A community for researchers, by Researchers

With more than 15 years of vulnerabilities and disclosures experience, we see our community as a long-term investment. We provide the tools, knowledge and experience required to find more vulnerabilities/advanced attack vectors and discover innovative ways to exploit them.

Quick handling

When a vulnerability is found, it needs to get into the right hands quickly. Our team of experts are always standing by to help friendly hackers disclose vulnerabilities to any organization.

Generous rewards

We believe researchers efforts should be compensated with higher rewards. Even if a vendor doesn’t accept disclosures, we are still interested in acquiring the vulnerability and reporting it.

Done discreetly

We take the privacy of our researchers very seriously and will never disclose any information to third parties (Customers included). A lot of our researchers also choose to stay anonymous.

What We Do

Designed by researchers, for researchers, SSD provides the quick handling needed to get zero-day vulnerabilities responsibly reported to vendors and be generously rewarded- all done discreetly. We help researchers get to the bottom of vulnerabilities affecting major operating systems, software or devices.

Submit

You send us a brief description of the vulnerability

Sign

We sign a contract
You send us the vulnerability

Validate

Our technical team
verifies the vulnerability

Get Paid

We contact the vendor
You get paid

Publish

The vulnerability is responsibly disclosed and published

Our Scope

Our targets of interest include various Operating systems, Web browsers, Readers, Web Hosting Control Panels, CMS, Network Management Systems, Mailservers, Git Servers and many others

Operating systems:
Windows
Linux (RCE and PE)

Mobile Applications:
Facebook
Whatsapp
Facebook Messenger
Instagram
And many others

Mobile: 
iOS (PE from within the Sandbox)
Android

CMS:
WordPress
Joomla
Drupal
Confluence

Web Browsers:
Chrome (RCE or SBX)
Safari
Firefox (RCE)

Web Hosting
Control Panel:
cPanel
Plesk
DirectAdmin
Webmin
And many others

Our full scope

Our Story

Advisories

Explore our latest disclosures

SSD Advisory – Synology DSM Remote Command Injection

November 28, 2019

Introduction Network-attached storage devices allow multiple users and heterogeneous client devices to retrieve data from centralized disk capacity. These NAS stations are a […]

Read More

SSD Advisory – Intel Windows Graphics Driver Buffer Overflow to Privilege Escalation

November 17, 2019

IntroductionSince 2014, Intel is dominating the PC market as the leading graphics chip vendor worldwide with ~70% market share. With this overwhelming amount […]

Read More

SSD Advisory – Intel Windows Graphics Driver Out of Bounds Read Denial of Service

November 17, 2019

Introduction Since 2014, Intel is dominating the PC market as the leading graphics chip vendor worldwide with ~70% market share. With this overwhelming […]

Read More
Full Archive

Submit your disclosure

Ready to Join the SSD disclosure community? Click below to join the team or submit your vulnerability anonymously

Submit now
FAQ

Get in Touch

Any questions? Interested in our services? We'd love to hear from you.

We believe that researchers want to share their research, discovery and experience with all security enthusiasts: so we created an all offensive security conference just for that!
TyphoonCon focuses on highly technical offensive security issues such as vulnerability discovery, advanced exploitation techniques and reverse engineering.  
TyphoonCon will be held in Seoul, South Korea on June 2020 and will include Industry Leading Speakers, Extensive training, Multi-prize Contests and lots of networking!
For more information and tickets, visit our site:
Typhooncon.com
Facebook
Twitter
LinkedIn
YouTube