ZeroNvll is an offensive security research hub - application and hardware security, 0day discovery, and exploit development. We break things, prove the break, and publish what survives review.
Latest advisory
Karna WAF Body-Parser Desync Bypass - a single Content-Type parameter desyncs Karna's body parser, slipping body-based attacks past every Paranoia Level. Read the write-up → Karna-WAF-Body-Parser-Desync-Bypass