Everyone loves to share their wins online—but today, I want to share something different.
Not success stories, but the struggles and failures that shaped my journey.
I wasn’t a “smart kid” growing up. Until class 7, I barely understood what was going on in class. Once, I scored just 54%.
In class 10, I got 83%, and by 12th, 78%. It felt like progress, but it still wasn’t “good enough” by many people's standards.
One of my coaching teachers straight-up told me I’d never be successful.
A few people I was once really close to said the same thing. That I’m just dreaming too big.
I got 21 percentile in JEE—yes, 21. It was tough to accept, but I had to move on.
So I joined a private college for B.Tech in Cyber Security. It wasn’t IIT, and honestly, it wasn’t even well known. I was part of the first batch there.
And then came the comments:
“You’re wasting your parents’ money.”
“He’s not going to make it anywhere.”
But here’s the thing—I didn’t stop.
I found something that made me want to get up every day: Cyber Security.
It gave me a sense of purpose when nothing else did.
From there, things slowly changed:
I got into the Hall of Fame of companies like Google, NASA, Sony—not overnight, but step by step.
I started earning through internships and bug bounties in college—when many told me I shouldn’t expect much.
I created videos and shared what I learned on YouTube—and now we’re a family of 30,000+ subscribers.
I’ve spoken at security events, built three courses on Udemy, and received awards in college—all while still figuring life out.
And today, I have a job that pays me what people expect only from top IIT grads.
But none of this would’ve happened if I had listened to the voices that told me to quit.
So if you’re struggling right now—if you’re feeling lost, unsure, or behind—please know you’re not alone.
Everyone moves at their own pace. Success doesn't always come from being the “top student” or cracking some big exam. Sometimes, it comes from just not giving up.
Your journey is yours. Own it. Start where you are. Use what you have. Do what you can.
And no matter how slow it feels, keep moving. Your story is still being written.
Not success stories, but the struggles and failures that shaped my journey.
I wasn’t a “smart kid” growing up. Until class 7, I barely understood what was going on in class. Once, I scored just 54%.
In class 10, I got 83%, and by 12th, 78%. It felt like progress, but it still wasn’t “good enough” by many people's standards.
One of my coaching teachers straight-up told me I’d never be successful.
A few people I was once really close to said the same thing. That I’m just dreaming too big.
I got 21 percentile in JEE—yes, 21. It was tough to accept, but I had to move on.
So I joined a private college for B.Tech in Cyber Security. It wasn’t IIT, and honestly, it wasn’t even well known. I was part of the first batch there.
And then came the comments:
“You’re wasting your parents’ money.”
“He’s not going to make it anywhere.”
But here’s the thing—I didn’t stop.
I found something that made me want to get up every day: Cyber Security.
It gave me a sense of purpose when nothing else did.
From there, things slowly changed:
I got into the Hall of Fame of companies like Google, NASA, Sony—not overnight, but step by step.
I started earning through internships and bug bounties in college—when many told me I shouldn’t expect much.
I created videos and shared what I learned on YouTube—and now we’re a family of 30,000+ subscribers.
I’ve spoken at security events, built three courses on Udemy, and received awards in college—all while still figuring life out.
And today, I have a job that pays me what people expect only from top IIT grads.
But none of this would’ve happened if I had listened to the voices that told me to quit.
So if you’re struggling right now—if you’re feeling lost, unsure, or behind—please know you’re not alone.
Everyone moves at their own pace. Success doesn't always come from being the “top student” or cracking some big exam. Sometimes, it comes from just not giving up.
Your journey is yours. Own it. Start where you are. Use what you have. Do what you can.
And no matter how slow it feels, keep moving. Your story is still being written.
❤94👏6👍3👌3
Planning to host a free webinar next week on ssrf(basics to advanced). What do you guys think?
Anonymous Poll
91%
Go for it
9%
Nah, something else(let me know in the comment)
🤝6🔥4👍2
Hi everyone, New video is out!
Check it out here: https://www.youtube.com/watch?v=lGYCqWKaon0
Check it out here: https://www.youtube.com/watch?v=lGYCqWKaon0
YouTube
This Overlooked HTTP Response Could Be Your First Bounty! | 2025
Most people see a 302 redirect and move on.
But what if changing that single response could uncover something… you're not supposed to see?
In this video, I’ll show you a simple yet powerful trick that can turn a common HTTP status code into a gateway to…
But what if changing that single response could uncover something… you're not supposed to see?
In this video, I’ll show you a simple yet powerful trick that can turn a common HTTP status code into a gateway to…
🔥20❤1
I have 3 published courses on Udemy focused on bug bounty and cybersecurity — and I’ve never claimed that just buying one of these courses will make you thousands of dollars!!
In fact, I’ve always added a clear note in the course denoscriptions:
"These courses are designed to help you upskill and build a strong foundation — not to make you rich overnight."
If any course is claiming to turn you into a professional bug bounty hunter instantly or promises quick money, it's most likely a scam.
My intention has always been to provide practical, beginner-friendly guidance based on real experience.
These courses are for those who are genuinely
curious and ready to learn through consistent effort, trial and error, and hands-on practice.
What makes me truly grateful is the response from the community — all three courses have 4+ star ratings and many positive reviews from learners who found real value in them.
Feel free to check them out: https://www.udemy.com/user/faiyaz-ahmad-33/
In fact, I’ve always added a clear note in the course denoscriptions:
"These courses are designed to help you upskill and build a strong foundation — not to make you rich overnight."
If any course is claiming to turn you into a professional bug bounty hunter instantly or promises quick money, it's most likely a scam.
My intention has always been to provide practical, beginner-friendly guidance based on real experience.
These courses are for those who are genuinely
curious and ready to learn through consistent effort, trial and error, and hands-on practice.
What makes me truly grateful is the response from the community — all three courses have 4+ star ratings and many positive reviews from learners who found real value in them.
Feel free to check them out: https://www.udemy.com/user/faiyaz-ahmad-33/
👍9❤7🔥1
Bug Bounty Tip:
Found a subdomain of your target that looks like this api-prod.target.com?
Then try to use ffuf to discover additional subdomains with this same pattern using the command:
ffuf -u http://api-FUZZ.target.com/ -w wordlist.txt -mc all
This generally helps me to discover really interesting api apps that are usually hidden from the public
Found a subdomain of your target that looks like this api-prod.target.com?
Then try to use ffuf to discover additional subdomains with this same pattern using the command:
ffuf -u http://api-FUZZ.target.com/ -w wordlist.txt -mc all
This generally helps me to discover really interesting api apps that are usually hidden from the public
❤31👍4🔥2
Hi everyone! As promised, we will be conducting a free live webinar on server side request forgery on 29th June 2025 to celebrate 30k subscribers!!
This webinar will cover everything about ssrf from basics to advanced with practical demonstration & some PoCs as well
If you are interested then feel free to submit this form: https://forms.gle/2axTEKZpjTKcrVDa7
Once again, Thank you all for supporting the channel. Keep learning & Keep hacking!
- Faiyaz Ahmad
This webinar will cover everything about ssrf from basics to advanced with practical demonstration & some PoCs as well
If you are interested then feel free to submit this form: https://forms.gle/2axTEKZpjTKcrVDa7
Once again, Thank you all for supporting the channel. Keep learning & Keep hacking!
- Faiyaz Ahmad
❤28🔥7😁1
Hi everyone! For the next video, I am thinking of creating one on how to get your first job in cyber security as a fresher in 2025. What do you guys think?
Anonymous Poll
75%
Sure, that'll be great
25%
Nah, make videos on bug bounty, vulnerabilities etc
❤7
This media is not supported in your browser
VIEW IN TELEGRAM
Really glad to have you all in the event! Hope you all liked it & got to learn something new
👍10❤8🥰1
The webinar's recording is live on YouTube! Check it out here: https://www.youtube.com/watch?v=FwahyqRna5k
YouTube
SSRF Hacking Masterclass: Real Bypasses, PoCs & Hidden Techniques (30K Subscribers Special) | 2025
To celebrate hitting 30,000 subscribers, I hosted this special live webinar focused entirely on Server-Side Request Forgery (SSRF)—a vulnerability often underestimated, yet highly impactful when chained right.
In this recorded session, I cover:
Introduction…
In this recorded session, I cover:
Introduction…
🔥21❤🔥8❤6
Hi everyone, Next video will be released tomorrow! This one's really interesting and will help you to discover vulnerabilities in modern applications.. I've recently used this method & found 5 critical vulnerabilities impacting their whole applications
Till then keep learning & keep hacking ❤️
Till then keep learning & keep hacking ❤️
❤20👍3🔥3👏2
The new video is out! Check it here: https://www.youtube.com/watch?v=puwF4Kyk0E0
YouTube
Bug Bounty Hunters: The JWT Mistake You’re Probably Missing | Practical Demonstration | 2025
If you’re hunting bugs and not checking for this JWT misconfiguration… you might be leaving money on the table.
In this video, I walk you through a real-world scenario where a JWT token from one subdomain could be reused to access another — including the…
In this video, I walk you through a real-world scenario where a JWT token from one subdomain could be reused to access another — including the…
❤12👍3🔥3
Hi people, is it really true that nahamsec recently created a new video which is very similar to our recent jwt exploit vulnerability?
🔥11👍5
Hi everyone, New video will be coming tomorrow at 6pm IST! Stay tuned ❤️
❤9👏1
My Take on AI in Cybersecurity
I believe that for a long time, AI will act more like a helpful assistant to cybersecurity professionals rather than replacing them completely. Here’s why:
1. AI Creates New Challenges Too
As the founder of Infosys once said, when machines start solving certain problems, humans begin working on more complex ones. A good example of this is how AI itself led to a new type of vulnerability known as *prompt injection*.
2. AI-Led Bug Hunting Isn’t Entirely New
Many people are talking about XBow AI, which recently ranked #1 on HackerOne’s VDP leaderboard. While that’s impressive, it’s important to remember that many top bug bounty hunters have been using their own powerful automation systems for years. These tools work at scale and follow unique methods, so this kind of automation isn’t new in the bug bounty world.
3. AI Struggles with Complex Vulnerabilities
While AI is good at finding common issues like simple XSS or IDOR, it still finds it hard to detect more advanced bugs—like business logic flaws, tricky XSS bypasses, or chaining multiple vulnerabilities together.
4. AI Can Make Mistakes (Hallucination)
Sometimes AI gives answers that sound correct but are completely wrong. This is called hallucination, and in cybersecurity, such mistakes can be risky and misleading.
Conclusion:
AI is definitely becoming a useful tool in cybersecurity, helping with automation, speed, and scale. But it’s not perfect and still needs human oversight, creativity, and deep understanding. Instead of seeing AI as a replacement, we should treat it as a partner that boosts our capabilities while we focus on solving the bigger, more complex problems
I believe that for a long time, AI will act more like a helpful assistant to cybersecurity professionals rather than replacing them completely. Here’s why:
1. AI Creates New Challenges Too
As the founder of Infosys once said, when machines start solving certain problems, humans begin working on more complex ones. A good example of this is how AI itself led to a new type of vulnerability known as *prompt injection*.
2. AI-Led Bug Hunting Isn’t Entirely New
Many people are talking about XBow AI, which recently ranked #1 on HackerOne’s VDP leaderboard. While that’s impressive, it’s important to remember that many top bug bounty hunters have been using their own powerful automation systems for years. These tools work at scale and follow unique methods, so this kind of automation isn’t new in the bug bounty world.
3. AI Struggles with Complex Vulnerabilities
While AI is good at finding common issues like simple XSS or IDOR, it still finds it hard to detect more advanced bugs—like business logic flaws, tricky XSS bypasses, or chaining multiple vulnerabilities together.
4. AI Can Make Mistakes (Hallucination)
Sometimes AI gives answers that sound correct but are completely wrong. This is called hallucination, and in cybersecurity, such mistakes can be risky and misleading.
Conclusion:
AI is definitely becoming a useful tool in cybersecurity, helping with automation, speed, and scale. But it’s not perfect and still needs human oversight, creativity, and deep understanding. Instead of seeing AI as a replacement, we should treat it as a partner that boosts our capabilities while we focus on solving the bigger, more complex problems
🔥17❤4💯2