INNUENDO – An Advanced Penetration Testing tool for modeling Advanced Attackers
Immunity provides a premiere suite of software and network security assessment tools that cover every phase of your offensive information security life-cycle. From tip-of-spear exploitation through CANVAS and SILICA, to long term Nation-State grade persistence with INNUENDO, the Immunity product line up will keep your red teams pushing forward and your blue teams in pace with the state of the art in information security offense
INNUENDO raises the bar for the state of the art in persistence and data exfiltration solutions. Based on a flexible, modular architecture, INNUENDO offers nation-grade advanced attack capabilities to commercial penetration
testing teams.
INNUENDO breaks from the current penetration testing model by using a message passing protocol that is completely decoupled from any transport layer. This allows for a wide range of communication channels
which are easily integrated into your INNUENDO solution. Examples include: HTTPS, DNS, ICMP, PDF, Social Media, and steganographic injection into popular image hosting services.
Persistence can be maintained via any one of many ways, determined at deploy time. That means no static indications of compromise! Persistence methods are modular and updatable throughout the life of the deployment.
INNUENDO functionality can be written, deployed and updated in Python without ever touching disk and is encrypted and signed for a specific INNUENDO instance on deployment.
Each deployed INNUENDO has a unique SHA1 hash which prevents one-stop binary fingerprinting.
INNUENDO can be deployed entirely from memory via e.g. a CANVAS exploit, a post-exploitation CANVAS module, or from another INNUENDO instance. INNUENDO can run as an injected DLL or as its own process.
INNUENDO instances employ strong encryption for C&C messages, which renders the communications opaque to listeners and frustrates post-event forensics.
This video is about E-SPIN Immunity Innuendo Product Overview by E-SPIN that will give you more information regarding this product.
For those who can not join us for the full day Training session, please see the summary and highlight clip for the event.
If you have any inquiry or questions, feel free to contact E-SPIN for solution, product and project requirements.