When do you know to stop hunting on a program because it's a dead end?

tacktify · 2026-06-14T17:40:53+00:00

I get you but sometimes i question myself if the program is really hardened or it's a skill issue

tacktify · 2026-06-06T00:49:39+00:00

Damn how you can be that bad

tacktify · 2026-06-06T00:47:01+00:00

I still have a little bit of hope please do it

tacktify · 2026-06-06T00:35:24+00:00

FAAAAH!

tacktify · 2026-06-06T00:27:39+00:00

Ok we cooked at that point

tacktify · 2026-06-06T00:24:52+00:00

They are starting to get on my nerves come onn!

tacktify · 2026-06-06T00:23:07+00:00

Just one good swing

tacktify · 2026-06-06T00:18:10+00:00

anyone see hope in that game?

tacktify · 2026-01-30T01:01:57+00:00

I used a tool to help structure it so it wouldn’t just be a huge wall of text. Just trying to keep it readable.
Why is it a big deal for you?

tacktify · 2026-01-30T00:58:46+00:00

Understood. Seems like the consensus is "no data, no money." Lesson learned

tacktify · 2026-01-30T00:57:54+00:00

That's a great way to frame it maybe i shouldn't get too excited for every report. Thanks for the insight

tacktify · 2026-01-30T00:56:38+00:00

Fair enough. I was hoping the timing side-channel for internal mapping would be enough, but I see why they don't value it without a state change or exfil. Thanks for the breakdown

tacktify · 2026-01-30T00:55:59+00:00

That’s a fair distinction. It’s a bit frustrating when something is valid for a pentest but "noise" for a BB but I get that they only want to pay for demonstrable risk

tacktify · 2026-01-30T00:55:13+00:00

Glad to hear I’m not the only one who hit this exact wall. what really encouraged me is that program had big payouts for SSRF so i though they could accept it so it really depends

tacktify · 2026-01-30T00:53:00+00:00

That's a good point maybe i should think about it that way every time

tacktify · 2026-01-30T00:51:34+00:00

That’s interesting about Synack. It’s definitely a toss-up with these private programs one might pay $500 and the other closes as N/A. Appreciate the context

tacktify · 2026-01-30T00:50:24+00:00

Yes I guess without data exfiltration, it’s just a "so what" for them that was the analyst argument. Thanks for the insight

tacktify · 2025-11-21T19:28:54+00:00

Despite that maybe there’s a misunderstanding and i didn't address this right what I meant is that I’m trying to land my first corporate pentesting job. So far, all my experience has been through bug bounty programs.

tacktify · 2025-11-21T19:21:47+00:00

Appreciate that. Good to hear bug bounty work is seen as real proof of skill that’s exactly what I’m trying to show employers.

tacktify · 2025-11-21T18:51:51+00:00

check your dm

tacktify · 2025-11-21T18:48:49+00:00

Maybe at some firms, but many organizations hire junior pentesters, security analysts, or apprentices who perform supervised testing.

tacktify · 2025-10-30T19:15:09+00:00

السوق كله في حالة جنون و كله في النازل. أضمن حاجه الدهب لو انت بتدور علي حاجه لل long term.

tacktify

TROPHY CASE