Scope 2022

Targets of interest:

  • Operating systems: Windows (RCE and PE)
  • Mobile: iOS (PE from within the Sandbox) / Android / Baseband
  • Web Browsers: Chrome (RCE or SBX) / Safari / Firefox (RCE)

Got a vulnerability out of this scope? Send us an email, we can still help: contact@ssd-disclosure.com

Currently not in our focus:*

  • Mobile: OPPO / Oneplus / Realme / Xiaomi
  • Web Hosting Control Panel: DirectAdmin / Webmin / Aegir
  • Mailserver: Dovecot / Roundcube / MDaemon / Horde / Exim / Postfix / IceWarp
  • Content Management Systems: Joomla / Drupal
  • Embedded: QNAP, Tenda, Asus, Juan, Dahua
  • IoT: IP Camera (TVT/Foscam) / Smart Video Phones / Smart Home Hubs ( i.e. XIAOMI Mi control hub)
  • Network Management Systems: Nagios / PRTG / Cacti
  • Mobile Applications: Whatsapp / Facebook Messenger / iMessage / FaceTime / Instagram / Youtube / GoogleMaps / Truecaller / Skype / Telegram
  • Git server: GitHub / GitLab enterprise / Bitbucket
  • Others: Atlassian JIRA / PHP / .NET / Firewalls / Protocols / Apache / Engine X / IIS / EMS (AhnLab Policy Center) / Slack

 

Products Out of scope**

* If you are currently researching any of these products and think you found something we may be interested in, we would love to discuss it

** At the moment we no longer accept these products’ vulnerabilities.