[Canvas] CANVAS 6.87 Release Movie
Alex McGeorge
alexm at immunityinc.com
Tue Jun 4 12:49:48 EDT 2013
Aloha List!
Although a bit later than usual we have the new CANVAS movie detailing
the new features in 6.87 available for your viewing pleasure at:
http://partners.immunityinc.com/movies/CANVAS_687_1.mov
A few things to note about this video
1) We do see the Java warning popup happen when demoing the
java_DynamicBinding, this is because I forgot to uncheck "Always Do
Recon". Unfortunately checking for the Java version means triggering
that popup. So if you want to be stealthy and use this exploit on a gig,
don't forget to uncheck the box! By default the exploit makes use of the
JNLP popup bypass technique.
2) The inject_to_mem module works on Windows 32/64 as well as OSX 32/64,
the technique for OSX has not been discussed anywhere else publicly to
our knowledge. The Windows technique for loading DLLs into a process
without touching disk is a variant of what was used by Stuxnet.
3) The audio does cut out for about 6 seconds around the 1:54 mark,
sorry about that
As always questions can be aimed at support at immunityinc.com
Cheers,
-AlexM
--
Alex McGeorge
Immunity Inc.
1130 Washington Avenue 8th Floor
Miami Beach, Florida 33139
P: 786.220.0600
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20130604/8d994521/attachment.html>
More information about the Canvas
mailing list