Hi everyone, New video is out!
Check it out here: https://www.youtube.com/watch?v=lGYCqWKaon0

Really happy to see that my videos are helping people in finding real vulnerabilities ❤️

I have 3 published courses on Udemy focused on bug bounty and cybersecurity — and I’ve never claimed that just buying one of these courses will make you thousands of dollars!!




In fact, I’ve always added a clear note in the course denoscriptions:

"These courses are designed to help you upskill and build a strong foundation — not to make you rich overnight."

If any course is claiming to turn you into a professional bug bounty hunter instantly or promises quick money, it's most likely a scam.

My intention has always been to provide practical, beginner-friendly guidance based on real experience.
These courses are for those who are genuinely
curious and ready to learn through consistent effort, trial and error, and hands-on practice.
What makes me truly grateful is the response from the community — all three courses have 4+ star ratings and many positive reviews from learners who found real value in them.

Feel free to check them out: https://www.udemy.com/user/faiyaz-ahmad-33/

Bug Bounty Tip:

Found a subdomain of your target that looks like this api-prod.target.com?

Then try to use ffuf to discover additional subdomains with this same pattern using the command:

ffuf -u http://api-FUZZ.target.com/ -w wordlist.txt -mc all

This generally helps me to discover really interesting api apps that are usually hidden from the public

Hi everyone! As promised, we will be conducting a free live webinar on server side request forgery on 29th June 2025 to celebrate 30k subscribers!!

This webinar will cover everything about ssrf from basics to advanced with practical demonstration & some PoCs as well

If you are interested then feel free to submit this form: https://forms.gle/2axTEKZpjTKcrVDa7

Once again, Thank you all for supporting the channel. Keep learning & Keep hacking!

- Faiyaz Ahmad

Really glad to have you all in the event! Hope you all liked it & got to learn something new

The webinar's recording is live on YouTube! Check it out here: https://www.youtube.com/watch?v=FwahyqRna5k

Hi everyone, Next video will be released tomorrow! This one's really interesting and will help you to discover vulnerabilities in modern applications.. I've recently used this method & found 5 critical vulnerabilities impacting their whole applications

Till then keep learning & keep hacking ❤️

The new video is out! Check it here: https://www.youtube.com/watch?v=puwF4Kyk0E0

Anyone at bsides bangalore now? If yes then let's catch up on the conference room!

Had a great day today at bsides bangalore!

Hi people, is it really true that nahamsec recently created a new video which is very similar to our recent jwt exploit vulnerability?

Hi everyone, New video will be coming tomorrow at 6pm IST! Stay tuned ❤️

My Take on AI in Cybersecurity

I believe that for a long time, AI will act more like a helpful assistant to cybersecurity professionals rather than replacing them completely. Here’s why:

1. AI Creates New Challenges Too
As the founder of Infosys once said, when machines start solving certain problems, humans begin working on more complex ones. A good example of this is how AI itself led to a new type of vulnerability known as *prompt injection*.

2. AI-Led Bug Hunting Isn’t Entirely New
Many people are talking about XBow AI, which recently ranked #1 on HackerOne’s VDP leaderboard. While that’s impressive, it’s important to remember that many top bug bounty hunters have been using their own powerful automation systems for years. These tools work at scale and follow unique methods, so this kind of automation isn’t new in the bug bounty world.

3. AI Struggles with Complex Vulnerabilities
While AI is good at finding common issues like simple XSS or IDOR, it still finds it hard to detect more advanced bugs—like business logic flaws, tricky XSS bypasses, or chaining multiple vulnerabilities together.

4. AI Can Make Mistakes (Hallucination)
Sometimes AI gives answers that sound correct but are completely wrong. This is called hallucination, and in cybersecurity, such mistakes can be risky and misleading.

Conclusion:
AI is definitely becoming a useful tool in cybersecurity, helping with automation, speed, and scale. But it’s not perfect and still needs human oversight, creativity, and deep understanding. Instead of seeing AI as a replacement, we should treat it as a partner that boosts our capabilities while we focus on solving the bigger, more complex problems

For example, Here's a little info on web development jobs. Many people were saying that these jobs will be replaced as AI is really good at doing it.However, just a Google search will show you that these jobs will get increased in the near future instead of decreasing.

Therefore, just chill, learn, treat ai as a tool and keep grinding!

Hi everyone, the new video is out!
Check it here: https://www.youtube.com/watch?v=ua_ES1d0l1g

Hi everyone! Check out my recent linkedin post where i was able to bypass cloudflare waf & got xss with a unique method on a real target

Link: https://www.linkedin.com/posts/faiyaz-ahmad-64457520b_ive-recently-bypassed-a-cloudflare-web-application-activity-7351124286058770433-dgvy?utm_source=share&utm_medium=member_desktop&rcm=ACoAADVMiFQBQBWOA7hoDcQSKy5oBb0cvy4PNXs

It always makes me so happy to see comments like these. I am really honored that my videos are helping you all in your bug bounty journey! Thanks for all your support & love

For the past few months, I've interviewed over 70+ candidates and while most of them had fancy certificates like OSCP etc..None were able to answer practical questions at all...

Remember: While it is important to have a certificate, The most important thing is to have the necessary skills for the role you're applying for!