SSD Secure Disclosure logo
Brian showing SSD's quick handling process

Quick
handling

When a vulnerability is found, it needs to get into the right hands quickly. We offer a fast and straightforward approach to disclosing your research and the quickest submission process out there.

Brain showing SSD's generous rewards

Generous
rewards

We believe researchers' efforts should be compensated with the highest payouts. If a vendor doesn’t accept disclosures, we will still be interested in acquiring the vulnerability and reporting it.

Brian showing SSD's discretion standard

Done
discreetly

Many of our researchers utilize our maximum privacy protection and choose to stay anonymous when submitting their findings. We take the privacy of our researchers very seriously and will never disclose any information to third parties (Customers included).

For researchers,
by Researchers

SSD provides the knowledge, experience and tools needed to find and disclose vulnerabilities and advanced attack vectors.

What We Do

The researcher sends us a brief description of the vulnerability for review

the researcher submits the full discovery details and exploits. our team tests aand verifies the findings.

SSD signs a detailed contract – focused on protecting your research.

the researcher gets the full payout within a week

the vulnerbility is disclosed and published. Full credit is given to the researcher.

Our targets of interest include a vast scale of software and hardware and is being updated constantly. We are always on the lookout for:

operating systems

Windows (RCE and PE)
Linux bugs
MacOS bugs

mobile

iOS PE
iOS SBX
Android
iOS baseband

web
browsers

Chrome (RCE or SBX)
Safari
Firefox (RCE)

now in high demand

SSD Advisory – IP.Board ‘nexus’ RCE and Blind SQLi

Summary IP.Board e-commerce plugin ‘nexus’ contains two security vulnerabilities that when combined can be used to trigger a pre-auth RCE in AdminCP. Credit An independent security researcher, Egidio Romano from Karma(In)Security, working with SSD Secure

SSD Advisory – Uniview IPC2322LB Auth Bypass and CLI escape

Summary The Uniview IPC2322LB processes authentication requests allows remote attackers to bypass the authentication process and gain unauthorized access. If this is combined with a CLI escape, the Uniview device’s security can be completely compromised.

SSD Advisory – TP-Link NCXXX Authentication Bypass

Summary A vulnerability exists in TP-Link NCXXX family of devices, the vulnerability allows accessing the device without credentials – this chained with well known and currently unpatched post-auth vulnerabilities allow for the complete compromise of

?