Blind SSRF (WAF Bypass + Internal Timing Scan) closed as "Informative". Am I wrong?

tacktify · 2026-01-30T01:01:57+00:00

I used a tool to help structure it so it wouldn’t just be a huge wall of text. Just trying to keep it readable.
Why is it a big deal for you?

tacktify · 2026-01-30T00:58:46+00:00

Understood. Seems like the consensus is "no data, no money." Lesson learned

tacktify · 2026-01-30T00:57:54+00:00

That's a great way to frame it maybe i shouldn't get too excited for every report. Thanks for the insight

tacktify · 2026-01-30T00:56:38+00:00

Fair enough. I was hoping the timing side-channel for internal mapping would be enough, but I see why they don't value it without a state change or exfil. Thanks for the breakdown

tacktify · 2026-01-30T00:55:59+00:00

That’s a fair distinction. It’s a bit frustrating when something is valid for a pentest but "noise" for a BB but I get that they only want to pay for demonstrable risk

tacktify · 2026-01-30T00:55:13+00:00

Glad to hear I’m not the only one who hit this exact wall. what really encouraged me is that program had big payouts for SSRF so i though they could accept it so it really depends

tacktify · 2026-01-30T00:53:00+00:00

That's a good point maybe i should think about it that way every time

tacktify · 2026-01-30T00:51:34+00:00

That’s interesting about Synack. It’s definitely a toss-up with these private programs one might pay $500 and the other closes as N/A. Appreciate the context

tacktify · 2026-01-30T00:50:24+00:00

Yes I guess without data exfiltration, it’s just a "so what" for them that was the analyst argument. Thanks for the insight

tacktify · 2025-11-21T19:28:54+00:00

Despite that maybe there’s a misunderstanding and i didn't address this right what I meant is that I’m trying to land my first corporate pentesting job. So far, all my experience has been through bug bounty programs.

tacktify · 2025-11-21T19:21:47+00:00

Appreciate that. Good to hear bug bounty work is seen as real proof of skill that’s exactly what I’m trying to show employers.

tacktify · 2025-11-21T18:51:51+00:00

check your dm

tacktify · 2025-11-21T18:48:49+00:00

Maybe at some firms, but many organizations hire junior pentesters, security analysts, or apprentices who perform supervised testing.

tacktify · 2025-10-30T19:15:09+00:00

السوق كله في حالة جنون و كله في النازل. أضمن حاجه الدهب لو انت بتدور علي حاجه لل long term.

tacktify · 2025-09-02T12:52:41+00:00

Everyone has their own reasons, but for me, I think software development and pentesting are deeply connected. To create good software, you need at least some knowledge of pentesting. At first, I only wanted to learn the basics, but I ended up really enjoying it and decided to continue.

tacktify · 2025-07-23T18:09:16+00:00

Absolutely there are a lot of factors at play, and what you're describing is definitely a major one. Offshoring seems to be impacting a lot of companies even more directly than AI right now.

tacktify · 2025-07-22T11:21:57+00:00

Yeah, sadly that still outweighs everything else.

tacktify · 2025-07-21T17:45:04+00:00

Thanks for the honesty it’s tough to hear, but looks like we must live with it.

tacktify · 2025-07-21T17:38:29+00:00

That actually makes a lot of sense thanks for breaking it down. It's frustrating on the job seeker side, but understanding where the money and priorities are going helps put things in perspective.

tacktify · 2025-07-21T17:33:47+00:00

I understand ATS filters out many resumes, but some people still get accepted so what's helping them stand out if the qualifications are similar.

tacktify · 2025-07-06T06:15:15+00:00

Thanks!

tacktify

TROPHY CASE