SSD Secure Disclosure
@SecuriTeam_SSD
Followers
23,476
Following
2
Media
784
Statuses
1,437
SSD provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. contact @ssd -disclosure.com
Cupertino, CA
Joined November 2016
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Venezuela
• 1203862 Tweets
Marvel
• 183727 Tweets
#SDCC
• 173412 Tweets
#BINIatKCONLA2024
• 165626 Tweets
Doom
• 135535 Tweets
Robert Downey Jr
• 99017 Tweets
ワンフェス
• 87594 Tweets
#บวงสรวงJACKANDJOKER
• 66872 Tweets
#UFC304
• 63108 Tweets
Gallardo
• 55920 Tweets
Cruzeiro
• 54022 Tweets
Vitória
• 53238 Tweets
Apollo
• 48620 Tweets
Botafogo
• 38938 Tweets
Russo
• 37131 Tweets
Fantastic Four
• 35930 Tweets
Kang
• 32013 Tweets
Secret Wars
• 29448 Tweets
Yoro
• 22666 Tweets
#ニノさん
• 22152 Tweets
Fortaleza
• 17335 Tweets
Cássio
• 16869 Tweets
Kevin Feige
• 16811 Tweets
First Steps
• 15964 Tweets
設営完了
• 15457 Tweets
jota
• 13895 Tweets
Mokaev
• 13708 Tweets
Nwaneri
• 13542 Tweets
Kape
• 12581 Tweets
Hojlund
• 11185 Tweets
Onana
• 11184 Tweets
ディケイド
• 11026 Tweets
Martinelli
• 10299 Tweets
Pinned Tweet
Our new 2024 product scope is now out!
Check out all the latest software and hardware we added and see how much your research is really worth:
3
16
217
💻 Have you read our latest publication?
A vulnerability in TOTOLINK LR1200GB allows remote unauthenticated attackers to become authenticated due to a stack overflow vulnerability in the web interface:
5
134
948
🚨 New advisory was just published! 🚨
A vulnerability in the Linux kernel allows local attackers to escalate privileges on affected installations of Linux Kernel:
4
107
576
Our new episode of Lil’ Bytes, a collection of advanced talks from security experts is here!
In our latest episode, Jay Turla (
@shipcod3
), manager of Security Operations at Bugcrowd, shares his “Dirty CAN Bus Hacking: I CAN Fuzz my Car and Junks” talk.
0
21
486
Found a vulnerability in Safari browser?
Submit your findings today and get up to $300,000 in payouts 💸
Visit and get the BIG payouts you deserve.
6
39
482
Lil’ Bytes, our new collection of advanced talks from leading security experts is here!
To kick things off, Alexander Ermolov (
@flothrone
), firmware security researcher, shares his “Untrusted Roots: exploiting vulnerabilities in Intel ACMs” showcase.
3
50
440
Our new episode of Lil’ Bits: a collection of introductory security talks is now here!
In this episode, we discuss XSS vulnerabilities, the potential risks and demonstrate how a stored XSS attack can be exploited in a vulnerable website
3
20
414
The PHP vulnerabilities reported to us last year, were some of the most engaging research we published in 2020.
Read all about it in our new blog post:
5
29
391
New advisory is now out!
Find out how an independent Security Researcher, Charles Fol (
@cfreal_
) used a UAF vulnerability in PHP to allow attackers that are able to run PHP code to escape disable_functions restrictions.
0
39
366
Slack recently paid a researcher $1750 USD for an RCE.
The same disclosure through our program, would have earned him in excess of $10,000 USD!!
Submit your findings quickly and discreetly and get the BIG payouts you deserve!
16
78
387
Found a Pre-Auth remote code execution in Wordpress?
Submit your vulnerability today and let us handle the hassle for you.
Visit to see how much your research is really worth!
4
62
359
🚨 New advisory was just published! 🚨
A chaining of three vulnerabilities allows unauthenticated attackers to execute arbitrary command with root privileges on Zyxel VPN firewall:
6
44
376
💻Have you read our latest publication?
A vulnerability in the TP-Link NCXXX family of devices allows accessing the device without credentials and could lead to the complete compromise of the device:
6
60
369
Our new episode of Lil’ Bits: a collection of introductory security talks is here!
In this video, we discuss the most common types of security vulnerabilities, what they look like, and how to execute them.
1
9
318
Xmas may be over, but there's still a chance to win big with our New Year's Challenge!
Be the first to solve and email us the solution to contact
@ssd
-disclosure.com and win 300$ in Amazon gift cards. Good luck! 🎁
3
14
319
Found a vulnerability in Huawei USG?
We are offering up to $75K for Huawei USG vulnerabilities!
Submit your findings today at and see how much your research is really worth 💸💸💸
11
28
350
Found a vulnerability in 7-Zip?
Submit your findings today at and get the BIG payouts you deserve 💰💰💰
8
49
360
New advisory is now out!
Find out how we exploited a Mimosa's Router web interface vulnerability to gain admin access.
1
37
313
During TyphoonCon CTF 2021, the Chrome challenge presented was one of our hardest challenges ever!
As Chrome vulnerabilities and bypasses could use better exposure, we're happy to present you with a challenge focused on how Chrome and its internal mechanisms work.
3
11
309
Found a vulnerability in VMware Workspace ONE?
Submit your findings today at and get the BIG payouts you deserve 💰💰💰
5
43
304
Our Weekly News Update is here!
Join us as we discuss the RCE found by Project Zero in Libgcrypt, the supply chain attack on NoxPlayer and North Korea's security researcher targeting campaign:
1
10
276
🚨 New advisory was just published! 🚨
A vulnerability in the way Linux handles the CLOCK_THREAD_CPUTIME_ID allows local attackers to reach a race condition and use this to elevate their privileges to root:
3
67
300
Our Weekly News Update is here!
This week we discuss the recent updates in North Korea's security researcher targeting, The Great Suspender extension being removed from the Google Store and CSRF vulnerabilities found on WP NextGen Gallery.
4
8
258
We are super excited to have reached 10,000 followers and to celebrate, we're giving away 10 custom SSD hoodies that will get you through winter in style! 🥳
To enter just retweet and leave a comment on this post.
357
303
286
Found a vulnerability in one of Brother’s printers?
Preauth RCE vulnerabilities are now in high demand!
Submit your findings today at 💰💰💰
3
37
290
Netgear Nighthawk vulnerabilities are now in high demand!
Found a vulnerability in one of Netgear’s Nighthawk devices?
Submit your findings today at and see how much your research is really worth 💸💸💸
1
29
282
New advisory is now out!
Roundcube is a browser-based IMAP client with an application-like UI.
Find out how we exploited a XSS vulnerability via an email we sent to an unsuspecting victim and managed to use JavaScript to steal the user’s inbox.
5
96
250
ASUS router vulnerabilities are now in high demand!
Found a pre-auth RCE vulnerability in one of ASUS routers?
Submit your findings today at and get the BIG payouts you deserve 💰💰💰
6
17
246
Found a vulnerability in Zimbra?
Submit your findings today at and see how much your research is really worth 💰💰💰
3
44
246
The new episode of Lil’ Bytes, a collection of advanced talks from leading security experts is here!
In our new episode, Ali Abdollahi (
@AliAbdollahi2
), a leading Information security consultant, shares his “Malware Mathematical Modeling talk”
3
22
234
New advisory is now out!
The Nighthawk R7000 is a popular Netgear router, with over 50,000 positive reviews on Amazon.
Find out how a vulnerability in NETGEAR R7000 allows an attacker to run arbitrary code without requiring authentication.
4
50
238
Found a vulnerability in Cisco AnyConnect?
Submit your findings today at and get the BIG payouts you deserve 💰💰💰
1
47
245
Foscam Wireless IP Cameras are the forefront of consumer wireless IP video, offering powerful, affordable technology.
We are on the lookout for IP Cameras experts. Know how to hack Foscam Cameras?
Reach out today and see what your research is worth!
6
7
223
New advisory is now out!
IBM AIX is a series of Unix OS, used for large enterprise server platforms.
Find out how a vulnerability in AIX's snmpd service allows an unauth attacker to trigger a stack overflow and run arbitrary code with root privileges.
2
38
209
New advisory is now out!
Find out how a vulnerability in Infinite WP's password reset mechanism allows an unauthenticated user to become authenticated and then carry out a Remote Code Execution.
1
12
197
pfSense Firewall vulnerabilities are now in high demand!
Found a vulnerability in pfSense Firewall?
Submit your findings today at and see how much your research is really worth 💸💸💸
2
46
235
🚨 New advisory was just published! 🚨
A vulnerability in Windows’s File History Service allows local users to gain elevated privileges on the Windows operating system:
4
47
219
🚨 New advisory was just published! 🚨
The NVMS9000 product by TVT has a critical security flaw that allows remote unauthenticated attackers a wealth of information on the device:
4
32
228
New advisory is now out!
TerraMaster Operating System is an OS designed for TNAS devices.
Find out how we exploited a TerraMaster OS unauth vulnerability and gained root access.
0
33
199
Looking for preauth remote code/command execution in vsFTPD!
Submit your findings today at and see how much your research is really worth 💸💸💸
2
22
219
New advisory is now out!
Find out how a chain of vulnerabilities in rConfig allows a remote unauthenticated user to gain ‘apache’ user access to the vulnerable rConfig installation.
2
45
194
New advisory is now out!
Find out how vulnerabilities in TG8 Firewall allows remote unauthenticated users to execute arbitrary code on the remote device as well as disclose the passwords of existing accounts:
2
24
185
We just hit another milestone. Thank you all for your support!
💎 We are always standing by to help you get the most out of your research.
8
26
178
Apache vulnerabilities are now in our scope!
Know how to run remote code execution in Apache HTTP Server?
Submit your vulnerability today at and see how much your research is really worth💸💸💸
3
36
190
New advisory is now out!
DD-WRT is a Linux OpenSource firmware, suitable for routers and embedded systems.
Find out how a vulnerability in DD-WRT allows an unauth attacker to overflow an internal buffer and trigger a code execution vulnerability.
1
44
176
Submit your findings quickly and discreetly and get the BIG payouts you deserve!
3
8
155
Have you seen our latest publication?
Windows Kernel PE:
QNAP QTS5 RCE:
5
15
188
Found a vulnerability in Pulse Connect Secure?
Submit your findings today at and get the BIG payouts you deserve 💰💰💰
2
25
194
Zabbix vulnerabilities are now in high demand!
Found a vulnerability in Zabbix?
Submit your findings today at and get the BIG payouts you deserve 💰💰💰
1
15
187
GRUB is a core feature of many OS. Finding a vulnerability in it is critical for many servers and desktops, making it a highly sought after target for our customers.
Found a GRUB vulnerability and looking for the highest payout for it?
Learn more at:
1
7
147
New advisory is now out!
Find out how a vulnerability in macOS Finder system allows remote attackers to trick users into running arbitrary commands.
9
58
169
DD-WRT is a Linux based IoT Operating system firmware and is considered a very challenging product to hack.
DD-WRT is now on our scope and we are looking for researchers to submit their findings and receive the credit and generous rewards they deserve!
3
6
151
We are all connected by something greater than InfoSec. Memes.
Comment on this post with your favorite cybersec / disclosure memes and we’ll select 2 winners by February 10th who’ll receive some awesome prizes.
14
10
163
New advisory is now out!
Ivanti Avalanche is a mobile device security management system.
Find out how a directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated users to access files that reside outside the ‘image’ folder
2
19
163
🚨 New advisory was just published! 🚨
A vulnerability in EdgeRouters's and AirCube's miniupnpd allows LAN attackers to cause the service to overflow an internal heap and potentially execute arbitrary code:
1
23
174
🚨 New advisory was just published! 🚨
A vulnerability in the way KerioConnect processes HTML attachments, allows an attacker to inject arbitrary JavaScript into an email and take full control over the victims’ mailbox:
0
24
164
New advisory is now out!
VoIPmonitor is an open source network packet sniffer with commercial frontend for Linux based SIP RTP and RTCP VoIP protocols.
Find out how a vulnerability in VoIPmonitor allows an unauth attacker to execute arbitrary code
1
23
148
🚨 New advisory was just published! 🚨
A buffer overflow in TP-Link ViGi onvif_discovery can be leveraged by a network-adjacent attacker to execute arbitrary code on the target as root:
2
20
162
🚨New advisory was just published!🚨
A vulnerability in Mozilla Firefox has been found to not show an executable file warning when downloading .atloc and .ftploc files, which can run commands on a user’s computer:
2
33
160
🚨 New advisory was just published! 🚨
IP.Board e-commerce plugin 'nexus' contains two security vulnerabilities that when combined can be used to trigger a pre-auth RCE:
1
25
161
🚨 New advisory was just published! 🚨
A vulnerability in TP-Link's TL-WR840N allows remote attackers to trigger a stack overflow vulnerability allowing remote attackers to cause a denial of service in httpd:
3
30
154
Found a vulnerability in Kaspersky Security Center?
Submit your findings today at and get the BIG payouts you deserve 💰💰💰
4
27
162
🚨 New advisory was just published! 🚨
A vulnerability in pfSense allows authenticated users to cause the product to execute arbitrary code - this in turn would allow an attacker to compromise the machine on which the pfSense is installed:
5
65
155
RFID locks are electronic radio frequency tags and readers, common in hotels where they are used as a contactless way to open door locks.
We are on the lookout for RFID experts. Know how to hack RFID locks? Reach out and see what your research is worth!
1
12
145
SSD Advisory – Oracle VirtualBox (
@virtualbox
) Multiple Guest to Host Escape Vulnerabilities
For more details:
1
165
153
Know how to perform RCE in Android OS?
Submit your findings today and get up to $80,000 in payouts!
Visit to see what your research is really worth 📲💰
1
33
147
Found a vulnerability in one of TP-Link’s routers?
We are offering up to $35K for TP-Link router exploits.
Submit your findings today at and get the BIG payouts you deserve 💰
3
17
149
🚨 New advisory is now out! 🚨
A vulnerability in SharePoint Server allows authenticated attackers that are able to create a site on the server to cause it to execute arbitrary code:
2
55
151
🚨 New advisory is now out! 🚨
Find out how multiple vulnerabilities in TOTOLink allows a LAN unauthenticated attacker to gain root access to the device
9
15
136
CTFs are information security competitions, offering a challenge for both novice and expert researchers, usually alongside large cash rewards.
Read our latest article: “What is a CTF and is it for you?”, learn how to get started and beat the competition.
0
3
143
🚨 New advisory was just published! 🚨
A vulnerability in TOTOLINK LR1200GB allows remote unauthenticated attackers to become authenticated due to a stack overflow vulnerability in the web interface:
1
30
150
TerraMaster vulnerabilities are now in high demand!
Found a vulnerability in TerraMaster?
Submit your findings today at and see how much your research is really worth 💸💸💸
3
7
149
Read our new blog piece on Chrome’s Ad Heavy Bypass Vulnerability and its potential repercussions for the community.
3
14
129
Found a vulnerability in ConnectWise?
Submit your findings today at and get the BIG payouts you deserve 💰💰💰
3
26
152
New advisory is now out!
Find out how an XSS in IP-Board can be leveraged into a remote code execution.
5
28
140
Our Weekly News Recap is here!
This week, we discuss five vulnerabilities found in Dell devices, a Rootkit infiltrating high profile firms, four plead guilty to aiding cybercriminals and our CVE of the week: RCE found in the universal Turing machine
1
7
132
New advisory is now out!
Find out how a vulnerability discovered in Samsung S10+/S9 kernel allows leaking of sensitive function address information
1
18
130
cPanel expert? Passionate about Plesk vulnerabilities?
We’re on the lookout for Web Hosting Control Panel researchers.
Submit your findings and get the BIG rewards and credit you deserve!
Learn more at
0
9
124
Found an RCE in WinRAR?
Submit your findings today at and get the BIG payouts you deserve 💰💰💰
2
9
147
🚨 New advisory was just published! 🚨
Security vulnerabilities in DIR-X4860 allow remote unauthenticated attackers that can access the HNAP port to gain elevated privileges and run commands as root:
1
27
142
Found a preauth RCE in one of LANCOM’s products?
Submit your findings today at and see how much your research is really worth 💸💸💸
2
16
141
Researching cPanel?
Submit a vulnerability today and get up to $120,000 in payouts 💰
Visit to see how much your research is really worth.
1
18
135
A new challenge is now live!
This challenge is a binary running inside a Docker with certain vulnerabilities in it!
First one to solve it (send a script that retrieves the flag to contact
@ssd
-disclosure.com) will win a $100 Amazon gift card!
Good luck!
3
8
124
Not sure where to take your research?
Learn more and join us at:
1
5
107
HP Printer vulnerabilities are now in our scope!
Found a pre-auth RCE vulnerability in one of HP’s printers?
Submit your findings today at and get the BIG payouts you deserve 💰💰💰
8
11
130
New advisory is now out!
Find out how the Chrome Ad-Heavy detection mechanism can be bypassed. Bypassing the mechanism would allow ads that are breaching the restrictions imposed by Chrome to still run:
4
19
120
Our security researcher community comes from all over the world. Get acquainted with some of the top security researchers out there, learn of their early careers, their motivation and what they believe the future holds.
Find out more in our blog:
1
5
117
New advisory is now out!
NetMotion Mobility is a secure platform for remote workers in mobile environments.
Find out how vulnerabilities in NetMotion Mobility allow an unauthenticated attacker to run arbitrary code on the server with SYSTEM privileges.
0
34
124
Found a vulnerability in Windows?
We are offering up to $70K for Windows PE & RCE!
Submit your findings today at and get the BIG payouts you deserve 💰💰💰
7
14
122
SSD Advisory – VirtualBox VRDP Guest-to-Host Escape -
1
91
129
SSD Advisory – iOS powerd Uninitialized Mach Message Reply to Sandbox Escape and Privilege Escalation
7
39
123
SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free
0
63
121
Know how to run commands on FortiGate Firewall?
We are offering up to $120,000 for FortiGate NGFW vulnerabilities!
Visit and see what your research is really worth🧐
2
23
118
UPNP Buffer Overflow in DD-WRT can trigger a code execution vulnerability 🖥️
Find out how in our new
#CVEDeepDive
episode, hosted by
@Zanidd
👇🏻
2
15
111
New advisory is now out!
The Nighthawk X8 AC5000 router is a popular device sold by Netgear with 2000+
positive reviews on Amazon.
Find out how we exploited an unauthenticated Netgear Nighthawk R8300 vulnerability and gained root access to the device.
1
29
115
XSS leveraged into an RCE? 🧐
Watch our IP Board XSS
#CVEDeepDive
, hosted by
@PinkDraconian
and see exactly how they did it:
👇🏻
1
18
112