When a vulnerability is found, it needs to get into the right hands quickly. We offer a fast and straightforward approach to disclosing your research and the quickest submission process out there.
We believe researchers' efforts should be compensated with the highest payouts. If a vendor doesn’t accept disclosures, we will still be interested in acquiring the vulnerability and reporting it.
Many of our researchers utilize our maximum privacy protection and choose to stay anonymous when submitting their findings. We take the privacy of our researchers very seriously and will never disclose any information to third parties (Customers included).
SSD provides the knowledge, experience and tools needed to find and disclose vulnerabilities and advanced attack vectors.
What We Do
The researcher sends us a brief description of the vulnerability for review
the researcher submits the full discovery details and exploits. our team tests aand verifies the findings.
SSD signs a detailed contract – focused on protecting your research.
the researcher gets the full payout within a week
the vulnerbility is disclosed and published. Full credit is given to the researcher.
Our targets of interest include a vast scale of software and hardware and is being updated constantly. We are always on the lookout for:
Windows (RCE and PE)
Chrome (RCE or SBX)
SSD Advisory – KerioControl Remote Code Execution
Summary KerioControl suffers from a tar.gz path traversal within the import configuration functionality inside the admin panel which leads to Remote Code Execution. Credit Simon Janz Affected Devices KerioControl version 9.4.2 patch 1 build7290 Vendor
SSD Advisory – Kerio Mailbox Takeover
SSD Advisory – SonicWall Out Of Bounds Write DoS
Summary A vulnerability in SonicWall allows remote attackers to crash the target server on affected installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the `httpServer` function. The issue results