A community for researchers, by Researchers

With more than 15 years of vulnerabilities and disclosures experience, we see our community as a long-term investment. We provide the tools, knowledge and experience required to find more vulnerabilities/advanced attack vectors and discover innovative ways to exploit them.

Quick handling

When a vulnerability is found, it needs to get into the right hands quickly. Our team of experts are always standing by to help friendly hackers disclose vulnerabilities to any organization.

Generous rewards

We believe researchers efforts should be compensated with higher rewards. Even if a vendor doesn’t accept disclosures, we are still interested in acquiring the vulnerability and reporting it.

Done discreetly

We take the privacy of our researchers very seriously and will never disclose any information to third parties (Customers included). A lot of our researchers also choose to stay anonymous.

Our Scope

Our targets of interest include various Operating systems, Web browsers, Readers, Web Hosting Control Panels, CMS, Network Management Systems, Mailservers, Git Servers and many others

Operating systems:
Linux (RCE and PE)

Mobile Applications:
Facebook Messenger
And many others

iOS (PE from within the Sandbox)


Web Browsers:
Chrome (RCE or SBX)
Firefox (RCE)

Web Hosting
Control Panel:
And many others

Our Story


Explore our latest disclosures

SSD Advisory – Yealink DM Pre Auth ‘root’ level RCE

TL;DR Find out how multiple vulnerabilities in Yealink DM (Device Management) allow an unauthenticated attacker to run arbitrary commands on the server with […]

SSD Advisory – NetMotion Mobility Server Multiple Deserialization of Untrusted Data Lead to RCE

TL;DR Find out how multiple vulnerabilities in NetMotion Mobility Server allow an unauthenticated attacker to run arbitrary code on the server with SYSTEM […]

SSD Advisory – IBM AIX snmpd ASN.1 OID parsing stack overflow

TL;DR Find out how a vulnerability in IBM AIX’s snmpd service allows an unauthenticated attacker to trigger a stack overflow and potentially run […]

Submit your disclosure

Ready to Join the SSD disclosure community? Click below to join the team or submit your vulnerability anonymously

Get in Touch

Any questions? Interested in our services? We'd love to hear from you.

    We believe that researchers want to share their research, discovery and experience with all security enthusiasts: so we created an all offensive security conference just for that!
    TyphoonCon focuses on highly technical offensive security issues such as vulnerability discovery, advanced exploitation techniques and reverse engineering.  
    Following recent developments worldwide relating to COVID-19, we have made the difficult decision to cancel TyphoonCon 2020.
    Details regarding TyphoonCon 2021 are coming soon!