[Canvas] CANVAS 6.87 Release Movie

Alex McGeorge alexm at immunityinc.com
Tue Jun 4 12:49:48 EDT 2013


Aloha List!

Although a bit later than usual we have the new CANVAS movie detailing
the new features in 6.87 available for your viewing pleasure at:

http://partners.immunityinc.com/movies/CANVAS_687_1.mov

A few things to note about this video
1) We do see the Java warning popup happen when demoing the
java_DynamicBinding, this is because I forgot to uncheck "Always Do
Recon". Unfortunately checking for the Java version means triggering
that popup. So if you want to be stealthy and use this exploit on a gig,
don't forget to uncheck the box! By default the exploit makes use of the
JNLP popup bypass technique.

2) The inject_to_mem module works on Windows 32/64 as well as OSX 32/64,
the technique for OSX has not been discussed anywhere else publicly to
our knowledge. The Windows technique for loading DLLs into a process
without touching disk is a variant of what was used by Stuxnet.

3) The audio does cut out for about 6 seconds around the 1:54 mark,
sorry about that

As always questions can be aimed at support at immunityinc.com

Cheers,
-AlexM


-- 
Alex McGeorge
Immunity Inc.
1130 Washington Avenue 8th Floor
Miami Beach, Florida 33139
P: 786.220.0600

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20130604/8d994521/attachment.html>


More information about the Canvas mailing list