An Interview with Rafay Baloch

Rafay baloch is the owner/founder of one of top security blogs in Pakistan i.e. RHA (, Currently he runs a Pen-testing company named RHA INFOSEC, besides that he also works for Major Security, A leading company in Germany, He is also the founder of White Hat Community in Pakistan, He has helped various organizations such as Paypal, Google, Yahoo, Linkedin etc to secure them and make the web a safer place.

Today, I have got the prvilege to interview Rafay baloch:

Q:When You and Why did you Start White Hat Hacking and what are your areas of security research?
A: Around 6 six years ago, i started to learn hacking, i have been learning slowly since then, my area of research
is mostly related to web application security, most of it is related to Web application firewalls, i don't consider my selves expert int it, but i really feel curious when i am up against any kind of firewall. Apart from that i am
really interested in DOM Based XSS, since most of the code is moving towards client side, DOM XSS would increase in

Q: Were you ever interested in defacing?

A: Never.

Q:If No , Then Why ?

A: I don't like defacing and don't like people doing it, in our security community they are refereed as script kiddies,
most of people think they are helping their country by damaging websites are other countries, which makes no sense at all.
Most of the people do it for fame and that's it. Also, anything that is placed online can be hacked, some of them are easy
some of them are hard, even there would be a day for my website, but that dosen't make them skilled or us (White hats) weak. Most of the time you'd see countries like Pakistan, India, Bangladesh involved in defacing, using techniques
other created, using exploits other created won't make them an expert rite?, the real blackhats are unknown, most of the
great ones are from china, russia. Chinese hackers penetrate into networks and stay there for years, where as russians are best known for malware and botnets.

Q: What You Studing Now?

A: BSCS from Bahria University karachi.

Q: Why did you choose computing?

A: Because i love studying it and am passionate about it.

Q:From where did you learn so much about everything?

A: There are lots of people more smarter than me, so i can't say i know so much about every thing. Hardwork + little luck does the trick for me.

Q: Did you ever took help from people related to hacking?

A: I don't ask much people for help, because google helps me with everything, for questions i don't find answers for
i ask them to my mentors like Mario Heidrech, David Viera kurz, Pepe Vila etc.

Q: How much money do you spend in security research?

A: Nothing, almost everything we can learn for free. 

Q:Have you Done any Certification ? Any Plane about it?

A: Nope, have plans when i'd get time for it.

Q:How much total of bounty you have got till date?

A: I guess i'd keep it confidential, most of my bounties (Screenshots) are public, so it isn't much difficult
to co-relate.

Q: Do you teach newbies?

A: Of course, that's the reason why i launched RHA and white hat hackers community.

Q:What problem you faced when you were learning?
A Not to mention lots of them, most of the time i am distracted by people and i can't help that.

Q:Have you ever though to leave hacking or would had thought that it's a waste of time?

A: Never, it isn't waste of time, i love doing it :)

Q:How many Books you wrote? Any New in Pending?

A: 2, one pending, it would be launched next year.

Q:I heard about your company , Ever received any report from people regarding there website hacked etc?
A: Yeah, almost all of the issues people report are false positives, also it's a static website, so i don't need to worry,
if something happens on server side, then i can't help ;).

Q: Are you doing job now?

A: No time for job.

Q:What do you say about Pakistani hackers, do they have good skill?
A: The ones having skills are not the center of attention now, the ones who are not skilled are the center of attention now.

Q: You supporting defacing ?

A: Nop.

Q:How many job offers did you get till now? and from Which Companies?
A: Lots of them, but unfortunately don't have time to do job.

Q:WHat will be your message to a newbie, what they have to do to become good? and what message would you give to pros?

A: To newbies, i'd say that try learning yourselves, no one is really gonna help you, you need to help yourselves,
learn the technology before trying to attack it. Learn how things work from inside. To pros, i'd say to be humble and
that's the missing part in our community.

Q:Thanks for giving us your precious time.
A: Your welcome. :) 

So this Rafay  Baloch Feel good to know about him .


Milan Tomic

Hi. I’m Designer of Blog Magic. I’m CEO/Founder of ThemeXpose. I’m Creative Art Director, Web Designer, UI/UX Designer, Interaction Designer, Industrial Designer, Web Developer, Business Enthusiast, StartUp Enthusiast, Speaker, Writer and Photographer. Inspired to make things looks better.

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment


  1. Did you know you can create short links with Shortest and receive cash for every visitor to your shortened links.