01-24-2020 Today, we've release a new tool: lulzbuster. A very fast and smart web-dir/fileenumeration tool written in C for the lulz. Check out our tools/scanner section!By noptrix. 01-01-2020
Happy new year to all our visitors, friends and mates. 2018 is over andnullsecurity wishes you health, luck, creativity and new ideas in upcoming 2017.Stay tuned for some nice releases! By nullsecurity team. 12-12-2019 Release 1.4 of our Fasm AES library: Removed macros to decrease size by 7kb.Check out our tools/cryptography section! By belial 11-12-2019 A new release of our open source PE crypter Hyperion. Version 2.2 uses tinyAesinstead of the aes.dll blob. Furthermore, FasmAES moved to version 1.3 due tobugs in older versions. Check out our tools/binary section! 11-11-2019 Bugfix in our Fasm AES library. New Version 1.3. Check out our tools/cryptography section! By belial 10-07-2019 A new release of our open source PE crypter Hyperion. Version 2.1 got somemakefile cleanup. Check out our tools/binary section! 06-08-2019 A new release of our open source PE crypter Hyperion. Finally, version 2.0 supports64 bit binaries as well. C++ has been replaced by a more clean C implementation.More modular concept allows extension with custom payloads.Check out our tools/binary section! 04-11-2019 Release 1.2 of our Fasm AES library: Added 64 bit support. Check out our tools/cryptography section! By belial 03-22-2019 A new version of dnsspider (fast, async mulithreaded subdomain scanner) was released. Check out our tools/scanner section! 01-24-2019 Bugfix in our Fasm AES library: DLL now runs on Windows 10. Check out our tools/cryptography section! By belial 01-18-2019 We released a new tool: HashMaker - Evolutionary Algorithm to create hash algorithms. Check out our tools/cryptography section! By ZehMatt 01-01-2019 Happy new year to all our visitors, friends and mates. 2018 is over and nullsecurity wishes you health, luck, creativity and new ideas in upcoming 2017. Stay tuned for some nice releases! 07-01-2018 A new version of dnsspider (very fast, async mulithreaded subdomain scanner) is released. Check out our tools/scanner section! 02-10-2018 A new version of dnsspider (very fast, async mulithreaded subdomain scanner) is released. Check out our tools/scanner section! 01-18-2018 We updated our Arduino sketch genesis2amiga (adapter to connect sega gamepads to an amiga/c64). Now, it can emulate UP via second FIRE button. Check out our tools/misc section! 01-01-2018 Happy new year to all our visitors, friends and mates. 2017 is over and nullsecurity wishes you health, luck, creativity and new ideas in 2018. Stay tuned for some nice releases! 12-19-2017 We released shell script written with the purpose to automate jumps between boxes via ssh forgetting about IPs, Users, Ports and so on. Check out our tools/automation section! 05-10-2017 We released an Arduino sketch to build a Sega Genesis to Amiga game port adapter. Check out our tools/misc section! 03-26-2017 We released a new guide about how to buy a commodore amiga in the year 2017 and avoid several pitfalls. Check out our papers section! 01-01-2017 Happy new year to all our visitors, friends and mates. 2016 is over and nullsecurity wishes you health, luck, creativity and new ideas in upcoming 2017. Stay tuned for some nice releases! 10-08-2016 Today, we have released a new version of http-enum (an automated http enumeration tool). Check out our tools/scanner section! 08-12-2016 Today, we have released a FreePBX remote root 0day. Found and exploited by pgt. Check out our tools/exploit section! 05-31-2016 We have released a new version of dnsspider (a fast multithreaded subdomain bruterforcer). Check out our tools/scanner section! 05-10-2016 We released two Atari 2600 homebrews. First one supports lightguns. Downloads available in tools/misc section, additional information in belials blog. 01-01-2016 Happy new year to all our visitors, friends and mates. 2015 is over and nullsecurity wishes you health, luck, creativity and new ideas in upcoming 2016. Stay tuned for some nice releases! 11-16-2015 Today, we released a paper which covers homebrew cartridge and software development for the Nintendo Game Boy Classic. Check out our papers section! 11-01-2015 Happy birthday to nullsecurity! Greets to all visitors, friends and mates. Stay tuned for nice releases! 09-25-2015 A new version of our fast, multithreaded subdomain bruteforcer, dnsspider, has been released today. Check out our tools/scanner section! 06-23-2015 A new version of smalisca (a static code analysis tool for Smali files) has been released today by Cyneox. Check out our tools/scanner section! 05-18-2015 Belial finished his PhD thesis about computer science and is now a Doctor of Philosophy. Congratulations :) 04-07-2015 Today we released a new tool: smalisca - Static Code Analysis tool for Smali files. Check out our tools/scanner section! 03-16-2015 A new version of conscan (a blackbox vulnerability scanner for the concrete5 CMS) has been released today. Check out our tools/scanner section! 03-14-2015 A new version of our fast, multithreaded subdomain bruteforcer, dnsspider, has been released today. Check out our tools/scanner section! 02-18-2015 A new version of our PE runtime encrypter, hyperion, has been released today. Windows 8 and Windows 8.1 support has been added. Check out our tools/binary section! 02-01-2015 Today, we have created a nullsecurity organization on github. You can find all of our public releases there categorized in three main repositories: tools, advisories and papers. 01-01-2015 Happy new year to all our visitors, friends and mates. 2014 is over andnullsecurity wishes you health, luck, creativity and new ideas in upcoming 2015.Stay tuned for some nice releases! 12-22-2014 A new version of imhooktmpl.py (immunity API function hooking template) has been released by nrz. Check out our tools/reversing section! 11-05-2014 Happy birthday to nullsecurity! Greets to all visitors, friends and mates. Staytuned for nice releases! 10-30-2014 A paper about assembling and controling LED matrix has been released today.Enjoy reading it. Check out our papers section. 07-10-2014 A new version of conscan has been released! Check out our tools/scanner section! 05-13-2014 We released a new tool: netgrafio. Aimed at visualizing (network) data. Itprovides more or less tools and libraries to visualize your data regardless ofits type. Thanks to Cyneox. Check out our tools/misc section! 05-09-2014 A new release of our open source PE crypter Hyperion. Code base has been cleanedup to decrease size and increase maintainability. Furthermore, a new command lineallows enabling/disabling of logging and verbose informations. Key space can bereduced too which speeds up the bruteforcing process for larger input files.Next stop will be AV evasion to reduce detection rate. So stay tuned for newreleases. Check out our tools/binary section! 04-10-2014 We just came up with a new version of dnsspider. Our very fast multithreaded dnssubdomain scanner. Check out our tools/scanner section! 04-10-2014
Today we released sn00p, our automation framework for security tests and tools.It is recommended to read the man page before using it. We also releasedconscan, a blackbox vulnerability scanner for the concrete5 CMS. Check out ourtools/automation and tools/scanner sections! 03-31-2014 We just released immhooktmpl.py, a nice template for function hooking whilereversing with immunity debugger. Check out our tools/reversing section! 02-27-2014 A new version of against.py (mass scanning and brute-forcing script for ssh) hasbeen released today. Check out our tools/cracker section! 01-04-2014 A simple trainer, which patches 'The Legend of Zelda' for Famicom/NES has beenreleased today. Check out our tools/misc section! 01-01-2014 Happy new year to all our visitors, friends and mates. 2013 is over andnullsecurity wishes you health, luck, creativity and new ideas in upcoming 2014.Stay tuned for some nice releases! 12-28-2013 Nullsecurity is an official supporter and mirror ofBlackArch Linux, which is alightweight expansion to Arch Linux for penetration testers with over 600 tools! 11-06-2013 We just released an advisory about an error based SQL injection in microweber. Check out our advisories section! 11-02-2013 We just released new version of ap-unlock, our version of remote code executionexploit for apache+php through php-cgi. Check out our tools/exploit section! 11-01-2013 Happy birthday to nullsecurity! Nullsecurity.net turns 2, w00t w00t! 10-30-2013 Check out our tools/exploit section! We just released new version of ap-unlock.py,our version of remote code execution exploit for apache+php through php-cgi 10-29-2013 We just released ap-unlock.py, our version of remote code execution exploit forapache+php through php-cgi. Check out our tools/exploit section! 10-17-2013 A new tool, mbr_store has been released by atzeton today. This tool stores up to426 bytes in the MBR's bootloader code section of unused devices such as usbdrivers, hrd disks (which are not supposed to boot) and other media... Checkout our advisories section! 10-17-2013 A new version of hwk has been released by atzeton today. hwk is an easy-to-usewireless authentication and deauthentication tool. Furthermore, it also supportsprobe response fuzzing, beacon injection flooding, antenna alignment and variousinjection testing modes. Check out our tools/wireless section! 10-09-2013 A new version of u3-pwn has been released by Zy0d0x today. U3-pwn is a tooldesigned to automate injecting executables to Sandisk smart usb devices withdefault U3 software install. Check out our tools/backdoor section! 09-02-2013 A little helper script, ssl-crack.sh, has been added in our cracker section. Itreveals the password for the RSA encrypted private SSL/SSH key. 08-29-2013 We have added a new category called 'automation' under our tools section.There, you will find our first release, wnmap. It is a modular automation and wrapperscript written for nmap. Check it out! Also, stay tuned for some nice releases soon. 07-07-2013 A new version of ripdc.sh has been released in our scanner section. It is areverse ip domain checker and uses yougetsignal.com to map the given target.Very useful. Enjoy! 06-26-2013 Hello b0yz and g1rls! We just released against.py, which is a mass scanning andbrute-forcing script for ssh daemons. See cracker section. Enjoy! 06-05-2013 Yes, we are alive! Expect some nice releases soon! Also, a lame script forreverse ip address domain checker has been published. See scanner section. 12-31-2012 Happy new year to all our visitors, friends and mates. 2012 is over andnullsecurity wishes you health, luck, creativity and new ideas in upcoming 2013. 12-24-2012 Happy x-mas to all our visitors, friends and mates. Enjoy your holidays! 12-13-2012 We released a new paper (nullsec-net-crypter.pdf), which discusses ideas ofadvanced runtime encryption of .NET executables. See papers section and enjoyreading it! Thank you, belial! 11-01-2012 Hooray, nullsecurity gets one year older. Happy birthday to nullsecurity! 10-06-2012 Today, a 64bit Mac OS-X kernel rootkit has been released by prdelka. Itsupports: multiple kernel versions, give root privileges, hide files / folders,hide process, hide user from 'who'/'w', hide network port, sysctl interface foruserland control, execute a binary with root privileges via magic ICMP ping.See backdoor section. 08-18-2012 Today, we released a new version of dnsspider. A very fast multithreadedsubdomain bruteforcer. See scanner section. 07-22-2012 We just finalized our website and updated news section, which will be used topresent you fully news about new releases or even blog posts in a better way.Stay tuned! 07-04-2012 U3-Pwn has been released. A tool designed to automate injecting executables toSandisk smart usb devices. 06-22-2012 Presentation video for PE Crypter has been added. 05-25-2012 Presentation and source code of Hyperion has been released today. 05-09-2012 A paper about runtime PE files encryption: nullsec-pe-crypter.pdf has beenreleased. 04-29-2012 We released a log cleaner for Linux: ropeadope.py. Enjoy! 04-15-2012 A nice paper about Address Space Layout Randomization and bypassing of ASLRhas been published today. 03-25-2012 Today we released a fuzzing tool: tftp-fuzz.py. It is specialized for TFTPservers. 03-04-2012 Released an advisory and exploit for EasyFTP server. Check out our advisorysection. 02-13-2012 A really nice release by belial: fasmaes - AES Implementation for Flat Assembler(FASM). Enjoy! 02-08-2012 Today we released a nice tool: trixd00r, an advanced and invisible TCP/IP baseduserland backdoor. Also, we released a demonstration video for trixd00r. 01-28-2012 We just released another fuzzing tool: ftp-fuzz.py. It is specialized for FTP servers. 01-17-2012 Released an universal fuzzing tool: uniofuzz.py. Also, there is a demonstration video for uniofuzz.py, which youcan find in our video section. 01-09-2012 Added an advisory for WorldMail 3.0 IMAPD SEH overflow. A working exploit is included. 01-10-2012 As you can see, our new design went online. Stay tuned for some nice releases! 01-01-2012 Happy new year to all! 12-24-2011 Merry Christmas to all! 11-16-2011 Added new video 'Kioptrix level 3 solution'. 11-15-2011 Added hwk_0.3.2.tar.gz - a wireless penetration/flooding application. 11-14-2011 Added another video 'Forensik in virtuellen Welten' (german). Enjoy! 11-14-2011 Added a new video 'Hijacking Execution Flows'. Enjoy! 11-06-2011 Created videos section and added 15 videos. 11-05-2011 Added an X11 keylogger for UNIX. 11-03-2011 Added dnsgoblin.c - a DNS server gathering tool. 11-03-2011 Added sshtrix-0.0.2 - a very fast multithreaded SSH login cracker for SSHv1 and SSHv2. 11-03-2011 Added 3 shellcodes for Linux. 11-03-2011 Added one advisory for Google Chrome. 11-03-2011 Added another Opera advisory. 11-03-2011 Added dnsdrdos.c - proof of concept code for DNS distributed reflected DoS. 11-03-2011 Added dnsspider-0.3.py - a very fast subdomain bruteforcer. 11-03-2011 Added one advisory for Opera. 11-03-2011 Added one advisory for AudioCrusher. 11-03-2011 Added one advisory for Adium. 11-03-2011 Added two advisories for ICQ. 11-03-2011 Added two advisories for Skype. 11-01-2011 Our website went online.