An inspiring story by Rafay Baloch from RafayHackingArticles. Dating back to 2009 when I first met this guy.
A Challenge that Changed our lives
No work looks interesting unless you are fueled with the requirement amount of passion and motivation. Our meeting did not only increase our learning but set us viral with new online goals that were yet to achieve. We had a long argument about blogging niche. Mohammad was in favor of a niche that was well accepted by Ad networks and that guaranteed great reputation online both in the eyes of search engines and readers. He hated and still hates niches that promote explicit, racial, political and malicious content. Hacking according to him was a topic that could never be accepted online by sponsors, no matter how pure or ethical it may get. To some extent, all that he believed was true and still holds it sanctity. My blog on hacking never succeeded with Adsense, Infolinks or BuySellAds. So my earning from all these sources were nil despite receiving millions of views per month and with over thousands of readers (23K RSS Readers + 18K Facebook Fans).
On the flip side, my opinion was that one could blog on anything he likes even hacking as long as he know how to market things properly. For me, security related stuff is no less than an addiction. I could not give up with the blog just because Ad networks were not accepting my niche.
Mustafa challenged that I could not make any kind of profit from my hacking blog, On contrary I challenged him that it's not possible to take MBT to the next level with so many Competitors around who are continuously publishing tons of widgets, templates and blogger related tutorials. I also challenged him that your blog will never get below 10k Alexa because it requires a lot of Traffic momentum. I still remember Mohammad's blog was having 100,000 Alexa rank at that time. Mohammad on contrary argued that almost anything could be achieved as long as you serve the blogosphere with something new and fresh. About Alexa, he quoted its all a game of playing with algorithm.
So, we both started working harder to prove our claims. I was earning nothing back in 2009, so I decided to study the strategies used by Six Figure Bloggers to make money online. I subscribed to all the big blogs and read their e-books, here is the interesting part of all of them, they never relied upon Ads! AdSense was never their primary earning source and most of them even didn't even use AdSense. If you observe their blogs [John Chow (Johnchow.com), Darren Rowse (Problogger.net), Nikel Patel (Quick Sprout)], you will find no Google Ads. They work on a more interesting strategy that is no less than a magic ball for many professional bloggers today.
So, How Did They Made Money?
1. Building Readership
2. Selling Product.
1. Building A Readership
2. Selling The Product
So, I applied their strategies, I started with Affiliate Marketing, where I sold keyloggers, Spywares to my blog readers, by writing a review about all of them, I chose Clickbank and Plimus as a platform for Affiliate Marketing. I was earning pretty good amount of money each and every month by marketing other products related to my niche. However, as the competition grew larger, every one started copying our ideas of marketing the same products, I saw a significant drop in my earnings. So I used their second strategy to create my own Product.
Around August 2010, I finished writing my first eBook "A Beginners Guide To Ethical Hacking", and managed to launch it that very month. Next, I used their first strategy of building a readership, i started writing articles frequently and saw a significant increase in my blog's traffic, Next i started interacting with bloggers in my niche, i offered my affiliate program to the people in my niche. To bloggers with significant traffic, I offered them 60% of the share and to small scale bloggers I offered 50% of the share. After few months i had more than 100 affiliates, thus I started earning more!
Along with it, I signed up for advertising networks infolinks.com, chitika.com and sharecash.org, My traffic was more than 24k unique visitors, so I was making a huge profit with them.
But, suddenly things changed, I was struck with Panda effect, My blog's traffic dropped by 60%. I was also banned by infolinks, chitika.com and sharecash.org for serving hacking content. All of them asked me to remove the content, which i couldn't since i worked really hard on them. That's where Mohammad proved right to a bit. And all of sudden i was left at the mercy of my book "A Beginners Guide To Ethical hacking', So i stopped blogging for a month and started working on my new product, "Facebook Hacking Course", I finished it at the end of the month, Since my traffic was not really huge at that time, i did not had that much sales as i expected, but it was decent enough to make me good amount of money at the end of the month.
Next, i decided to write another free book, to convert my blog in to a brand, I wrote "An Introduction to keylogger, RATS And Malware" at the end of the year 2011. I promoted my affiliate products under that book and it worked wonders! That books are my biggest source of earning today along with an additional earning source called "Awards"
The Year 2012
I started with Microsoft and got listed in it's responsible disclosure, The first listing was very difficult but it got easier and easier for me, I managed to get listed in more than 14 responsible disclosure pages within the time span of 3.5 months. Some notable disclosure pages are as follows:
Microsoft Security Researchers Award
I have been Acknowledged by Microsoft three times for findings various vulnerabilities in their websites:
http://technet.microsoft.com/en-us/security/cc308575.aspx (August)
http://technet.microsoft.com/en-us/security/cc308589.aspx (October)
http://technet.microsoft.com/en-us/security/cc308589.aspx (November)
Acknowledgement From Eset Antivirus Company
Dear Mr. Baloch, ESET Security team would like to officially thank for reporting security vulnerabilities on webpage www.eset.tw on October 14, 2012. We acknowledge that Mr. Rafay Baloch, RHA has reported following vulnerabilities: Stored XSS vulnerability SQL injection vulnerability Your information has helped us and our partner responsible for the site to improve security of online services and has prevented malicious exploitation of these vulnerabilities. As a part of official gratitude we would like to provide you license for ESET Smart Security. Please let us know the e-mail address where we can send You the license information.
s pozdravom /
best regards
Daniel Chromek
CISA, CISM, CISSP, MBCI Chief Information Security Officer
Adobe Security Acknowledgments
http://www.adobe.com/support/security/bulletins/securityacknowledgments.html
Ebay Responsible Disclosure Page
Reported an XSS in Ebay, bypassed their security filters to make the vulnerability work:
http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
$5000 Award from Paypal
I started participating in Paypal bug bounty program around the mid of September, I started hunting bugs, at first it got duplicate, however, one day while i was hunting for vulnerabilities in Paypal, I managed to find a huge vulnerability in Paypal i.e. Remote Code Execution, which managed me to run any command on Paypal's Server.
Initially Paypal has payed me 5000$, along with 1000$ for reporting other vulnerabilities such as XSS and information disclosure. Here is the screenshot:
Along with it, paypal also offered me job as a security engineer a.k.a Security Ninja, However, I am not planning to work for them at the moment, as my bachelors is currently in progress.
So Who Won?
It's the last month of 2012 and around 3 years have passed since we first met. Fortunately neither Mohammad could prove me wrong completely nor I could win over him. He is now running one of the most widely read blogs in Blogging niche with thousands of followers, contributors, resources and amazingly a Google blog that has the highest Alexa Rank i.e 6K out of millions of Google hosted Blogs. MBT is the only unofficial blogger blog with the highest Alexa rank mashAllah. His blog is now DMOZ listed and a repository of hundreds of creative plugins and widgets. He is still a loving friend and a dedicated blogger.
On the other hand, I succeeded in keeping honor of my claim by turning my simple blog into a lucrative Online Income engine. RHA blog is now read widely throughout India, USA and Pakistan. All its earnings are from ebook sales, product reviews and affiliate sales, with not a single Ad from any of the widely renown Contextual Ad networks (AdSense).
I would accept today that hacking wont get you accepted with Adsense or Chitika but if its your only passion and you have a strong belief that your skills can contribute to the online community then just don't stop and give it a go. Search engines do index content generously irrespective of the niche. So blog on anything as long as you know how to market it.
Message To Upcoming Hackers
Instead if you are really interested in pursuing your career in information security, I would suggest you to build your skills. Go after some certifications such as CISSP, CEH, CPTE etc. And start using your skills to help organizations make themselves secure, by reporting it to them.
Final Advice
Source : mybloggertricks[dot]com
No comments:
Post a Comment