Services Why Us Research FAQ About Get a Quote
Offensive Security · Research · Defense

Hack the system
before they do.

EterNull is an offensive security practice specializing in penetration testing, red team operations, and original vulnerability research. We break things so attackers can't.

Start an Engagement Read Research
0 CVEs Disclosed
0 Engagements
24/7 Monitoring
CVE-2024-3094 backdoor analyzed Pentest delivered · 0 criticals left open Red team op · domain admin in 6h EDR bypass research published 0-day responsibly disclosed NIS2 readiness · audit passed CVE-2024-3094 backdoor analyzed Pentest delivered · 0 criticals left open Red team op · domain admin in 6h EDR bypass research published 0-day responsibly disclosed NIS2 readiness · audit passed
What We Do

One team. Full-spectrum offense.

Every engagement is manual, adversarial, and built around your real threat model — not a checklist.

Live

Penetration Testing

Full-scope manual pentests across network, web apps, and cloud. We find what attackers find — then show you exactly how to close it.

Network · Web · Cloud
Research

Vulnerability Research

Original vulnerability discovery and responsible disclosure across modern attack surfaces, from kernel internals to cloud control planes.

0-day · CVE
Live

Red Team Operations

Goal-oriented adversary emulation that tests detection and response under realistic conditions, mapped to MITRE ATT&CK.

APT Emulation
Research

Security Review

Source code audits and architecture reviews with practical, prioritized hardening guidance your engineers can act on.

Code · Architecture
Live

Threat Intelligence

Breach monitoring, leaked-credential tracking, and attacker-infrastructure intel so you see threats before they reach you.

Monitoring
Research

Compliance & Awareness

Audit readiness, policy design, and security training that turns regulatory requirements into real, measurable resilience.

NIS2 · ISO 27001
0
CVEs Discovered
0
Engagements Delivered
0
Client Retention
0
Breaches On Our Watch
Why EterNull

Real attackers. Real results.

An operating standard for offensive work — not a tool you license, but operators you trust.

01

Manual, Not Automated

No scanner-and-PDF reports. Every finding is hand-verified by an operator with proof of exploitation.

02

Adversary Mindset

We think like the people who actually attack you — chaining low-severity issues into real compromise.

03

ATT&CK Aligned

Engagements are mapped to MITRE ATT&CK so your blue team gets actionable detection coverage.

04

Certified Operators

OSCP, OSEP, OSWE, CRTO, CPTS — credentials backed by active CTF and bug-bounty practice.

05

Clear Reporting

Executive summaries leadership understands, technical detail engineers can fix from. No filler.

06

Responsible Disclosure

We research and report real CVEs — the same rigor goes into protecting your environment.

Live Threat Landscape

Where attacks are concentrating

Aggregated from our engagements and research over the last 12 months. This is where defenders are losing ground — and where we focus.

Web Application Exploits 92%
Identity & Credential Abuse 84%
Phishing & Social Engineering 88%
Supply Chain Compromise 67%
Cloud Misconfiguration 73%
Knowledge Base

Latest research

Write-ups, CVE analysis, and tradecraft from real engagements.

CVE 2024-03-12

Exploiting Polkit (CVE-2021-3560): Race Condition to Root

Turning a subtle authentication race in Polkit into reliable local privilege escalation across major Linux distros.
Web 2024-02-28

HTTP Request Smuggling: Advanced Desync Techniques

Chaining CL.TE and TE.CL desyncs to bypass front-end controls and reach account takeover.
Red Team 2024-01-15

Bypassing EDR with Direct Syscalls in 2024

Why userland hooking still fails, and how operators sidestep it without tripping modern telemetry.
View All Research →
FAQ

Everything you should know

We start with scoping and rules of engagement, then move through reconnaissance, exploitation, and post-exploitation. You receive a detailed report with verified findings, proof of concept, and prioritized remediation — followed by a retest to confirm fixes.

Both. Every finding ships with concrete remediation guidance, and we offer hands-on support and retesting. The goal is a more secure system, not just a list of problems.

Yes. We operate under strict rules of engagement and NDAs, use isolated tooling, and coordinate any high-impact testing with you in advance. Nothing destructive happens without explicit sign-off.

OSCP, OSEP, OSWE, CRTO, CPTS, and CRTP, backed by active Hack The Box and HackerOne practice plus original CVE research.

It depends on scope, depth, and timeline. Reach out with a brief description of your environment and objectives and we will send a tailored quote.

Work With Us

Let's talk scope.

Tell us about your environment and objectives. We'll come back with a tailored plan, timeline, and quote — usually within one business day.

Email

contact@eternull.ink

Location

Genoa, Italy · Operating globally

Response

Encrypted comms available on request

Ready When You Are

Find your weaknesses
on your terms.

Better us than them. Book an engagement and see your environment the way an attacker does.

Get a Quote About EterNull
Security AI
Online
Ask me about offensive security, CVEs, methodology, or what EterNull can do for you.