Meet Rafay Baloch – Pakistan’s Ethical Hacking Prodigy

Team Blogogist had the chance to catch up with Rafay Baloch , a talented ethical hacker who is currently doing his undergraduate studies from Bahria University Karachi. A soft spoken and bright fellow, Rafay had a lot to share with us as we delved deep into the mind of the pen-testing genius. Here is how it went:

Rafay Baloch - Pakistan's Top Ethical Hacking Prodigy

Rafay Baloch – Pakistan’s Top Ethical Hacking Prodigy

 Rafay, kindly tell us a bit about yourself.

 I started in the field of Information Security about 7 years back, when I was in grade 10. I was curious  about how attackers went about hacking. Especially Orkut accounts because at that time it was very  popular. So I went ahead and learned a couple of techniques. After that, a few of y friends advised me to  write about hacking, which I did and started Rafayhackingarticles.net found in ’09.

 What was your inspiration?

 The movie Matrix was the biggest inspirations for me, I was really impressed by Neo who could bypass  security and hack computers at will.

 How did your peers respond?

 Some of them were really impressed while the others were… “meh”, telling me I didn’t know what I was  getting into, kiddie script, stuff like that but I used the critics to my advantage and honed my skills in the  domain.

How did your parents respond?

At first they weren’t very supportive. There’s a culture here that you need good marks in school to get into a good college. And good marks to get into a good university and so forth. But I took it in stride and once I started writing blogs, the money started pouring in. Then in 2009, my first book came out and I received overwhelming response from the readers who bought it. So, yeah, parents’ support increased.

You have many achievements under your belt, one of them is finding a bug in Paypal System. Care to share that?

It was 2012, August when I started participating in Bug bounty programs. I was searching for vulnerabilities when I came across a remote command execution vulnerability in Paypal system. It was a sub-domain of Paypal and I managed to compromise the system gaining root level access and submitted the bug. I wasn’t expecting an amount of $10000 reward that came, but hey, I’m not complaining. *grins*

You have an array of certifications under your belt; OSCP; CPTE; OSWD; EWAPT …

Rafay Baloch - eLearn Security

eLearn Security

I’m not a big fan of certifications. Most of the certifications I possess are like offensive security and I was a partner with Mule2 and in return I was allowed a free shot at each of their certifications. So thats the story of the certifications under my belt.

Rafay Baloch - Mile Certification

Mile Certification

Rafay Baloch - Lava Soft

Lava Soft

Rafay Baloch - Media Fire

Media Fire

Rafay Baloch - Avira

Avira

Rafay, tell us what you see in the white hat industry in Pakistan?

White hat industry is growing at a remarkable pace world wide but in Pakistan we only have a handful who deal in Information Security. But there is light at the end of the tunnel and the way people are taking interest, I foresee a positive change in near future.

 You are currently studying at a university, how do you see the curriculum being taught, correlate professional level?

*chuckles* I was expecting that question. The fact is that most of the stuff we are taught have nothing to do with work that we perform in industry. There is no correlation between the theory and practical and the subject of Information security remains untouched at the bachelors level in Pakistan.

Rafay Baloch

Rafay Baloch

What is the horizon for you? Any big plans?

I have a book coming up, Ethical Hacking and Penetration Guide, that is going to be released by the end of July and I would publish a more localized version later this year that would be aimed at beginners. After my degree I would like to research more in Information Security and maybe conduct my own certification training.

HTML5 Modern Day Attack and Defence Vectors

HTML5 Modern Day Attack and Defence Vectors

Ethical Hacking And Penetration Testing Guide

Ethical Hacking And Penetration Testing Guide

What would be your advice to someone new in the field?

First of all, learn programming because the best hackers that I’ve met or spoken to are well versed in programming. You cannot translate your concepts learnt in hacking techniques to solid steps unless you possess knowledge of a programming language or another.

On morals, I would like to advise youngsters not to engage in black hat activities, like scarding (stealing credit card info) or defacing sites. That is very counter productive. Chinese hackers, for example, do not deface rather penetrate into whole networks and drain information. That’s real hacking. Some new field should read the existing literature and know about the current flaws and then analyze it to predict new flaws and correct them.

Don’t let anyone else’s opinion demotivate you or keep you down. GPA really doesn’t matter. I’ll admit publicly that I don’t have great GPA but I already have offers from different parts of the world. If you love doing something, just go after it and do your best.

Facebook Comments

1 comment

Leave Comment
  1. Rafay Baloch interviews, articles and books always inspires me a lot. Thanks for sharing your experience and thoughts. Really inspirational for beginner like me.

Leave a Reply

Your email address will not be published. Required fields are marked *