NullSec Linux v2.0: Abyssal Release
After six months of development and extensive testing, NullSec Linux v2.0 "Abyssal" is ready. This release brings our custom Nullkia desktop environment, the Marshall privacy browser, the full Lateralus SDK, and 250+ security tools to the security community.
◉ What's New in v2.0
| Component | v1.x | v2.0 |
|---|---|---|
| Desktop | XFCE | Nullkia (custom) |
| Browser | Firefox hardened | Marshall (custom) |
| Kernel | 5.15 + patches | 6.8 + grsecurity |
| Lateralus | v0.3.0 | v1.5.0 |
| Security tools | 150+ | 250+ |
| Architectures | x86_64 | x86_64, aarch64 |
◉ Nullkia Desktop Environment
We built our own desktop. Why? XFCE was fine, but we wanted:
- Lower resource usage: Nullkia uses ~80MB RAM at idle vs XFCE's ~180MB
- Security focus: Every component audited, minimal attack surface
- Lateralus integration: Native pipeline support for automation
- Retro aesthetics: Because we like how it looks
Nullkia features:
- Wayland-native with X11 fallback
- Tiling window manager (i3-like keybindings)
- Integrated terminal emulator
- Status bar with system monitoring
- Workspace management
◉ Marshall Browser
Our privacy-first browser, built on Servo's rendering engine:
- No telemetry: Zero data collection, ever
- Tor integration: One-click onion routing
- Fingerprint resistance: Aggressive countermeasures
- Container tabs: Isolate sessions by context
- Built-in ad blocking: uBlock Origin-level filtering
See the Marshall announcement for technical details.
◉ Kernel Hardening
The 6.8 kernel ships with our hardening patch set:
# Key kernel options
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
CONFIG_INIT_ON_FREE_DEFAULT_ON=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_FORTIFY_SOURCE=y
CONFIG_STACKPROTECTOR_STRONG=y
CONFIG_RANDOMIZE_BASE=y
CONFIG_RANDOMIZE_MEMORY=y
CONFIG_CFI_CLANG=y # Control Flow Integrity
CONFIG_SHADOW_CALL_STACK=y # ARM64 only
CONFIG_UBSAN_BOUNDS=y # Undefined behavior checksPlus grsecurity patches for RBAC, ASLR improvements, and PaX features.
◉ Lateralus SDK v1.5.0
The Lateralus programming language is now a first-class citizen:
- lateralus compiler in PATH
- lateralus-lsp for IDE integration
- lateralus-dap for debugging
- Full stdlib including security modules
- 250 tool wrappers for pipeline integration
Example: automated recon pipeline
import security.nmap
import security.nikto
import security.nuclei
fn recon(target: str) {
let hosts = nmap.scan(target, "-sn")
hosts
|> filter(_.is_up)
|> map(fn(h) { nmap.scan(h.ip, "-sV -sC") })
|> flatten()
|> filter(fn(s) { s.service.contains("http") })
|> each(fn(s) {
println("Scanning " + s.host + ":" + str(s.port))
nikto.scan(s.host, s.port) |> report()
nuclei.scan(s.host + ":" + str(s.port)) |> report()
})
}◉ Tool Highlights
New tools in v2.0:
| Category | New Tools |
|---|---|
| Recon | subfinder, httpx, dnsx, katana |
| Web | nuclei, gau, waybackurls |
| Cloud | trivy, cloudsploit, pacu |
| Mobile | frida, objection, apktool |
| Forensics | plaso, velociraptor |
◉ ARM64 Support
NullSec v2.0 runs on ARM64:
- Raspberry Pi 4/5
- Apple M1/M2/M3 (via UTM/Parallels)
- AWS Graviton
- Pinebook Pro
All tools recompiled for ARM64. Same experience, different silicon.
◉ Installation
Three installation options:
- Live USB: Boot without installing. Full persistence support.
- Full install: Calamares installer, LUKS encryption, BTRFS snapshots.
- Docker:
docker pull badantics/nullsec:2.0
◉ Upgrade Path
From NullSec v1.x:
# Update package list
sudo apt update
# Full distribution upgrade
sudo apt full-upgrade
# Install Nullkia and Marshall
sudo apt install nullkia-desktop marshall-browser
# Reboot into v2.0
sudo rebootNote: XFCE remains available. apt install xfce4 if you prefer it.
◉ Breaking Changes
- Default shell changed from bash to zsh
- Some deprecated tools removed (see CHANGELOG)
- New kernel may require driver updates for exotic hardware
- Nullkia config in
~/.config/nullkia/, not~/.config/xfce4/
◉ Download
Get NullSec v2.0 at the downloads page:
- x86_64 ISO: 3.2 GB
- aarch64 ISO: 2.9 GB
- Docker image: 1.8 GB
SHA256 checksums and GPG signatures provided. Source at nullsec-linux.