Check out our advisories section! We just released an advisory about an error based SQL injection in microweber. [...]
Check out our tools/exploit section! We just released new version of ap-unlock, our version of remote code execution exploit for apache+php through php-cgi [...]
Happy birthday to nullsecurity! Nullsecurity.net turns 2, w00t w00t!
Check out our tools/exploit section! We just released new version of ap-unlock.py, our version of remote code execution exploit for apache+php through php-cgi [...]
Check out our tools/exploit section! We just released ap-unlock.py, our version of remote code execution exploit for apache+php through php-cgi [...]
Check out our tools/backdoor section! A new tool, mbr_store has been released by atzeton today. This tool stores up to 426 bytes in the MBR's bootloader code section of unused devices such as usb drivers, hrd disks (which are not supposed to boot) and other media [...]
Check out our tools/wireless section! A new version of hwk has been released by atzeton today. hwk is an easy-to-use wireless authentication and deauthentication tool. Furthermore, it also supports probe response fuzzing, beacon injection flooding, antenna alignment and various injection testing modes [...]
Check out our tools/backdoor section! A new version of u3-pwn has been released by Zy0d0x today. U3-pwn is a tool designed to automate injecting executables to Sandisk smart usb devices with default U3 software install [...]
A little helper script, ssl-crack.sh, has been added in our cracker section. It reveals the password for the RSA encrypted private SSL/SSH key.
We have added a new category called 'automation' under our tools section. There, you will find our first release, wnmap. It is a modular automation and wrapper script written for nmap. Check it out! Also, stay tuned for some nice releases soon.
A new version of ripdc.sh has been released in our scanner section. It is a reverse ip domain checker and uses yougetsignal.com to map the given target. Very useful. Enjoy!
Hello b0yz and g1rls! We just released against.py, which is a mass scanning and brute-forcing script for ssh daemons. See cracker section. Enjoy!
Yes, we are alive! Expect some nice releases soon! Also, a lame script for reverse ip address domain checker has been published. See scanner section.
Happy new year to all our visitors, friends and mates. 2012 is over and nullsecurity wishes you health, luck, creativity and new ideas in upcoming 2013.
Happy x-mas to all our visitors, friends and mates. Enjoy your holidays!
We released a new paper (nullsec-net-crypter.pdf), which discusses ideas of advanced runtime encryption of .NET executables. See papers section and enjoy reading it! Thank you, belial!
Hooray, nullsecurity gets one year older. Happy birthday to nullsecurity!
Today, a 64bit Mac OS-X kernel rootkit has been released by prdelka. It supports: multiple kernel versions, give root privileges, hide files / folders, hide process, hide user from 'who'/'w', hide network port, sysctl interface for userland control, execute a binary with root privileges via magic ICMP ping. See backdoor section.
Today, we released a new version of dnsspider. A very fast multithreaded subdomain bruteforcer. See scanner section.
We just finalized our website and updated news section, which will be used to present you fully news about new releases or even blog posts in a better way. Stay tuned!
U3-Pwn has been released. A tool designed to automate injecting executables to Sandisk smart usb devices.
Presentation video for PE Crypter has been added.
Presentation and source code of Hyperion has been released today.
A paper about runtime PE files encryption: nullsec-pe-crypter.pdf has been released.
We released a log cleaner for Linux: ropeadope.py. Enjoy!
A nice paper about Address Space Layout Randomization and bypassing of ASLR has been published today.
Today we released a fuzzing tool: tftp-fuzz.py. It is specialized for TFTP servers.
Released an advisory and exploit for EasyFTP server. Check out our advisory section.
A really nice release by belial: fasmaes - AES Implementation for Flat Assembler (FASM). Enjoy!
Today we released a nice tool: trixd00r, an advanced and invisible TCP/IP based userland backdoor. Also, we released a demonstration video for trixd00r.
We just released another fuzzing tool: ftp-fuzz.py. It is specialized for FTP servers.
Released an universal fuzzing tool: uniofuzz.py. Also, there is a demonstration video for uniofuzz.py, which you can find in our video section.
Added an advisory for WorldMail 3.0 IMAPD SEH overflow. A working exploit is included.
As you can see, our new design went online. Stay tuned for some nice releases!
Happy new year to all!
Merry Christmas to all!
Added new video "Kioptrix level 3 solution".
Added hwk_0.3.2.tar.gz - a wireless penetration/flooding application.
Added another video "Forensik in virtuellen Welten" (german). Enjoy!
Added a new video "Hijacking Execution Flows". Enjoy!
Created videos section and added 15 videos.
Added an X11 keylogger for UNIX.
Added dnsgoblin.c - a DNS server gathering tool.
Added sshtrix-0.0.2 - a very fast multithreaded SSH login cracker for SSHv1 and SSHv2.
Added 3 shellcodes for Linux.
Added one advisory for Google Chrome.
Added another Opera advisory.
Added dnsdrdos.c - proof of concept code for DNS distributed reflected DoS.
Added dnsspider-0.3.py - a very fast subdomain bruteforcer.
Added one advisory for Opera.
Added one advisory for AudioCrusher.
Added one advisory for Adium.
Added two advisories for ICQ.
Added two advisories for Skype.
Our website went online.