud.org/security/hall-of-fame/ Tuneti Hall-of-Fame:
Acquia's Reponsible Disclosure Page:
ifixit Responsible Disclosure Page:
Github Responsible Disclosure Page:
Nokia Simens Hall Of Fame:
37Signals Security Fame:
Mahara Responsible Dislcosures List:
SoundCloud Responsible Disclosure List:
Reported few Self-XSS and finally a CSRF to get listed:
http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure Gallery Bounties
Kaneva Hall Of Fame:
Twilio Responsible Disclosure:
Get Harmony Responsible Disclosure:
Gitlab Vulnerability Acknowledgements:
Netfix Responsbile Disclosure:
Nokia HallOf Fame:
LastPass Security Hall Of Fame
Reported a Stored Cross Site Scripting (XSS) vulnerability under their Core products: https://lastpass.com/support_security.php
Acknowledgment By Eset Nod32 Antivirus Company:
Acknowledged By Avira
Acknowledgement By Avira
Acknowledged By National Bank Of Pakistan
Paypal's Job Offer
An Interview With EHN:
A detailed interview with Infinityloopers:
“This was a basic-level attack,” said Rafay Baloch, a professional white hat who recently bagged $10,000 in Paypal’s bug bounty programme after exposing a critical vulnerability in the website. However, he said it is believed across many online forums that PKNIC is also vulnerable to SQL injection – the most powerful cyber attack, according to Open Web Application Security Project (OWASP). OWASP is the world’s largest organisation in terms of web application security and penetration testing. Through SQL injection, the hacker can extract the entire database from the target website, Baloch said.
ISLAMABAD: Rafay Baloch, an independent security researcher from Karachi, has been rewarded with $5,000 for reporting a remote command execution bug in the PayPal's website. According to details, the PayPal had announced that this reward initiative for those researchers who would report about the existence of a bug and its subsequent remote command execution, Technology Times Reported.
Times Of India:
In SoftpediaNews Several Timeshttp://news.softpedia.com/news/Microsoft-Fixes-DOM-Based-XSS-Flaw-in-Learning-Site-After-Being-Notified-by-Expert-305788.shtml
Mentions in Other Popular Blogs:
Featured Inside PaulDomCOM
"Pretty neat how you get offered a job if you can find bugs in someone's application. This is a slippery slope, some may get a job, others may get an orange jumpsuit and a cell mate named "bubba", but hey if it's worth the risk to you, go for it. This person is still in college, which is impressive. Less than impressive is just how many flaws are in Paypal. You would think that someone like Paypal would pay close attention to security, but it seems they do not. This makes me want to give up on security entirely, until I remember that I get paid to find vulnerabilities..."
Social NetworksYou can connect with me mostly on:
At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.
Kindly Bookmark it and Share it with Friends: