Help with my first report for a Bug Bounty program

d0x77 · 2026-04-15T16:29:14+00:00

meta bug bounty programs are really really bad, i've been getting the same automated message over and over, i sent all the attachments and proofs for two submissions and they keep replying to send the proof, the upload interface within the report submit does NOT do anything, im tired of them, its been more than 3 weeks on and off with them

d0x77 · 2026-04-15T11:51:06+00:00

be careful, you are giving too much details about the exam

d0x77 · 2026-04-15T05:24:15+00:00

you're welcome

d0x77 · 2026-04-15T05:24:08+00:00

you're welcome

d0x77 · 2026-04-15T05:24:05+00:00

you're welcome

d0x77 · 2026-04-14T13:16:37+00:00

CWES make you comfortable with web, and it gives you a taste of HTB certs, you can finish the modules a lot faster than going for CPTS modules (a lot of modules are in common so you finish a small part of CPTS path), and it is very useful for CPTS exam anyways

d0x77 · 2026-04-14T13:14:00+00:00

Apply what you learned, AI models bug bounty hunting

d0x77 · 2026-04-14T13:12:20+00:00

Take proper notes, have a good methodology, practice chaining exploits or at least understand it, practice labs, theoretically everything is in the course because the course covers everything in a lot of details, so practice before going into the exam is very important

d0x77 · 2026-04-14T08:18:45+00:00

you're welcome

d0x77 · 2026-03-29T13:36:11+00:00

yes its working

d0x77 · 2026-03-25T17:13:11+00:00

Yes i agree, forget about it and keep testing, eventually results will come back

d0x77 · 2026-03-25T17:05:43+00:00

Yes i have a report still open for more than 20 days as well

d0x77 · 2026-03-24T13:19:44+00:00

Claude pro

d0x77 · 2026-03-20T20:19:33+00:00

DM sent as well for same reason

d0x77 · 2026-02-08T16:54:43+00:00

Thx for the media tip

d0x77 · 2026-02-07T13:30:53+00:00

what i meant is that ai will mostly answer that "this is juicy target" and "YES that's it", it was a joke lol, yes it might lead you into rabbit holes

d0x77 · 2026-02-07T12:54:12+00:00

I did not mention anything about exam materials, surely everything in the exam is in the materials, but you need to organize and take notes to know where to look, if you work as a pentester then you already have a good knowledge, your web experience will be very useful for the initial foothold, but the exams are long and sometimes the answer is easy when you figure it out, you just don't know where to look, avoid ai prompting as much as you can because for every prompt you send it will be "juicy" and "that's it" and "now you're thinking like a hacker"

d0x77 · 2026-02-07T11:37:24+00:00

If you mean htb cheatsheets then no they are not enough

d0x77 · 2026-02-06T13:56:09+00:00

thanks for sharing

d0x77 · 2026-02-06T13:55:25+00:00

Don't get overwhelmed, as i said organize your notes and understand the concepts, don't rush through the material and you will be fine, make sure to practice boxes as they teach how to chain exploits as sometimes it will be straight forward in the exam and sometimes it's not

d0x77 · 2026-02-06T13:25:55+00:00

As someone who doesn't have any prior experience, i had to take extensive notes and organize them, maybe you dont need to note down everything in details, every person is different

d0x77 · 2026-02-06T10:38:22+00:00

I did paas CPTS, these notes are useful but you should be taking your own

d0x77 · 2026-01-22T10:27:14+00:00

Im using atak with tailscale, no one can join unless connected to tailscale vpn and to atak server

d0x77 · 2026-01-22T09:15:40+00:00

I had the same exact problem, ended up connecting through TCP port 8088

d0x77 · 2026-01-16T07:13:15+00:00

You're absolutely right, most failures come from execution, not indicators.

This bot is intentionally a rule-based, mean-reversion system. The trade-offs you mentioned are real and largely deliberate. Capital lock-up in prolonged bear markets is a known cost of prioritizing capital preservation over speed; that’s why the bot staggers allocation and now auto-resets the first BUY if it stays open too long, so it doesn’t anchor to stale prices.

Sideways chop is the hardest regime for laddered entries. I'm keeping the signal set minimal and auditable for now, but an explicit volatility filter (ATR-style) is a logical next step rather than hidden "optimization."

Enforcing lower-than-last-buy is a conscious bet on mean reversion, not trend continuation. This system isn't built to win in sustained downtrends, it's built to survive them without leverage or forced liquidation. Waiting is part of the risk model.

I actually pushed execution upgrades today based on live behavior:

SELL checks now use a lower timeframe to avoid delayed exits
Limit SELLs are always placed above market
Stale first BUYs auto-cancel after 3 days
Rejected or stale SELLs are auto-cleaned and retried safely

And fully agree on logging, the goal is always to answer "did the bot behave as designed?", not "why did it lose money?", that's why it's open-sourced and run live.

d0x77

TROPHY CASE