A new version of conscan (a blackbox vulnerability scanner for the concrete5 CMS) has been released today. Check out our tools/scanner section!
A new version of our fast, multithreaded subdomain bruteforcer, dnsspider, has been released today. Check out our tools/scanner section!
A new version of our PE runtime encrypter, hyperion, has been released today. Windows 8 and Windows 8.1 support has been added. Check out our tools/binary section!
Today, we have created a nullsecurity organization on github. You can find all of our public releases there categorized in three main repositories: tools, advisories and papers.
Happy new year to all our visitors, friends and mates. 2014 is over and nullsecurity wishes you health, luck, creativity and new ideas in upcoming 2015. Stay tuned for some nice releases!
A new version of imhooktmpl.py (immunity API function hooking template) has been released by nrz. Check out our tools/reversing section!
Happy birthday to nullsecurity! Greets to all visitors, friends and mates. Stay tuned for nice releases!
A paper about assembling and controling LED matrix has been released today. Enjoy reading it. Check out our papers section.
A new version of conscan has been released! Check out our tools/scanner section!
We released a new tool: netgrafio. Aimed at visualizing (network) data. It provides more or less tools and libraries to visualize your data regardless of its type. Thanks to Cyneox. Check out our tools/misc section!
A new release of our open source PE crypter Hyperion. Code base has been cleaned up to decrease size and increase maintainability. Furthermore, a new command line allows enabling/disabling of logging and verbose informations. Key space can be reduced too which speeds up the bruteforcing process for larger input files. Next stop will be AV evasion to reduce detection rate. So stay tuned for new releases. Check out our tools/binary section!
We just came up with a new version of dnsspider. Our very fast multithreaded dns subdomain scanner. Check out our tools/scanner section!
Today we released sn00p, our automation framework for security tests and tools. It is recommended to read the man page before using it. We also released conscan, a blackbox vulnerability scanner for the concrete5 CMS. Check out our tools/automation and tools/scanner sections!
We just released immhooktmpl.py, a nice template for function hooking while reversing with immunity debugger. Check out our tools/reversing section!
A new version of against.py (mass scanning and brute-forcing script for ssh) has been released today. Check out our tools/cracker section!
A simple trainer, which patches "The Legend of Zelda" for Famicom/NES has been released today. Check out our tools/misc section!
Happy new year to all our visitors, friends and mates. 2013 is over and nullsecurity wishes you health, luck, creativity and new ideas in upcoming 2014. Stay tuned for some nice releases!
Nullsecurity is an official supporter and mirror of BlackArch Linux, which is a lightweight expansion to Arch Linux for penetration testers with over 600 tools!
We just released an advisory about an error based SQL injection in microweber. Check out our advisories section!
We just released new version of ap-unlock, our version of remote code execution exploit for apache+php through php-cgi. Check out our tools/exploit section!
Happy birthday to nullsecurity! Nullsecurity.net turns 2, w00t w00t!
Check out our tools/exploit section! We just released new version of ap-unlock.py, our version of remote code execution exploit for apache+php through php-cgi
We just released ap-unlock.py, our version of remote code execution exploit for apache+php through php-cgi. Check out our tools/exploit section!
A new tool, mbr_store has been released by atzeton today. This tool stores up to 426 bytes in the MBR's bootloader code section of unused devices such as usb drivers, hrd disks (which are not supposed to boot) and other media... Check out our advisories section!
A new version of hwk has been released by atzeton today. hwk is an easy-to-use wireless authentication and deauthentication tool. Furthermore, it also supports probe response fuzzing, beacon injection flooding, antenna alignment and various injection testing modes. Check out our tools/wireless section!
A new version of u3-pwn has been released by Zy0d0x today. U3-pwn is a tool designed to automate injecting executables to Sandisk smart usb devices with default U3 software install. Check out our tools/backdoor section!
A little helper script, ssl-crack.sh, has been added in our cracker section. It reveals the password for the RSA encrypted private SSL/SSH key.
We have added a new category called 'automation' under our tools section. There, you will find our first release, wnmap. It is a modular automation and wrapper script written for nmap. Check it out! Also, stay tuned for some nice releases soon.
A new version of ripdc.sh has been released in our scanner section. It is a reverse ip domain checker and uses yougetsignal.com to map the given target. Very useful. Enjoy!
Hello b0yz and g1rls! We just released against.py, which is a mass scanning and brute-forcing script for ssh daemons. See cracker section. Enjoy!
Yes, we are alive! Expect some nice releases soon! Also, a lame script for reverse ip address domain checker has been published. See scanner section.
Happy new year to all our visitors, friends and mates. 2012 is over and nullsecurity wishes you health, luck, creativity and new ideas in upcoming 2013.
Happy x-mas to all our visitors, friends and mates. Enjoy your holidays!
We released a new paper (nullsec-net-crypter.pdf), which discusses ideas of advanced runtime encryption of .NET executables. See papers section and enjoy reading it! Thank you, belial!
Hooray, nullsecurity gets one year older. Happy birthday to nullsecurity!
Today, a 64bit Mac OS-X kernel rootkit has been released by prdelka. It supports: multiple kernel versions, give root privileges, hide files / folders, hide process, hide user from 'who'/'w', hide network port, sysctl interface for userland control, execute a binary with root privileges via magic ICMP ping. See backdoor section.
Today, we released a new version of dnsspider. A very fast multithreaded subdomain bruteforcer. See scanner section.
We just finalized our website and updated news section, which will be used to present you fully news about new releases or even blog posts in a better way. Stay tuned!
U3-Pwn has been released. A tool designed to automate injecting executables to Sandisk smart usb devices.
Presentation video for PE Crypter has been added.
Presentation and source code of Hyperion has been released today.
A paper about runtime PE files encryption: nullsec-pe-crypter.pdf has been released.
We released a log cleaner for Linux: ropeadope.py. Enjoy!
A nice paper about Address Space Layout Randomization and bypassing of ASLR has been published today.
Today we released a fuzzing tool: tftp-fuzz.py. It is specialized for TFTP servers.
Released an advisory and exploit for EasyFTP server. Check out our advisory section.
A really nice release by belial: fasmaes - AES Implementation for Flat Assembler (FASM). Enjoy!
Today we released a nice tool: trixd00r, an advanced and invisible TCP/IP based userland backdoor. Also, we released a demonstration video for trixd00r.
We just released another fuzzing tool: ftp-fuzz.py. It is specialized for FTP servers.
Released an universal fuzzing tool: uniofuzz.py. Also, there is a demonstration video for uniofuzz.py, which you can find in our video section.
Added an advisory for WorldMail 3.0 IMAPD SEH overflow. A working exploit is included.
As you can see, our new design went online. Stay tuned for some nice releases!
Happy new year to all!
Merry Christmas to all!
Added new video "Kioptrix level 3 solution".
Added hwk_0.3.2.tar.gz - a wireless penetration/flooding application.
Added another video "Forensik in virtuellen Welten" (german). Enjoy!
Added a new video "Hijacking Execution Flows". Enjoy!
Created videos section and added 15 videos.
Added an X11 keylogger for UNIX.
Added dnsgoblin.c - a DNS server gathering tool.
Added sshtrix-0.0.2 - a very fast multithreaded SSH login cracker for SSHv1 and SSHv2.
Added 3 shellcodes for Linux.
Added one advisory for Google Chrome.
Added another Opera advisory.
Added dnsdrdos.c - proof of concept code for DNS distributed reflected DoS.
Added dnsspider-0.3.py - a very fast subdomain bruteforcer.
Added one advisory for Opera.
Added one advisory for AudioCrusher.
Added one advisory for Adium.
Added two advisories for ICQ.
Added two advisories for Skype.
Our website went online.