NullSec Goes ARM64
NullSec Linux now runs on ARM64. Raspberry Pi 4/5, Apple Silicon via UTM, and AWS Graviton instances.
Why ARM64?
ARM is everywhere — Raspberry Pis for field work, Apple Silicon for daily driving, Graviton for cloud pentesting. An x86-only distro leaves too many use cases on the table.
Porting challenges
- Kernel config — ARM64 needs different hardening options (PAN, UAO, BTI, MTE)
- Tool compatibility — 12 of our 200+ tools had x86-only assembly; we patched or replaced them
- Wireless drivers — many USB WiFi chipset drivers needed ARM64 kernel module builds
- Lateralus compiler — the C99 backend worked out of the box (just recompile with ARM GCC)
Raspberry Pi support
We provide a pre-built SD card image for Pi 4 and Pi 5. It boots to Nullkia DE in under 15 seconds and includes all 200+ tools. GPIO access is available through Lateralus's FFI for hardware hacking projects.
Performance
On a Raspberry Pi 5, Lateralus programs compile 30% slower than on an equivalent x86 machine, but runtime performance is within 10%. hashcat and John the Ripper benchmarks are comparable thanks to NEON SIMD optimizations.
Apple Silicon support
Many security professionals daily-drive MacBooks. NullSec ARM64 runs beautifully on Apple Silicon via UTM (QEMU frontend for macOS):
- UTM gallery — we provide a pre-configured UTM package: download, double-click, boot. No QEMU flags to memorize.
- Rosetta integration — UTM's Rosetta support means x86 Linux binaries run at near-native speed. The 12 tools we couldn't natively port still work via Rosetta.
- Shared clipboard — SPICE guest agent provides seamless clipboard sharing between macOS and NullSec.
- USB passthrough — plug in a WiFi adapter or hardware hacking tool on the Mac side, pass it through to the VM for wireless pentesting.
Cloud deployment
NullSec ARM64 runs on ARM-based cloud instances for scalable, distributed pentesting:
// deploy-cloud-nodes.ltl
let regions = ["us-east-1", "eu-west-1", "ap-southeast-1"]
let nodes = regions
|> map(|region| {
aws::launch_instance(
region: region,
instance_type: "c7g.large", // Graviton3
ami: "ami-nullsec-arm64-v2",
security_group: "pentest-egress-only",
)
})
|> await_all()
// Distribute scanning across regions
let targets_per_node = targets |> chunks(targets.len() / nodes.len())
zip(nodes, targets_per_node)
|> map(|(node, chunk)| node.exec(scan_pipeline(chunk)))
|> await_all()
|> flatten()
|> merge_results()
|> to_report("distributed-scan-results.pdf")Graviton3 instances are 40% cheaper than equivalent x86 instances, and NullSec's ARM64 image is fully optimized for them.
Hardware hacking on Raspberry Pi
NullSec on Raspberry Pi isn't just for WiFi pentesting. The GPIO access through Lateralus opens up hardware hacking:
// gpio-spi-flash-dump.ltl
use std::gpio::{Spi, Pin}
let spi = Spi::open(bus: 0, device: 0, speed: 1_000_000)
// Read flash chip contents (e.g., router firmware extraction)
let firmware = spi.read(0x000000, length: 16 * 1024 * 1024) // 16 MB
firmware |> write_file("firmware-dump.bin")
// Analyze the dump
firmware
|> binwalk_scan()
|> filter(|entry| entry.description |> contains("filesystem"))
|> each(|fs| extract(firmware, fs.offset, "extracted/"))The Pi 5's GPIO runs at 3.3V, perfect for interfacing with UART, SPI, and JTAG ports on embedded devices. Combined with NullSec's forensics tools, you have a complete hardware pentesting workstation for under $100.
Cross-compilation
The Lateralus C99 backend makes cross-compilation trivial. Compile on your ARM64 NullSec box, target x86 for implant development:
$ lateralus build --target x86_64-linux payload.ltl
Compiling payload.ltl -> payload.c (C99)
Cross-compiling with x86_64-linux-gnu-gcc
Linking payload (x86_64, static, stripped)
Output: build/payload (42 KB)The same works in reverse — develop on x86, deploy to ARM targets. The C99 intermediate representation means any cross-compiler toolchain works.