Author
Rafay is also author of two books on the subject of "Ethical Hacking And Security", Both of these books have been written for people who would like to learn how to hack, but have no prior knowledge regarding this subject.
A Beginners Guide To Ethical Hacking
- Released in April 2010
- Sold more than 15000$ worth of copies
- Reviewed and recommended by more than 100 blogs on hacking and security.
An Introduction To Keylogger RATS And Malware
- Free e-book for absolute beginners
- More than 15000 copies downloaded so far.
Hall Of Fames
Google Hall Of Famehttp://www.google.com/about/appsecurity/hall-of-fame/distinction/
Microsoft Security Researchers Award Microsoft
http://technet.microsoft.com/en-us/security/cc308575.aspx (August) http://technet.microsoft.com/en-us/security/cc308589.aspx (October) http://technet.microsoft.com/en-us/security/cc308589.aspx (November)
Ebay Responsible Disclosure Page
Ebay Reported an XSS in Ebay, bypassed their security filters to make the vulnerability work: http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
Adobe Security Acknowledgments
“Adobe would like to thank the following individuals and organizations for reporting a security vulnerability or vulnerabilities in an Adobe online service, and for working with Adobe to help protect our customers.”
http://www.adobe.com/support/security/bulletins/securityacknowledgments.html
Acknowledged By RedHat And Twitter Found a Non-Persistent XSS:
https://access.redhat.com/knowledge/articles/66234 Twitter WhiteHat: https://twitter.com/about/security
Apple's Responsible Disclosure Page:
http://support.apple.com/kb/HT1318
Dropbox Hall Of Fame (Reported Oauth CSRF):
https://www.dropbox.com/special_thanks
Zynga Whitehat (Got listed for reporting an XSS and a sqli) http://company.zynga.com/security/whitehats
Constant Contact Responsible Disclosures Page:
http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
OwnCloud And Tuneti Hall-of-Fame:
http://owncloud.org/security/hall-of-fame/ Tuneti Hall-of-Fame:
http://corporate.tuenti.com/en/dev/hall-of-fame
Acquia's Reponsible Disclosure Page:
https://www.acquia.com/how-report-security-issue
ifixit Responsible Disclosure Page:
http://www.ifixit.com/Info/responsible_disclosure
Github Responsible Disclosure Page:
https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities
Nokia Simens Hall Of Fame:
http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
37Signals Security Fame:
http://37signals.com/security-response
Mahara Responsible Dislcosures List:
https://wiki.mahara.org/index.php/Contributors#Security_researchers
SoundCloud Responsible Disclosure List:
Reported few Self-XSS and finally a CSRF to get listed:
http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure Gallery Bounties
http://codex.gallery2.org/Bounties
EngineYard HallOfFame:
http://www.engineyard.com/legal/responsible-disclosure-policy
Kaneva Hall Of Fame:
http://docs.kaneva.com/mediawiki/index.php/Security_Hall_of_Fame
Twilio Responsible Disclosure:
https://www.twilio.com/docs/security/disclosure
Get Harmony Responsible Disclosure:
http://get.harmonyapp.com/security/
Gitlab Vulnerability Acknowledgements:
http://blog.gitlab.com/vulnerability-acknowledgements/
Netfix Responsbile Disclosure:
http://support.netflix.com/en/node/6657#gsc.tab=0
Nokia HallOf Fame:
http://www.nokia.com/global/security/acknowledgements
www.barracudalabs.com/bugbounty/halloffame.html
LastPass Security Hall Of Fame
Reported a Stored Cross Site Scripting (XSS) vulnerability under their Core products: https://lastpass.com/support_security.php
Acknowledgment By Eset Nod32 Antivirus Company:
Acknowledged By Avira
Acknowledgement By Avira
Acknowledged By National Bank Of Pakistan
Paypal's Job Offer
Internet Magazine
Interviews
An Interview With EHN:
http://www.ehackingnews.com/2013/02/an-interview-with-rafay-baloch-security.html
A detailed interview with Infinityloopers:
http://infinityloopers.com/an-interview-with-ethical-hacker-and-security-researcher-rafay-baloch/
http://blog.bugcrowd.com/meet-the-bugcrowd-bounty-hunter-profile-rafaybaloch-rafay-baloch/
http://known.pk/pride-of-pakistan/rafay-balochs-exclusive-interview/
Inside NewsPapers
Tribune NewsPaper:
http://tribune.com.pk/story/486506/working-a-desk-job-young-techie-bags-a-million-rupees-using-it-skills/
http://tribune.com.pk/story/504256/pk-domain-under-threat-pknic-remains-at-risk-of-cyber-attacks/
“This was a basic-level attack,” said Rafay Baloch, a professional white hat who recently bagged $10,000 in Paypal’s bug bounty programme after exposing a critical vulnerability in the website. However, he said it is believed across many online forums that PKNIC is also vulnerable to SQL injection – the most powerful cyber attack, according to Open Web Application Security Project (OWASP). OWASP is the world’s largest organisation in terms of web application security and penetration testing. Through SQL injection, the hacker can extract the entire database from the target website, Baloch said.
Brecorder News
http://www.brecorder.com/epaper/page_2012_12_27_19.html
ISLAMABAD: Rafay Baloch, an independent security researcher from Karachi, has been rewarded with $5,000 for reporting a remote command execution bug in the PayPal's website. According to details, the PayPal had announced that this reward initiative for those researchers who would report about the existence of a bug and its subsequent remote command execution, Technology Times Reported.
Times Of India:
http://timesofindia.indiatimes.com/tech/tech-news/internet/Pak-web-domain-pk-remains-vulnerable-to-cyberattacks/articleshow/18417191.cms
In SoftpediaNews Several Times
http://news.softpedia.com/news/Microsoft-Fixes-DOM-Based-XSS-Flaw-in-Learning-Site-After-Being-Notified-by-Expert-305788.shtmlhttp://news.softpedia.com/news/Persistent-XSS-and-SQL-Injection-Flaws-on-ESET-Taiwan-Website-Fixed-303376.shtml
http://news.softpedia.com/news/Expert-Finds-XSS-Flaw-on-eBay-After-Bypassing-Filtering-Mechanisms-295397.shtml
http://news.softpedia.com/news/Researcher-Finds-Open-Redirect-Vulnerability-in-Facebook-Video-294780.shtml\
http://news.softpedia.com/news/Microsoft-Addresses-XSS-and-HTML-Injection-Flaws-on-Websites-VIDEO-POC-294329.shtml
http://news.softpedia.com/news/PayPal-Rewards-Researcher-with-5-000-for-Finding-Remote-Code-Execution-Flaw-314110.shtml
http://news.softpedia.com/news/Researcher-Finds-XSS-Vulnerabilities-in-cPanel-WHM-11-34-Video-317356.shtml
http://news.softpedia.com/news/Zynga-Fixes-XSS-and-SQL-Injection-Vulnerabilities-on-With-Friends-Website-318452.shtml
http://news.softpedia.com/news/Expert-Finds-Security-Holes-in-Sites-of-Microsoft-Twilio-and-ProActive-CMS-321774.shtml
http://news.softpedia.com/news/Directory-Traversal-and-XSS-Vulnerabilities-Found-in-Avira-s-BetaCenter-329867.shtml
Mentions in Other Popular Blogs:
http://propakistani.pk/2012/12/13/paypal-rewards-pakistani-student-for-reporting-bugs/
http://www.aaj.tv/2012/12/pakistani-student-recieves-5000-for-detecting-bug-in-paypals-website/
http://www.hamariweb.com/articles/article.aspx?id=27713
http://www.brecorder.com/pakistan/general-news/97795-pak-student-gets-5000-reward-from-paypal.html
http://www.ehackingnews.com/2012/10/xss-vulnerability-in-stumbleupon.html
http://www.soldierx.com/hdb/Rafay-Baloch http://www.mybloggertricks.com/2012/12/mohammad-chose-blogger-i-chose-hacking.html
http://www.ehackingnews.com/2013/01/sharecash-vulnerable-to-persistent.html
http://blog.bugcrowd.com/meet-the-bugcrowd-bounty-hunter-profile-rafaybaloch-rafay-baloch/
http://known.pk/pride-of-pakistan/rafay-balochs-exclusive-interview
Featured Inside PaulDomCOM
"http://pauldotcom.com/wiki/index.php/Episode312"
"Pretty neat how you get offered a job if you can find bugs in someone's application. This is a slippery slope, some may get a job, others may get an orange jumpsuit and a cell mate named "bubba", but hey if it's worth the risk to you, go for it. This person is still in college, which is impressive. Less than impressive is just how many flaws are in Paypal. You would think that someone like Paypal would pay close attention to security, but it seems they do not. This makes me want to give up on security entirely, until I remember that I get paid to find vulnerabilities..."
Social Networks
You can connect with me mostly on:Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook, Google+ and Twitter.
Kindly Bookmark it and Share it with Friends:
47 comments:
Great bro! you are doing really well. Would you like to join me @ internetgeeks.org as author. I will promote your ebook at my blog.
Thanks!
Where & how can I get your book on ethical hacking?
Thanks!
yar mujhe ye batayo ki aap ne adbrite apne blogspot mai kese add kiya ha plz help me yar jab mai adbrite code ko add a gadet mai add karta hu to your add here raha jata hai or kush nyi ata hai yar plz meri help kar do
mera email id hai
bobbysingh_m@yahoo.com
@Anonymous
Just visit www.hacking-book.com and complete the payment process to download the book
@Gangandeep
Ads wont display until an Advertiser buys an ad spot on your blog
yar ap ye btao k login.php wala note pad wali file kxy bnti hay?ap nay apni video main jb login.php paste kya ,then u saved that notepad file but ux k baad google chrome k saath jo login wali file hay,wo kxy create hoti hay.plz tell me>
Well i have search alot in your site for your email id but i dont get it.Well i just wana seek your advice.
Firstly i want to tell u that i belong to India….yes india.
So u may hav just imagine something about me :)
Again further i wana tell i am just 18 now
I belong to a middle class low family and i just wana persue my career on this field.I think u write awesome but its may be a advance for me or i am just stupid.
I wana settle down in uk for my career.
But for going their i need to have a strong knowledge base
I tried hard but cant get it to know well about your recent articles here
Will u plz give me a full proof advice in deep about how to begin and carry on
And how u have just come to this place.
I am assuiming that at some time u may be like me (may be at time when u are born)
So will u plz sir give a direction to my career and solve my all queries.
I am not sure this comment will be read by u or not or any other one else but if it comes to u plz sir just type something for me from your busy time and mail me
rhtrules@gmail.com
Any other reader of this site can also help me
I will be very thankful for ur kind act
@Anonymous
Well to master any thing you need to learn from basics, thats the same case with Ethical Hacking, Unless you dont know basics you would not be able to Learn It, I also recommend you to read my book on Ethical hacking, it is totally dedicated to beginners
yes rafa no body would not tell anything about the ethical hacking we need to discover it own. infact u r doing a great jobs.i need do know abut online money jobs pls reply me
Man..ace work..just keep up the great deeds dude...i just love usin' computers and spendin' as much hours as i can surfin' net...i enjoyed ur book it was thumbs up....anywayzz man just let us know some more hackin' tips n tricks.......
Man you are going quite well! hats off to you!!
Well I wanna show u up my blog so where should i give u link?
@Wamiq Ali
Thanks, You can give it here through the comment
Dear,
Rafay Baloch, great work, you are (paki ankit fadia). keep it continue. spared knowledge and get knowledge.
can u send me you article.
babar awan
babar_awan1@yahoo.com
hi i have question tht if we are sharing screen through skype then how i can hack other pc how i can enter in his pc plz repli ty
i just ask question about hacking while screen sharing i m not in pakistan so i can get ur book.and i m also student of programming languages if u like to help me here's my email account luckybouy2003@yahoo.com plz repli me.
Guys you rock.
Hi Rafay,
you said that you got around 40 visits a day when you just started.
How did you get so much. Did you do any SEO to your blog?
@David
David I learned Internet marketing and Search engine optimization in order to promote my website
rafay,
you are really successful for someone who didnt know anything about the topic and you just jumped right in.
I would be interested in reading a post about how you got your blog "out there" and what specific SEO techniques that you would recommend
@David
David the problem is that I can't write articles related to SEO on this blog because it's related to Ethical Hacking
Hi rafay bhai myself nihkil karande frm kolhapur shivaji university.doing b.tech in comp sci i also want 2 be z ethical hacker wht can i do 4 it wht is the basics for that proffesion i wnt to protect our country frm outside hackes suggest me sum maxins or rss feeds to learn it plz i wnt to be a master in hacking crcking reply me @ karandenikhil.2009@gmail.com
i hope u will help me 4 my bright future. I will lyk 2 job with u.
1 thng is me nd my frnds wnts 2 develop OS.
Thnx
rafay can u help me for the software that can i use to see n disconnect people from my wifi? please help me.
i need to hack a hotmail account please email me
raztafa@gmail.com
Rafay What is the meaning of 40k visitors
K means 1000 dude well in actual K represent 1024 .......40k=40,000
slam
frend i m umair from faisalabad yaar i belong with a poor family i want to earn money i have a blog but us per koi visitor nhi ata kiya ap mujhe bta sakte ho k mera blog kiss terha ka hona chahiye or is per visitors kaise aa sakte hai plz its my no 0323 6674165
i will ait for your reply plz reply me as soon as possible its reuest i really need your help
Please tell me in which province of Pakistan you live and in which university you are studying?
I am very thank ful to you
Hey Rafay
Where did u know all these stuff
btw which school r u in?
rafay.......
nice articles
can you help me in increasing my traffic on my blog http://hackersofsujit.blogspot.com/
please mail me at
ugalesujit@ugalesujit.x10.mx
or
ugalesujit@gmail.com
rafay i read about you.. i am really impressed by you..
you know people take hacking in negative way n think and hacking and hackers are bad but its not..
n hey add me on fb name herry lostn.
hey Rafay!
hope u doing well. i really appreciate ur work regarding hacking specially 'ethical hacking'. i just want to ask 'what is difference between hacking and cracking?' plz do tell me.
@Anonymous
This is a very big topic to discuss, I will explain you with an example from the topic Email hacking and cracking, If I say that some one is going to hack in your email, So I would refer to techniques such as phishing, keylogging etc, Now if I would say that some one is going to crack into your email, I would refer to techniques such as bruteforcing, dictionary attack, Usually cracking does not involve any user interaction, where as hacking is usually combined with social engineering to make the attack more devivasting.
Rafay Baloch try disqus comment it will be better for your site :D and check my site too :D www.ultrapc1.com
Salam bro need your help i am your very big fan reading your blog since three years ..!! nice collection you'v made but i neva commented but first time some one made me comment on your blog and that is my id hacked if you really wanna help me ( i am genuine) then i can give you id .. where you say as its not good to disclose email id here.. like other fools... !!
hop to hear from you..
safwan
YAR CAN I HAVE YOUR CONTACT NUM PLZZZZZZZZZ
Hi Rafay bro!.....i want to hack my girlfriend's facebook account.ma kya karu??????????..Ans Plzzzzzzz
Hummm acha he saare hackers
can u plz tell me how can we learn ethical haccking... did we well worst in programming skilllyk c,c++,java, etc.. to becaome an hacker..tell me wat we wanna to do bcome an hacker..plz gave sme of ur ideas ..
how can i earn money through blogging????
hello rafay...nice to see your blog ......believe me i m very impressed with it....i also created a blog which is dedicated to technology news....my blogs Pr is 5 but i have only 2K views per day ....please tell me why to do to get more visitors ...
Salam Rafay ... Hope you will be fine .. rafay i need your help bro. it is very important for me you. bro kindly contact me here
aatif_kamran@hotmail.com
0333-3458420 or text me here i will call you
hi need to hack onto this website-URL 10.20.4.39:8048
how hack to mobile call log histery in airtell&uninar
u have the same story as i do...
respected bhaijaan
i am an engineering graduate and i made a facebook page and it became an instant hit in my college.
i was the only admin of the page but someone hacked into the account and removed me as admin and took control of my page.
i dont know who that person is
i was going through a lot of facebook hacking articles and came across your website www.rafayhackingarticles.net
i need your help regarding this.i need you to recover my page.
i will be really grateful if you help me out of this.
gitammafia@yahoo.co.in
Today Is my First day at your blog! I am interested in Hacking but don't know the basics. When I First designed my blog i was inspired by Muhammad@MyBloggerTricks. He made some terrific series of articles which shows us the way step by step. But as I am new in Hacking basics will u tell me - From which lesson i shall start?
hey how did you get so much info about all this "ethical hacking" stuff?? U must've learned it from somewhere or someone too right??
Hi bro,
When you free, please provide link,,,i mean clickable link :)