Nullt3r

@[email protected]
321 Followers
199 Following
141 Posts
hacker, tinkerer
Githubhttps://github.com/nullt3r
Substackhttps://safemode.substack.com
Nullt3rFeb 20
I have read through the curl vulnerability reports... poor guy. Everything is AI slop, including the discussion. Fuck these people.
Nullt3rFeb 19
lmao, wonder if the account still works, also good job censoring stuff
Nullt3rFeb 19
Hire this kid. I am serious. Someone emailed to Epstein about Sabu.
Nullt3rFeb 17
this is similar to cpu attacks but so high level: side-channel attacks against LLMs https://www.schneier.com/blog/archives/2026/02/side-channel-attacks-against-llms.html
Side-Channel Attacks Against LLMs - Schneier on Security

Here are three papers describing different side-channel attacks against LLMs. “Remote Timing Attacks on Efficient Language Model Inference“: Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case) efficiency of language model generation. But these techniques introduce data-dependent timing characteristics. We show it is possible to exploit these timing differences to mount a timing attack. By monitoring the (encrypted) network traffic between a victim user and a remote language model, we can learn information about the content of messages by noting when responses are faster or slower. With complete black-box access, on open source systems we show how it is possible to learn the topic of a user’s conversation (e.g., medical advice vs. coding assistance) with 90%+ precision, and on production systems like OpenAI’s ChatGPT and Anthropic’s Claude we can distinguish between specific messages or infer the user’s language. We further show that an active adversary can leverage a boosting attack to recover PII placed in messages (e.g., phone numbers or credit card numbers) for open source systems. We conclude with potential defenses and directions for future work...

Schneier on Security
Nullt3rFeb 17
after nearly 4 years, I have finally released massmap (JFScan successor): https://github.com/nullt3r/massmap
GitHub - nullt3r/massmap: If masscan and nmap had a baby

If masscan and nmap had a baby. Contribute to nullt3r/massmap development by creating an account on GitHub.

GitHub
Nullt3rApr 17, 2025
Deviant OllamApr 17, 2025

Thank you to everybody who sent me the news stories and posts about the hacked crosswalk buttons in Silicon Valley and Seattle. Maybe we'll see them elsewhere, too, soon? I'm betting there may be other cities whose DOT chose weak passwords for systems like this.

If you haven't heard what's up, I did a super short video about this...

https://www.youtube.com/watch?v=woQEJ_fY8Mw

The Crosswalk Button Hack News Story

YouTube
Nullt3rApr 17, 2025
Practical HTTPS Interception https://blog.thc.org/practical-https-interception
Practical HTTPS Interception

TL;DR: An attacker can trick Let's Encrypt (LE) to issue new TLS certificates for any domain that the attacker intercepts traffic for. The attacker can then decrypt the TLS traffic. This one thing that TLS is supposed to prevent from happening. The f...

The Hacker's Choice
Nullt3rApr 17, 2025
Is anyone actually using Burp AI? It seems like a feature added just in case the models become more useful in the future.
Nullt3rApr 17, 2025
For all my junior colleagues
Nullt3rSep 19, 2024

Updated the list of open-source reporting tools:

Do you know more?

GitHub - blacklanternsecurity/writehat: A pentest reporting tool written in Python. Free yourself from Microsoft Word.

A pentest reporting tool written in Python. Free yourself from Microsoft Word. - blacklanternsecurity/writehat

GitHub