Latest News
January 11, 2010Immunity CANVAS Professional 6.54
Miami Beach, FL - (January 11th, 2010) - Immunity is excited to announce the latest revision of CANVAS Professional.
Immunity is pleased to announce the release of CANVAS 6.54. This release includes exploits for the Acrobat DocMedia.newplayer vulnerability (CVE-2009-4324). CANVAS Professional 6.54 also includes full MOSDEF support for 64bit Windows platforms, automated PHP SafeMode bypassing, and massive client side reliability and reporting improvements.
December 08, 2009
Immunity CANVAS Professional 6.53
Miami Beach, FL - (December 9th, 2009) - Immunity is excited to announce the latest revision of CANVAS Professional.
Immunity is pleased to announce the release of CANVAS 6.53. This release includes exploits for the recent Sun Java and Microsoft .Net client-side vulnerabilities. Each of the exploits included inside CANVAS is highly reliable, and allows for use of CANVAS's HTTP tunneling shellcode, which bypasses protective measures such as authenticating firewalls.
November 06, 2009
Immunity CANVAS Professional 6.52
Miami Beach, FL - (November 09, 2009) - Immunity is excited to announce the latest revision of CANVAS Professional.
Immunity is pleased to announce the release of CANVAS 6.52. This release includes an exploit for the recent Adobe Acrobat Reader U3D vulnerability. One notable bug that was fixed includes support for over people with over 2000 exploit modules installed. If you install all the Exploit Packs you have quite a lot more modules than any other attack platform available today!
October 05, 2009
Immunity CANVAS Professional 6.51
Miami Beach, FL - (October 05, 2009) - Immunity is excited to announce the latest revision of CANVAS Professional.
The big news this month is the inclusion of the much awaited SMBv2 Vulnerability (CVE-2009-3103). This is still unpatched by Microsoft at the time of writing and can be seen in action here:
https://www.immunityinc.com/documentation/smbv2.html
Two versions exist, a local token-stealing exploit, and a remote connect-back exploit, both reliably working against Windows Vista and Server 2008 SP1 and SP2 on x86 architectures. Another point of note is that Immunity were first past the post on getting reliable local and remote execution for this particular vulnerability.
Feature updates dominate this months CANVAS release, 22 new modules in all along with a range of performance tweaks and bug fixes.
Also getting attention this month is a the OS X platform which now has a native .app bundle of CANVAS which includes all the required dependencies, making it the easiest way to get up and running with CANVAS - Unzip, launch the .app and you are away!
.
September 17, 2009
Immunity, Inc. releases the first exploit for the Vista/2008 SMBv2 vulnerability. See the video here!
September 09, 2009
Immunity CANVAS Professional 6.50
Miami Beach, FL - (September 09, 2009) - Immunity is pleased to announce the latest release of the CANVAS Professional framework.
Feature updates dominate this months CANVAS release, 22 new modules in all along with a range of performance tweaks and bug fixes.
This month Immunity is proud to deliver a brand new win32 rootkit named 'HCN' (Hydrogen Cyanide). This is a complete rewrite of the previous rootkit with the focus being on stability and complete platform support across a range of Windows platforms. The rootkit capabilities released this month initially comprises of 8 separate modules, with more being added over the coming months.
CANVAS 6.50 also sees the introduction of a new clientside and email attack framework named SploitD. Features will again be expanded upon in future but currently consist of an entirely new HTTP(S) server application based upon the WSGI Python Standard as well as an email sender to send in clientside exploits into a target organization.
Other non-exploit modules released this month include an SSH reverse tunnel capability and a browser plugin enumeration module.
Highlights of the exploit modules presented this month are the Proto ops null dereference linux kernel local exploit (CVE-2009-2692), a Windows Server Service Double Free exploit (MS09_041) (CVE-2009-1544), exploits for two IIS vulnerabilities in IIS FTP NLST Stack Overflow (CVE-2009-3023) and IIS FTP Globbing stack exhaustion DOS (CVE-2009-2521). Web exploits also see additions in the form of exploits for Acute Control Panel (CVE-2009-1247), AdaptCMS Lite (NoCVE) Easy PX 41 CMS (NoCVE), WorkSimple (CVE-2008-5764), PHPSkelSite (CVE-2009-0595), Joomla Art Forms Component (NoCVE) and Joomla Tree Flash Gallery (CVE-2008-6482).
August 25, 2009
Immunity Inc. is offering a special deal for the upcoming Hacker Halted Conference held in Miami, FL. If you are interested in taking advantage of this offer please email sales@immunityinc.com to get the promo code needed for the discount rate to be applied at time of registration.
1. Special rate of just $999 (Normal is $1299)
2. Full Access to ALL open sessions of the conference from Sep 23 - 25, 2009
3. All lunches and coffee breaks provided for (Sep 23 - 25, 2009)
4. Attend a choice one of the 3 following one-day training on Sep 25, 2009, covering the following topics:
a) Identifying Threats and Deploying Countermeasures
b) Incident Response: Principles of Incident Handling
c) Virtualization Security: Threats Exposed
*These workshops are led by EC-Council Master Instructors and are worth $599!
5. Free EC-Council Certification Training Courseware and Exam Voucher! Choose one of the following:
a. EC-Council Certified Secure Programmer (ECSP)
b. EC-Council Certified VoIP Professional (ECVP)
c. EC-Council Disaster Recovery Professionals (EDRP)
*These official electronic courseware and Prometric Prime Vouchers are worth a combined of $900! ($650 + $250)
*Redeemable from Nov 1, 2009.
August 17, 2009
Immunity Inc. will be a vendor at the upcoming Hacker Halted Conference, which is to be held at the downtown Hilton Hotel in Miami, Florida from September 23-25, 2009. Immunity Inc. is providing all of its customers (whether old, current or potential) the opportunity to register for the conference at a special discount price of $999. This is a $300 savings off of the normal registration rate. If you are interested in attending the conference, please email sales@immunityinc.com to get the special registration code in order for this discount to be applied. There are no strings attached to this offer; it is just a simple 'Thanks' from us to you!
You can find more information about this conference here: http://www.hackerhalted.com/
August 11, 2009
Immunity, Inc. Argentinian Style
Immunity Inc. is proud to announce its grand opening of our satellite office in Buenos Aires, Argentina. The office is located at 1625 Lavalle - Suite #504 which is right in the heart of Buenos Aires in the neighborhood of Centro;
Soon we will start to host training classes from this office. If you are interested in signing up for a class or would like more information please email sales@immunityinc.com.
Thank you to all of our customers for helping us grow!
August 04, 2009
Immunity CANVAS Professional 6.49
Miami Beach, FL - (August 04, 2009) - Immunity is pleased to announce the latest release of the CANVAS Professional framework.
This update includes six new CANVAS modules comprised of four clientside exploits and two remote web exploits. The clientsides consist of: Adobe Acrobat Flash exploit (CVE-2009-1862), a Firefox 3.5 Memory Corruption exploit (CVE-2009-2477), a Microsoft DirectShow (msvidctl.dll) exploit for Windows XP (MS09-032, CVE-2008-0015) and a proof of concept denial of service exploit for the Microsoft Embedded OpenType Font Engine vulnerability (MS09-029, CVE-2009-0232). The remote web exploits are command injection bug in Nagios < 3.1.1 (CVE-2009-2288) and remote code execution bug in Zen Cart <= 1.3.8a (CVE-2009-2255).
There have also been a number of bug fixes & feature enhancements applied across the framework, most notably the addition of the ability for the HTTP Proxy to work with NAT'ed hosts with multiple clients and the modification of the MS07_067 exploit to use a non-connectback based shellcode for increased reliability.
July 06, 2009
Immunity CANVAS Professional 6.48
Miami Beach, FL - (July 06, 2009) - Immunity is pleased to announce the July release of the CANVAS penetration testing framework.
This update includes 19 new CANVAS modules including two exploits for vulnerabilities addressed by the MS09-022 patch (CVE-2009-0228 & CVE-2009-0230), a new AIX remote exploit for the ttdbserver vulnerability and an exploit for the Symantec Alert Management System 2 Stack Overflow (CVE-2009-1430). Two clientsides for the Safari Web Browser are also included allowing arbitrary file download ( CVE-2009-1699 & CVE-2008-4216).
This month also sees the release of 'solroot' which is a local root framework similar to the previously release 'AIXroot' to allow a clean and modular way to conduct local root exploits on the Solaris platform.
Finally, CANVAS has added the ability to import data generated by Qualys Guard 6.5 into the framework.
June 02, 2009
Immunity CANVAS Professional 6.47
Miami Beach, FL - (May 02, 2009) - Immunity is excited to release the latest update to the CANVAS penetration testing framework.
Included in this release are a number of new exploit and post-compromise modules. The highlight of this release is the inclusion of Kostya Korchinsky's eagerly awaited CLOUDBURST (CVE-2009-1244) VMWare breakout bug!
For those of you who are unaware, CLOUDBURST exploits a vulnerability in VMware Display functions in order to execute code from within a Guest VM into the controlling Host. Once exploited, the exploit tunnels a MOSDEF connection over the Frame Buffer of the Guest to communicate with the Host.
Also included this month is an update to the iis_webdav module which now includes support for the IIS 6.0 unicode translation authentication bypass bug (CVE-2009-1535). There is also a commandline 'davshell' option that allows you to do interactive PUT and MOVE commands.
Rounding off the exploits for this month is 6 new web exploit modules which cover the following bugs: joomlagooglebase_rfi (CVE-2008-6483), joomlarss_rfi (CVE-2008-5053), dokeos_rce (No CVE), phplinkadmin_rfi (CVE-2009-1025), slogin_rfi (CVE-2008-5763) & pluck_lfi (CVE-2009-1765).
Post-compromise module updates are found in the ability to record audio and video from a compromised target, as well as a module to gather the wifi encryption keys from a Windows host.
May 04, 2009
Immunity CANVAS Professional 6.46
Miami beach, FL - (May 04, 2009) - Immunity is excited to release the latest update to the CANVAS penetration testing framework.
This release includes the following CANVAS Early updates:
# java_deserialize: Cross platform clientside exploit for bug in JAVA deserializing (SUN BugID 6734167) (All)
# pgpwdef: Trigger for the PGP Desktop 9.9.0 IOCTL handling DoS (Windows)
# udevd: NETLINK messaging Linux local root exploit (Linux)
# ms09_013: Exploit for MS09-013 (Windows HTTP Service Integer Underflow) (Windows)
New commands:
# urlmangle: Create domains to check for phishing (All)
# saycheese: Snap a picture from a webcam (Windows)
# facedetection: Detect if someone is on the compromised computer with a webcam (Windows)
# motiondetect: Detect motion on a webcam (Windows)
New features and bugfixes:
# Improved commandline shell
# Improved SPIKE Proxy SSL performance
# Improved Python 2.6 support
# AlphaNumeric payload encoder
# Scriptable VNC control over RFB through our new VAASeline library
April 07, 2009
Immunity CANVAS Professional 6.45
Miami Beach, FL - (April 07, 2009) - Immunity is excited to release the latest update to the CANVAS penetration testing framework.
The focus of the 6.45 release of CANVAS has been on UI improvements. This release presents significant changes to the Node management GUI in order to streamline a users workflow. Also included is a CANVAS commandline shell to allow better interaction with CANVAS from the commandline or over a SSH tunnel, it also allows multiple users to simultaneously access the same core CANVAS engine.
The CANVAS shell is an exemplar use of the new XML-RPC interface layer that has been created to allow easy access to the core CANVAS engine by third parties regardless of the programming language they choose to work in. The much asked for feature of project state save and restore is now fully integrated and is available through the GUI. HTTP/HTTPS MOSDEF has seen a complete rewrite and provides the ability to do full HTTP/HTTPS tunneling.
New CANVAS exploit modules this month take the form of MOSDEF ActiveX, a fully signed ActiveX control which provides a Win32 Node when a user browses to a site hosting the control, 4 new PDF exploits (CVE-2009-0837, CVE-2009-0927, CVE-2009-0836, CVE-2009-0658) are included, and previous PDF exploits being improved with Javascript obfuscation being included as appropriate. Finally the only known public example of an exploit for the NetworkManager secrets disclosure vulnerability (CVE-2009-0365) is provided with this release.
April 06, 2009
Immunity Impact Report
451 Group produces Immunity Impact Report. Read it here!
March 25, 2009
CANVAS Training UK
Immunity Inc. announces its first ever public CANVAS training class to be held in London, England. The CANVAS Training is a two day class that teaches students how to best use CANVAS for vulnerability exploitation and penetration testing. Additional details about the class can be found here.
Seats are limited, so reserve yours TODAY! For more information please email sales@immunityinc.com.
March 05, 2009
Unethical Hacking Australia
Immunity Inc. is pleased to announce its first ever Unethical Hacking Training Class to be taught in Canberra, Australia.
This class specializes in teaching advanced security assessment techniques. The first half of the class is intensive hands-on training in how to exploit buffer overflows on the Windows platform. The second half of the class addresses post-exploitation attack methodologies.
We are offering a special introductory rate for this class, which will be held June 22-26, 2009. For more information about the class or to sign up please email us at sales@immunityinc.com. Seats are available on a first-come first-serve basis, so do not miss out on this fantastic opportunity!
March 04, 2009
Immunity CANVAS Professional 6.44
Miami Beach, FL - (March 4, 2009) - Immunity is happy to announce the latest update to its leading penetration testing framework: CANVAS Professional 6.44.
The 6.44 release sees the incorporation of an exploit module for the MS09-002 Internet Explorer vulnerability, 5 new web exploit modules for a variety of PHP based web services and new post exploitation modules to gather information about users from both web browsers and Outlook address books.
The CANVAS GUI has also seen some usability tweaks and visual improvements to complement a range of improvements to the functionality and underlying API of the CANVAS engine.
February 3, 2009
Immunity CANVAS Professional 6.43
Miami Beach, FL - (February 3, 2009) - Immunity is pleased to present the latest update of its flagship penetration testing frameowork: CANVAS Professional 6.43. This release sees the inclusion of the full MOSDEF2.0 pure python C-like compiler and assembler giving even greater speed increases.
CANVAS also introduces the first underpinnings of session support for users, allowing session naming and automatic organization of gathered data into a clearer hierarchy. CANVAS also now officially supports the python 2.6 across all supported platforms.
New exploits for this release comprise of a local exploit for an AIX 5.2/5.3 DIAGNOSTICS environment handling bug (CVE-2004-1329). This module demonstrates how to tie this class of local root exploit into the larger CANVAS framework. Also included is an MS SQL remote heap overflow (CVE-2008-5416) exploiting the replwritetovarbin stored procedure enabled by default in SQL Server 2000 and 2005. Also included is a POC kernel MS pool overflow (CVE-2008-4834, MS09-001) which is capable of a DOS condition against the target. A new web application remote exploit for the Simple Machines Forum round up the new exploits this month.
New non-exploit modules in this release are BuildHTTPCallback which creates an executable that will call back to download and execute a file over HTTP/S, and adduser and deluser for easy creation and removal of users on remote systems.
January 13, 2009
FREE Admission to CanSecWest 2009 Conference
Immunity Inc. has partnered up with CanSecWest and together are offering ALL Immunity customers a fantastic deal-----FREE Admission to this year's 2009 Conference, which is being held in Vancouver from March 16-20, 2009. This is a savings of $1500+CAD, so take advantage of this offer while it lasts!!!!
For more details about this offer and to get your free admission ticket please email us at sales@immunityinc.com. For general conference information please visit https://cansecwest.com/
January 8, 2009
FREE Admission for CANVAS Customers!!!!
As a 'Thank you' for buying our CANVAS software and being such a great customer, ALL CANVAS customers get free entry to the uCon conference and 20% discount on the Essential Pentest Class 101. uCon is taking place in Recife, Brazil on February 28, 2009.
If you want more details about the conference check out the conference website at http://ucon-conference.org/.
If you want to take advantage of this offer, simply let us know by emailing sales@immunityinc.com and we'll make sure you get in for free!
January 6, 2009
Immunity CANVAS Professional 6.42
Miami Beach, FL - (January 6, 2009) - Immunity is proud to present the first release of 2009: CANVAS Professional 6.42. This is the biggest update release of CANVAS ever and packs in improvements and new features from deepest parts of CANVAS right through to the GUI. The 6.42 release of CANVAS see the debut of a new parser and lexer for the pure python compilation of the C-like MOSDEF language used by CANVAS for post exploitation actions. The new parser and lexer bring significant speed increases as well as lower memory usage and easier integration points for 3rd party CANVAS developers. Improvements that sit closer to the end user appear in the guise of new GUI features to streamline the workflow,allow easier access to generated output data and allow CANVAS modules to be searched on a large number of attribute tags. New exploits appear this month for MS08-078 (MS IE XML parsing bug), MS08-068 (NTLMv1 credential reflection bug) and CVE-2008-5619 (Roundcube remote exploit). New CANVAS reconnaissance modules also make an appearance with ICMPSweep, ARPScan, ARPScanner and UDPportscan allowing a user to gather intelligence in a variety of new, low footprint, ways. Finally a new module to identify targets based on IP and ICMP heuristics is included and integrated into the OS detection capabilities of CANVAS. This increases the ability of CANVAS to automatically target exploits against the correct target host as well as being a valuable addition to CANVAS's overall intelligence gathering capabilities.
December 1, 2008
Immunity CANVAS Professional 6.41
Miami Beach, FL - (December 1, 2008) - Immunity is proud to present the final release of 2008: CANVAS Professional 6.41. This release sees new exploits for Lotus Domino, GoodTech SSH server, Simple Machines Forum and Mantis Bugtracker. It also builds upon the CANVAS framework feature set by introducing an ICMP MOSDEF proxy, continued improvements in SPIKE proxy for POST requests and improved threading support for modules using parallel scanning. The ICMP proxy module was created in response to a situation the Immunity penertration testing team recently found itself in. The team had unprivileged command execution on a web server which was only allowed to talk to the outside world over ICMP, this meant traditional ICMP tunnelling solutions were not an option. To work around this limitation, the team developed an ICMP tunnelling solution that relies on the native Win32 ICMP API, thus not requiring Administrator privileges. This is a feature that will clearly be useful in a wide variety of situations a penetration tester may find themselves in.
November 4, 2008
Immunity CANVAS Professional 6.40
Miami Beach, FL - (November 4, 2008) - Immunity is proud to present: CANVAS Professional 6.40, offering up an array of new exploits and functionality. The 6.40 release of CANAVS Professional has the most comprehensive and reliable exploit available for the MS08-067 vulnerability supporting 2K, XP and 2K3 (even with DEP AlwaysOn!). Furthering the forensics capabilities of CANVAS Professional is the Ramdumper module which allows live memory dumps to be captured and retrieved over the network for analysis. Additionally the Windows rootkit now supports file hiding through the filesystem browser interface. The AIX exploit collection has also been expanded with two new local root exploits. Available now!
October 1, 2008
Immunity CANVAS Professional 6.39
Miami Beach, FL - (October 1, 2008) - Immunity is proud to present: CANVAS Professional 6.39, offering an exciting new collection of exploits and features. CANVAS Professional 6.39 includes full AIX MOSDEF support. Other new features include a slew of new clientside exploits and improved HTTP MOSDEF support which now includes NAT compatibility. Available now!
September 18, 2008
Immunity is involved in several upcoming conferences in North and South America...
OWASP - NYC
When: September 24-25, 2008
Where: The Park Central Hotel
870 Seventh Avenue at 56 Street
NY, NY 10019
Info: http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference
Immunity Founder and CTO Dave Aitel will be giving a talk titled Corruption on
September 25 at 4:00 pm (Timesquare)
White Wolf Security/SANS Ice II - Las Vegas
When: October 1-3, 2008
Where: Caesar's Palace, Las Vegas
3570 Las Vegas Blvd South
Las Vegas, NV 89109
Info: https://www.sans.org/ns2008/whitewolf.php
CANVAS developers Justin Seitz and Alex McGeorge will be there. Stop
by for a free CANVAS demo done by one of it's developers! NOP
Certifications can also be arranged.
Eko Party and BA-con - Buenos Aires
When: September 30 - October 3, 2008
Where: Buenos Aires, Argentina
Info: http://www.ba-con.com.ar/
http://www.ekoparty.com.ar/
Immunity is giving two training sessions in Spanish at the Eko party
on September 29:
- -Unethical Hacking (Condensed) - Will be taught by Pablo Sole
- -Stack Overflows - Will be taught by Damian Gomez
Dave Aitel will be giving a keynote presentation at the Eko Party on
October 2-3: "Hacking Has An Economy of Scale"
Pablo Sole will be giving a presentation at the Eko Party on
October 2-3: "Javascript Unleashed"
H2HC - Brazil
When: November 8-9, 2008
Where: Av. Lins de Vasconcelos, 1222 - Cambuci
Sao Paulo - SP, 01538-001 Brazil
Info: http://www.h2hc.org.br/
Immunity will have a vendor booth, where you can take a look at our
products: CANVAS, VisualSploit and SILICA.
We will also for the first time in Latin America, be
offering NOP Certifications!
September 3, 2008
Immunity Inc. is running a September special. If you purchase a 1 year (4 quarters) subscription to our CANVAS standard monthly updates and support, you will receive a 3 month (1 quarter) subscription to CANVAS Early Updates for FREE! This is a savings of $8,995 USD!!!!!!!!!! Act now as offer is only valid until September 30, 2008.
September 2, 2008
Immunity CANVAS Professional 6.38
Miami Beach, FL - (September 2, 2008) - CANVAS Professional 6.38 comes packed with a wide collection of new features and improvements. It includes exploits for MS08-49, Citrix MetaFrame, and DokuWiki. CANVAS Professional 6.38 also features new Win32 Payloads, CANVASNode filebrowser integration, and GUI commandline integration. Available now!
August 3, 2008
Immunity CANVAS Professional 6.37
Miami Beach, FL - (August 3, 2008) - CANVAS Professional 6.37 delivers new Windows rootkitting capabilities, a variety of new exploits, and improved engine stability and robustness. On the feature front CANVAS Professional 6.37 includes new modules to investigate DNS Caches and remote memory dumps. Available now!
July 2, 2008
Immunity CANVAS Professional 6.36
Miami Beach, FL - (July 2, 2008) - CANVAS Professional 6.36 brings an array of new engine features to the table, including MOSDEF OS X Intel support, new Solaris and Windows exploits and improved Linux payload generation. CANVAS Professional 6.36 also includes an updated SPIKE Proxy with much improved support libraries for convenient RFI exploitation. Available now!
June 2, 2008
Immunity CANVAS Professional 6.35
Miami Beach, FL - (June 2, 2008) - CANVAS Professional 6.35 delivers on the feature front by including full MOSDEFSock support for PHP ScriptNodes. CANVAS users can now bounce CANVAS exploits and recon modules through hosts compromised via PHP bugs without touching disk. CANVAS Professional 6.35 also includes several new exploits and features including the i2omgmt Driver Impersonation attack, and a SSH key checker for the Debian/Ubuntu OpenSSL PRNG weakness. Available now!
May 1, 2008
Immunity CANVAS Professional 6.34
Miami Beach, FL - (May 1, 2008) - Immunity is proud to present: CANVAS Professional 6.34 CANVAS Professional 6.34 offers an exciting new collection of exploits and drastic improvements in the client side arena. CANVAS Professional 6.34 includes the first public exploit for the much discussed Flash 9e vulnerability. Other new features include a slew of new web exploits, MSRPC fuzzing, and full SSL support for MOSDEF HTTP tunneling. Available now!
April 1, 2008
Immunity CANVAS Professional 6.33
Miami Beach, FL - (April 1, 2008) - Immunity is proud to present: CANVAS Professional 6.33. CANVAS Professional 6.33 is loaded with Kernel goodies for both Windows and Linux. On the Windows side of things we've included the first public exploit for the MS07_066 Vista Local Privilege Escalation bug, and on the Linux side of things we've included a full MOSDEF exploit for the vmsplice(2) Kernel bug. Other exploits include a full MOSDEF socket recycling remote root exploit for the ASUS Eee PC SAMBA 3.24 and five new web app exploits. Available now!
March 3, 2008
Immunity CANVAS Professional 6.32
Miami Beach, FL - (March 3, 2008) - Immunity is proud to present: Immunity CANVAS Professional 6.32. CANVAS Professional 6.32 includes Immunity's MS08-001 Windows IGMPv3 exploit, 20 new web application exploits, and the client side Adobe Acrobat Reader Javascript stack overflow. Exploits for the Novell Netware Print Spooler bug, updated Solaris XFS and MS06-040 for Windows Server 2003 SP0 round out the exploit updates for the month.
February 1, 2008
Immunity CANVAS Professional 6.31
Miami Beach, FL - (February 1, 2008) - Immunity CANVAS Professional 6.31 is now available. CANVAS 6.31 includes support for Windows kernel backdooring, contains improved OS Detection features and offers full MOSDEF support for Java and Script nodes.
January 2nd, 2008
Immunity CANVAS Professional 6.30
Immunity's award winning CANVAS product now includes exploits for MS07_065, the punbb web forum, and OpenOffice.org's arbitrary Java execution vulnerability.
December 3, 2007
Immunity CANVAS Professional 6.29
This release of CANVAS Professional provides new clientside exploits, fingerprinting and reconnaisance tools, as well as numerous reliability and usability improvements.
November 1, 2007
Immunity CANVAS Professional 6.28
Immunity CANVAS Professional 6.28 is now available. It includes many exciting new exploits and features. Exploit highlights include the Solaris XFS module, the MacroVision Driver module for XP SP2, and various clientside exploits including the RealPlayer Import ActiveX module and Microsoft IE7 url-handling module. New features include full geolocation support and SPIKE Proxy now supports automatic Remote File Inclusion exploitation.
October 19, 2007
Immunity Dojo and Talks at Pacsec 2007
Immunity's very own Kostya Kortchinsky and Nicolas Waisman will be teaching and presenting at PacSec 2007. Kostya will be presenting a talk on improved Windows Localization detection and Nico will be discussing the future of Heap Overflows on Windows. Together they will be teaching a PacSec Dojo on the art of finding 0day vulnerabilities. This Dojo will be a useful introduction to Immunity's February class, also to be held in Tokyo.
When: November 28-30, 2007
Where: Aoyama Diamond Hall, Tokyo, Japan
Info: PacSec Dojo Listing
October 9, 2007
Immunity founder Dave Aitel profiled by DarkReading
Darkreading.com's profile of Immunity Founder and CTO Dave Aitel can be read here.
October 2, 2007
Immunity releases Immunity CANVAS Professional 6.27
Miami Beach, FL - (October 2, 2007) - CANVAS Professonial 6.27 delivers an array of exciting new features, such as: a much improved GUI, MOSDEF for Solaris X86, and a flurry of new exploits. New exploit modules include exploits for flaws in the VMWARE DHCPD, Tivoli Storage Manager, Xitami, Veritas Netback, and Brightstore Media Server. CANVAS Professional 6.27 also comes with 21 new Web App exploits. CANVAS Professional 6.27 is available now!
September 27, 2007
Immunity hires top notch Kiwi and Argentinian talent
Miami Beach, FL, Buenos Aires AR, Aukland NZ - (September 27, 2007) - Immunity is proud to announce the addition of Adam Boileau and Pablo Sole to the Immunity team.
September 4, 2007
Immunity releases Immunity CANVAS Professional 6.26
Miami Beach, FL - (September 4, 2007) - CANVAS 6.26 delivers 20 brand new exploit modules for the month of September. It now includes exploits for the Solaris 10 telnet/login vulnerability, the HP OpenView Trace buffer overflow, the Borland IB Server buffer overflow and the Novell Netware Printer Provider client overflow. The CANVAS Engine now has a UserAgent object for Python based web hacking and the OSdetect module has been much improved. CANVAS Professional 6.25 is available now!
August 18, 2007
Immunity now offers a forum for people to share scripts, ideas, screenshots, and other important information on.
August 1, 2007
Immunity releases Immunity CANVAS Professional 6.25
Miami Beach, FL - (August 1, 2007) - CANVAS Professonial 6.25 delivers an engine overhaul and a brand new paintjob. The GUI has been redesigned and CANVAS looks better than ever. Furthermore the x86 MOSDEF assembler is now twice as fast. This means dramatic MOSDEF and exploit speedups. Boasting fifteen new exploit and attack modules, CANVAS Professional 6.25 is available now!
July 2, 2007
Immunity releases Immunity CANVAS Professional 6.24
Miami Beach, FL - (July 2, 2007) - Immunity brings you full MOSDEF PPC and 64 bit Python support with CANVAS 6.24. Next to engine improvements CANVAS Professional 6.24 also includes 11 new web application exploits and a complete version of SPIKE 3.0 to fully satisfy your fuzzing needs.
June 4, 2007
Immunity releases Immunity CANVAS 6.23
Miami Beach, FL - (June 4, 2007) - Immunity brings you a flurry of exciting new exploits this June, including a reliable remote root exploit for OS X on both Intel and PPC platforms. Other updates include an exploit for the Samba LsaLookupSids heap overflow and no less than five new web application exploits. New features include a UNIXSHELL handler, non-executable stack support (SP2) in the ANI cursor exploit, and improved MOSDEF UNIX support.
May 2, 2007
Immunity releases Immunity CANVAS 6.22
Miami Beach, FL - (May 2, 2007) - Immunity brings you full clientside HTTP MOSDEF tunneling with CANVAS 6.22. Next to providing the technology needed to keep up with current exploitation trends, CANVAS 6.22 also includes eight new exploits. Including an exploit for the notorious MS DNS bug and four PHP injection vulnerabilities that work with the CANVAS PHP Node framework. New tools include a module to list services on Windows machines and a module that can use the Windows At service.
April 1, 2007
Immunity releases Immunity CANVAS 6.21
Miami Beach, FL - (April 1, 2007) - Immunity releases an exploit for the very current Windows ANI File Format Parser overflow in CANVAS 6.21. Next to keeping CANVAS customers on the cutting edge of security research, this month's release also includes twelve other exploit modules. Including the much discussed GDIWrite4 local exploit and an exploit for the Snort DCERPC bug. New features include multiple host targeting, callback interface matching, and binary exploit integration.
March 1, 2007
Immunity releases Immunity CANVAS 6.20
Miami Beach, FL - (March 1, 2007) - Immunity puts the pedal to the metal with CANVAS 6.20. Caching improvements to the MOSDEF engine ensure a faster and more stable MOSDEF, whilst overall engine updates have upped the performance levels in many crucial areas. CANVAS 6.20 also brings with it improved language support and new targets for many of its exploits and offers exciting new features to the MassAttack module to make your penetration testing life easier.
February 14, 2007
Free Immunity CANVAS + VulnDisco Package, for limited time only!
VulnDisco, Gleg Ltd's set of 0day exploitation modules, are specially designed to be used with Immunity CANVAS. For a limited time only Immunity and Gleg are pleased to announce a free CANVAS offer to new customers purchasing any VulnDisco Professional license or to new customers purchasing the Unlimited User Standard VulnDisco license. Customers purchasing VulnDisco Standard for 10 users/installations can obtain CANVAS for just $500. This offer includes 3 months of CANVAS updates. CANVAS normally retails at $1244 per license. To take advantage of this offer please email sales@immunityinc.com!
February 1, 2007
Immunity releases Immunity CANVAS 6.19
Miami Beach, FL - (February 1, 2007) - Immunity shares the love in valentine February with CANVAS 6.19. This release includes support for IPv6, a Command Line Executer framework for web bugs and many exploit improvements. New modules include attacks against MS07-004 (VML), Citrix PrintProvider and 3Com TFTPD.
January 29, 2007
Immunity CANVAS runs on Windows Vista
See this screenshot for an example of the latest Immunity CANVAS Professional running a scan from Windows Vista Ultimate.
January 9, 2007
Immunity releases MS07_004 Exploit
Immunity, Inc. publishes working exploit for MS07_004 into Immunity Partners' program, less than three hours after it was announced.
January 1, 2007
Immunity releases Immunity CANVAS 6.18
Miami Beach, FL - (January 1, 2006) - Immunity is excited to ring in the new year with version 6.18 of Immunity CANVAS Professional. This release includes exploits for MS06_074 (SNMP), Symantec Remote Management, Novell Netware and Netmail, as well as many updates and stability improvements.
December 1, 2006
Immunity releases Immunity CANVAS 6.17
Miami Beach, FL - (December 1, 2006) - Immunity is proud to announce version 6.17 of Immunity CANVAS Professional. This release includes exploits for MS0_066, MS06_070, MS06_071, Novel eDirectory HttpStk.dlm, and Linux /proc a.out vulnerability.
November 1, 2006
Immunity releases Immunity CANVAS 6.16
Miami Beach, FL - (November 1, 2006) - Immunity, Inc. is proud to
announce version 6.16 of Immunity CANVAS Professional. This release
features a massively-threaded automated attack tool.
October 2, 2006
Immunity releases Immunity CANVAS 6.15
Miami beach, FL - (September 2, 2006) - Immunity, Inc. is proud to
announce the release of Immunity CANVAS Professional 6.15. This release
includes a built-in Windows keylogger, and several new exploits.
July 3, 2006
Immunity releases Immunity CANVAS 6.12
Miami Beach, FL - (July 3, 2006) - Immunity, Inc. has released
version 6.12 of Immunity CANVAS Professional. This release follows the successful integration of the latest Microsoft vulnerabilities
into the flagship Immunity product - vulnerabilities which had
previously only been available to Immunity Partner's customers. This month, as always, Immunity was the first company to offer its
customers the latest vulnerabilities within hours or days of the Microsoft Tuesday advisories.
June 1, 2006
Immunity releases Immunity CANVAS 6.11
Miami Beach, FL - (June 1, 2006) - Immunity, Inc. is proud to announce
the release of Immunity CANVAS Professional 6.11. This release
contains the first ever commercially available remote kernel-level
exploit. This exploit, for a vulnerability in Microsoft Windows
operating systems brings a new level of capability to penetation
testers using the CANVAS Professional product to test remote servers.
May 22, 2006
Immunity, Inc. launches groundbreaking VisualSploit product
Miami Beach, FL - (May 22, 2006) - Immunity, Inc. is proud to announce the public availability of VisualSploit, a plugin to Immunity's flagship product Immunity CANVAS which allows non-programmers to develop exploits for the Immunity CANVAS framework simply by dragging and dropping exploit components.
This provides a way for wide audience of people who previously would be unable to write their own exploits to utilize the advanced features of Immunity CANVAS to produce original modules they can then use to test their entire network with.
Immunity VisualSploit is available now at http://www.immunityinc.com/products-visualsploit.shtml
March 28, 2006
Immunity, Inc and SilverSEAL Corp. announce a strategic alliance to integrate services
New York, NY - (March 28, 2006) - SilverSEAL Corporation, a premier provider of investigative services, computer forensics, and physical security announced on Tuesday, a strategic alliance with Immunity Incorporated to integrate their specialized information security services to their product repertoire.
Immunity's extraordinary capabilities in discovering and implementing exploits for both operating systems and applications provided a natural fit for SilverSEAL, as they focus on expanding their computer forensic division.
"We're excited about our relationship with Immunity Inc.," commented John Silverman, president of SilverSEAL Inc., "we've been in the business of uncovering truths for our clients for 22 years. However, in the current world of information technology our clients are more vulnerable to having confidential information compromised due to the increasing threat of hackers, Trojans, viruses, and worms. Immunity is a perfect fit because they are one of the best in the trade and are honorable, a combination that is rare in this industry."
Justine Aitel, Immunity's CEO, is similarly positive about the complete layer of protection now available to SilverSEAL clients. "Immunity's specialist resources compliment those already available to SilverSEAL clients. Firms that collect and store sensitive information are worried about ensuring it is adequately protected, but usually do not have the expertise on staff to properly assess and manage the ever-evolving risks themselves. SilverSEAL, in partnering with Immunity, can now reassure its clients that their electronically stored data and networks are properly protected."
About Immunity, Inc:
Founded in 2002, Immunity Inc, comprising of world-class security researchers including CTO Dave Aitel, specializes in the realm of information security.
Developing the incredibly robust penetration platform named CANVAS, as well as being the co-authors of: The Hackers Handbook and the Shell Coders Handbook, make the Immunity team one of the best in their industry. With former government and extensive information security experience, the Immunity team brings to the table premier consulting services regarding the assessment of software and web-based applications.
About SilverSEAL:
SilverSeal is made up of two highly regarded firms: Silverman Associates which specializes in Investigative Services and SEAL Security which concentrates on providing comprehensive Security Solutions.
Founded in 1988, Silverman Associates has been providing discreet investigative services, earning the reputation
as resourceful problem solvers specializing in litigation support, corporate due diligence, investigative database rese
arch, and computer forensics. SEAL Security was formed in 1995 to fill the need for quality corporate and customized se
curity, providing high-end officers and crisis management teams to the corporate world.
March 1, 2006
Immunity CANVAS 6.8 release includes AIX attack capabilities. This allows Immunity CANVAS users to test large enterprises. Immunity CANVAS is unique in that it now supports AIX, Linux, Solaris, Windows, BSD, and OS X. Also included are expanded methods for downloading the entire memory contents of Windows processes. This can be used for forensics, simultanious intruder detection, and data access.
February 17, 2006
Protover test suites are now available for purchase directly from
Immunity. Protover can be used to test the security and stability of
various protocol implementations including SSL, IMAP and LDAP. Further
information including pricing is available at Gleg, Ltd's website:
http://www.gleg.net
December 21, 2005
Immunity's CANVAS Professional has been reviewed by the independent
technology analyst company, The 451 Group.
The full report is available here. The 451 Group calls CANVAS
Professional a "robust penetration platform" that is "10 times
less expensive than its nearest competitor". The report also
includes a description of CANVAS's main "technical differentiator",
MOSDEF.
October 6, 2005
Immunity is pleased to annouce itself as reseller of Sabre BinNavi - the
world's first debugging system based on directed graphs and graph
visualisation. More information available at: http://www.immunitysec.com/products-binnavi.shtml.
September 22, 2005
Immunity Theater of Owning
July 14, 2005
Immunity is pleased to announce the appointment of Justine Aitel to the
position of CEO, Immunity, Inc.
Dave Aitel will continue to drive the technical direction of Immunity allowing
Justine to focus on strategic initiatives.
January 14,2005
Immunity announces the addition of Justine Bone (Aitel) to the
Immunity team. Justine was previously responsible for global risk
management and information security at Bloomberg L.P, based in New
York City. Justine is a New Zealander who began her career with the
NZ's Government Communications Security Bureau, later moving to the
United States to join Internet Security Systems as researcher and
consultant. Justine can be reached at justine.aitel@immunitysec.com.
Oct 29, 2004
Immunity adds Hydrogen to its formidable product lineup.
March 22, 2004
Immunity employees Dave Aitel and Sinan Eren add
"The Shellcoder's Handbook" to their list of publications.