Hack the system
before they do.
EterNull is an offensive security practice specializing in penetration testing, red team operations, and original vulnerability research. We break things so attackers can't.
One team. Full-spectrum offense.
Every engagement is manual, adversarial, and built around your real threat model — not a checklist.
Penetration Testing
Full-scope manual pentests across network, web apps, and cloud. We find what attackers find — then show you exactly how to close it.
Network · Web · CloudVulnerability Research
Original vulnerability discovery and responsible disclosure across modern attack surfaces, from kernel internals to cloud control planes.
0-day · CVERed Team Operations
Goal-oriented adversary emulation that tests detection and response under realistic conditions, mapped to MITRE ATT&CK.
APT EmulationSecurity Review
Source code audits and architecture reviews with practical, prioritized hardening guidance your engineers can act on.
Code · ArchitectureThreat Intelligence
Breach monitoring, leaked-credential tracking, and attacker-infrastructure intel so you see threats before they reach you.
MonitoringCompliance & Awareness
Audit readiness, policy design, and security training that turns regulatory requirements into real, measurable resilience.
NIS2 · ISO 27001Real attackers. Real results.
An operating standard for offensive work — not a tool you license, but operators you trust.
Manual, Not Automated
No scanner-and-PDF reports. Every finding is hand-verified by an operator with proof of exploitation.
Adversary Mindset
We think like the people who actually attack you — chaining low-severity issues into real compromise.
ATT&CK Aligned
Engagements are mapped to MITRE ATT&CK so your blue team gets actionable detection coverage.
Certified Operators
OSCP, OSEP, OSWE, CRTO, CPTS — credentials backed by active CTF and bug-bounty practice.
Clear Reporting
Executive summaries leadership understands, technical detail engineers can fix from. No filler.
Responsible Disclosure
We research and report real CVEs — the same rigor goes into protecting your environment.
Where attacks are concentrating
Aggregated from our engagements and research over the last 12 months. This is where defenders are losing ground — and where we focus.
Latest research
Write-ups, CVE analysis, and tradecraft from real engagements.
Exploiting Polkit (CVE-2021-3560): Race Condition to Root
Turning a subtle authentication race in Polkit into reliable local privilege escalation across major Linux distros.
HTTP Request Smuggling: Advanced Desync Techniques
Chaining CL.TE and TE.CL desyncs to bypass front-end controls and reach account takeover.
Bypassing EDR with Direct Syscalls in 2024
Why userland hooking still fails, and how operators sidestep it without tripping modern telemetry.
Everything you should know
We start with scoping and rules of engagement, then move through reconnaissance, exploitation, and post-exploitation. You receive a detailed report with verified findings, proof of concept, and prioritized remediation — followed by a retest to confirm fixes.
Both. Every finding ships with concrete remediation guidance, and we offer hands-on support and retesting. The goal is a more secure system, not just a list of problems.
Yes. We operate under strict rules of engagement and NDAs, use isolated tooling, and coordinate any high-impact testing with you in advance. Nothing destructive happens without explicit sign-off.
OSCP, OSEP, OSWE, CRTO, CPTS, and CRTP, backed by active Hack The Box and HackerOne practice plus original CVE research.
It depends on scope, depth, and timeline. Reach out with a brief description of your environment and objectives and we will send a tailored quote.
Let's talk scope.
Tell us about your environment and objectives. We'll come back with a tailored plan, timeline, and quote — usually within one business day.
Location
Genoa, Italy · Operating globally
Response
Encrypted comms available on request
Find your weaknesses
on your terms.
Better us than them. Book an engagement and see your environment the way an attacker does.
