April 2026 · 9 min read

Introducing NullSec Linux v2.0

NullSec Linux v2.0 "Abyssal" is a complete rebuild. New base (Arch), new DE (Nullkia), new browser (Marshall), 200+ curated security tools, and the full Lateralus development environment.

What's new in v2.0

• Arch base — rolling releases, AUR access, leaner packages
• Nullkia DE — our custom Lateralus-based desktop, under 50 MB RAM
• Marshall browser — zero-telemetry, built-in ad blocking, Tor integration
• 200+ tools — curated, tested, and categorized for pentesting workflows
• Lateralus SDK — compiler, REPL, VS Code extension, and full standard library
• Hardened kernel — lockdown LSM, KASLR, restricted BPF, stack protectors

Tool categories

All 200+ tools are organized into pipeline-friendly categories:

• Recon — nmap, masscan, amass, subfinder
• Web — Burp Suite, SQLMap, ffuf, nuclei
• Wireless — aircrack-ng, bettercap, wifite
• Exploit — Metasploit, searchsploit, pwntools
• Forensics — Autopsy, Volatility, binwalk
• Crypto — hashcat, John the Ripper, CyberChef

Download

ISO images for x86_64 and ARM64 are available on the download page. SHA-256 checksums are signed with our GPG key.

Lateralus SDK integration

NullSec v2.0 ships with the full Lateralus development environment pre-installed and configured:

• lateralus compiler v0.5.0 with all standard library modules
• lpm package manager with the official registry pre-configured
• ltl-repl interactive REPL with tab completion and syntax highlighting
• VS Code with the Lateralus extension (syntax, snippets, debugger, pipeline visualizer)
• Full offline documentation at /usr/share/doc/lateralus/

The SDK is integrated into the system PATH and shell completions out of the box. Open a terminal, type lateralus hello.ltl, and it compiles. No setup, no configuration, no dependency hunting.

Nullkia desktop environment

v2.0 replaces XFCE with Nullkia, our custom Lateralus-powered desktop. It's purpose-built for security work:

• Tiling mode — Super+Enter spawns a terminal, Super+1-9 switches workspaces, windows tile automatically in a BSP layout
• Pipeline widgets — every status bar item (battery, network, CPU, clock) is a Lateralus pipeline you can inspect and modify
• 38 MB idle — compared to 200+ MB for GNOME, leaving more RAM for tools like hashcat and Burp Suite
• Quick-launch — Super+Space opens a fuzzy-finder over all 200+ tools, categorized by engagement phase

Security-first defaults

Out of the box, NullSec v2.0 ships with hardened defaults that most distros leave for the user to configure:

# Firewall: deny all inbound by default
sudo nft list ruleset
# table inet nullsec_fw {
#     chain input { type filter hook input priority 0; policy drop; }
#     chain output { type filter hook output priority 0; policy accept; }
# }

# DNS: encrypted by default
cat /etc/systemd/resolved.conf.d/nullsec.conf
# [Resolve]
# DNS=9.9.9.9#dns.quad9.net
# DNSOverTLS=yes

# MAC randomization on all interfaces
cat /etc/NetworkManager/conf.d/nullsec-mac.conf
# [connection]
# wifi.cloned-mac-address=random
# ethernet.cloned-mac-address=random

Installation options

NullSec v2.0 supports three installation modes:

• Live USB — boot from USB with full persistence support. All data encrypted with LUKS. Ideal for field work where you need to leave no trace on the host machine.
• Full install — standard disk installation with guided partitioning, LUKS full-disk encryption, and choice of ext4 or btrfs (with automatic snapshots).
• VM image — pre-built QCOW2 and VMDK images for QEMU/KVM, VirtualBox, and VMware. Configured with optimal settings for pentesting (bridged networking, USB passthrough for WiFi adapters).

All images are signed with our GPG key (0xDEAD1337CAFE) and include SHA-256 checksums. Verify before you burn:

gpg --verify nullsec-2.0-x86_64.iso.sig
sha256sum -c nullsec-2.0-x86_64.iso.sha256