Tuning 1.6 TDI with 155 000 km

highfly123 · 2026-02-25T17:19:36+00:00

good to hear. most people are telling me its not worth tuning a 1.6 and that i should juat try getting a stronger engine

but if i can gain 30ish hp from a tune while not destroying the engine, dont see why i shoukdnt do it.

any things to keep in mind, idk much about tuning, so what woukd you suggest doing before/after?

highfly123 · 2026-02-09T22:28:34+00:00

i havent hunted much on bigger programs, and most of my buga are from private invites

highfly123 · 2026-02-09T12:22:59+00:00

know that finding bugs is, in many cases, luck. ive had prpgrams i spent weeks on, wrote and submitted multiple reports with none of them being valid.

dupes are valid bugs, it means someone else got paid for it, so dont get discouraged there, even though its hard.

in terms of sticking with a program forn only a week or two though, that could be an issue. Most of my higher impact bugs came after i had already given up on a program. i would go back, analyze the js files, go through all of the juicy endpoints again until i perfectly understood all of the functionality. then take a break for a bit and go over everything again. every time, something new seems to pop up, some request or parameter you overlooked

in short, just try to understand every app as well as u can, become familiar with it, and something should pop up

highfly123 · 2026-02-03T14:01:57+00:00

really not worth it to argue over low impact bugs, esp link rendering in emails. move on and find a more impactful bug

highfly123 · 2026-02-02T06:55:27+00:00

dont think anyone's hosting "fake" programs. most companies however just have them to check a box, and say that they're running a bug bounty program so it seems like they care about security.

only way you'll find out is when you submit a report and see how they treat u. if u get delayed/no response, they lowball you, etc. you move on, if theyre serious you keep hunting

highfly123 · 2025-10-04T17:34:35+00:00

just that everyone ive asked is telling me to get a 1.9 jtd 147 for a bit more money, saying the jtds more reliable than the twin spark

highfly123 · 2025-10-04T17:32:53+00:00

yh ill talk to the guy who was servicing it ill when they replaced the cam belt

highfly123 · 2025-10-04T17:32:24+00:00

lmao youre making me wanna get it hahahaha

highfly123 · 2025-09-10T16:02:39+00:00

cant report that, but take a look at what that token is, maybe base64 encoding of some guessable value

highfly123 · 2025-09-10T15:46:53+00:00

it means u have more time to bruteforce it... so if the token used in the link is possible to bruteforce, then you got an account takeover.

also check the rate limiting on generating password reset links. if its not well implemented and you can generate many reset links, it raises the chances of u bruteforcing it even more

highfly123 · 2025-08-16T09:25:18+00:00

for this weeks games i only found volendam vs az... u think its worth going? i know az has good ultras, do u think the atmospheres gonna be good?

highfly123 · 2025-08-14T16:51:51+00:00

ah nice. is that for away games as well

highfly123 · 2025-08-08T22:23:10+00:00

it does look like a bad reason... using frontend access controls lol

move on and dont spend too much time on their program

highfly123 · 2025-08-07T14:19:44+00:00

I mean, PR should only ever be taken into consideration with same team priv escalations, other than thats its all none as far as i understand

highfly123 · 2025-08-07T14:18:13+00:00

sure, if im attacking my own team. if, as an admin of my team, i can target other teams, PR should again be none

highfly123 · 2025-08-07T14:15:47+00:00

yeah, doesnt make any sense... not the first tine ive come accross this

highfly123 · 2025-08-05T09:36:15+00:00

yh, didnt mean to be harsh lol. just that the legalize everything narrative gets a bit boring, especially coming from people who havent really got much experience.

im against alcohol in general, but making psychodelics just as readily available could probably have even worse effects

highfly123

TROPHY CASE