SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
Need Help? Email [email protected]
  • LOGIN

E-SPIN Group

CONTACT US / GET A QUOTE
  • No products in cart.
  • HOME
  • PROFILE
    • Corporate Profile
    • About us
    • Customer Overview
    • Case Studies
    • Investor Relations
    • Procurement
  • GLOBAL THEMES
    • Artificial Intelligence (AI)
    • Big Data
    • Blockchain
    • Cloud Computing
    • Cognitive Computing
    • Cyber Security
    • DevSecOps
    • Digital Transformation (DT)
    • Modern Workplace
    • Internet of Things (IoT)
    • Quantum Computing
    • More theme and feature topics
  • SOLUTIONS
    • Application Lifecycle Management (ALM), DevSecOps/VSM, Application Security
      • Application Security
      • DevSecOps
      • Digital Forensics
      • Secure Development
    • Cybersecurity, Governance Risk Compliance (GRC) and Resiliency
      • Governance, Risk Management and Compliance (GRC)
      • Malware Analysis and Reverse Engineering
      • Security Information & Event Management (SIEM)
      • Security Configuration Management (SCM)
      • Threat and Vulnerability Management
      • Penetration Testing and Ethical Hacking
    • Modern Infrastructure, NetOps
      • Network Performance Monitoring and Diagnostics (NPMD)
      • IT Operations Management (ITOM)
      • Network Operation (NetOps)
      • Network Management System (NMS)
    • Modern Workspace & Future of Work
      • Digital Workspace
      • End User Computing (EUC)
      • Securing Hybrid Workforce
      • Unified Endpoint Management (UEM)
      • User Activity Monitoring (UAM)
  • INDUSTRIES
    • Aerospace & Defense
    • Automotive
    • Banking & Financial Markets
    • Chemical & Petroleum
    • Commercial and Professional Services
    • Construction & Real Estate
    • Consumer Products
    • Education
    • Electronics
    • Energy & Utilities
    • Food & Beverage
    • Information Technology
    • Insurance
    • Healthcare
    • Goverment
    • Telecommunications
    • Transportation
    • Travel
    • Manufacturing
    • Media & Entertainment
    • Mining & Natural Resources
    • Life Sciences
    • Retail
  • PRODUCTS
    • Hidden Menu
      • Brand Overview
      • Services Overview
      • E-SPIN Product Line Card
      • E-SPIN Ecosystem World Solution Portfolio Overview
      • GitLab (DevOps, DevSecOps, VSM)
      • Hex-Rays (IDA Pro, Hex-Rays Decompiler)
      • Immunity (Canvas, Silica, Innuendo)
      • Parasoft (automated software testing, AppSec)
      • Tenable (Enterprise Vulnerability Management)
      • Veracode (Application Security Testing)
    • Cybersecurity, App Lifecycle, AppSec Management
      • Cerbero Labs (Cerbero Suite)
      • Core Security (Core Impact, Cobalt Strike)
      • HCL (AppScan, BigFix)
      • Invicti (Acunetix, Netsparker)
      • ImmuniWeb
      • UBsecure (Vex)
      • Portswigger (Burp Suite Pro, Burp Suite Enterprise)
      • Titania (Nipper Studio)
      • TSFactory (User Activity Monitoring)
    • Infrastructure, Network, Wireless, Cloud Management
      • Metageek (Wi-Spy, Chanalyzer, Eye P.A.)
      • Progress (WhatsUp Gold, WS_FTP, MOVEit MFT)
      • Paessler
      • Solarwinds (IT Management)
      • TamoSoft (wireless site survey)
      • Visiwave (wireless site survey, traffic analysis)
      • VMware (Virtualization, cloud mgt, Digital Workspace)
    • Platform products
      • Adobe (Digital Media Creation)
      • Micro Focus
      • Microsoft
      • Red Hat (Enterprise Linux, OpenStack, OpenShift, Ansible,JBoss)
      • SecHard
      • SUSE (Enterprise Linux, Rancher)
      • Show All The Brands and Products (Full)
  • e-STORE
    • e-STORE
    • eSTORE Guide
    • SUPPORT
  • CAREERS
    • Culture, Values and CSR
    • How We Hire
    • Job Openings
  • BLOG / NEWS
    • Blogs and News
    • Resources Library
    • Calendar of Events
  • CONTACT
  • Home
  • Brand
  • Immunity CANVAS Pentesting, Breach & Exploit Development
0
E-SPIN
Thursday, 25 August 2022 / Published in Brand, Immunity, Product

Immunity CANVAS Pentesting, Breach & Exploit Development

Immunity CANVAS for Penetration Testing and Red Team Operations. Immunity CANVAS is world leading commercial security assessment tools (SAT) allowing penetration testing, hostile attack simulations and exploit research and development.

CANVAS for Penetration Testing


Immunity CANVAS or simply just CANVAS, is one of the top and leading commercial security assessment tools (SAT) allowing penetration testing, hostile attack simulations and exploit research and development. CANVAS is a suite of pentesting including reliable development and testing framework, comes with hundreds of exploits ready to be used sort by different use case category, and exploits library extendability to penetration testers and security professionals worldwide. One uniqueness of Canvas is it allows 3rd party exploitation packs to expand the private zero-days exploits known as Canvas exploitation pack (CEP) to make each pentesting system licensed tailored for the respective users needs and requirements.

For red team operations, a unique feature called Canvas Strategic can be activated for over two users and license to collaborate for at least one commander and one operator to perform red team operations, typically involving more pentesters users and require mobilizing one common campaign objectives and target under the commander leadership.

Feel free to contact E-SPIN for your project and licensing requirement.

CANVAS for Breach and Attack Simulation (BAS)


Make use of CANVAS exploit automation and other features, breach and attack simulation are easy to handle for ethical hackers, pentesters to exploit researchers or red team to make sure the enterprise operations are secure.

Breach and Attack Simulation (BAS) is needed for those who carry the role and duty to test the existing infrastructure security components, processes and procedures implemented within an enterprise IT infrastructure, or for those who have been outsourced and appointed to perform the ethical hacker role for the said enterprise. Every simulated breach that makes it through via the tool, provides useful insights into attack vector path and mitigation strategy, remediation processes and cyberdefense intervention.

Business need driven security breach simulations at a minimum, typically be run on an annual basis or when major add or change occurs and follow with throughout review, and carry out what is necessary. CANVAS can be adopted as a BAS tool for the enterprise, and you can custom tailor it with an extensive range of Canvas exploitation pack (CEP) add-on.

CANVAS for Vulnerability Research and Exploit Development

CANVAS can be adopted for Vulnerability Research and Exploit Development. It has been actively used by exploit researchers to develop and make it available in the form of CANVAS exploitation pack (CEP) add-on. As a user, you can use it to develop your own exploit and test it for the Vulnerability Research and Exploit Development purpose.

From a security researcher’s point of view, make use of exploits and can see how it is crafted and you can modify it, by itself, save a lot of the time to adapt exploits to fit a more specific area or use case with your intent on a needed basis.

You may open 0-day exploits or other popular exploits to study and understand how they are crafted with the Canvas built in exploits or extensive private 0-days exploits from various Canvas exploitation packs (CEP). Use it to learn and help you jump start and write complex exploits against modern software and operating systems.

Feature: CANVAS Graphical User Interface (GUI)


CANVAS has an interesting design, that at first might look a bit confusing to you. Once you understand some of the basic components, you will be able to easily find your way around more advanced scenarios to get your job done with CANVAS.

CANVAS provides a command-line interface and an XML-RPC interface which is designed to be used by modules and code rather than a human user.

In CANVAS, you can run most of the modules and exploits independently! It means you would not need to load the entire framework, just to run a small command or tool from it.

Canvas is fully IPv6 compatible! It means you can also set your IPv6 interface address as the default listener, or attack IPv6 targets.

Feature: CANVAS Modules

Modules in Canvas are categorized based on type of module, type of attack (Local,Remote,Web,Clientside,DoS) and Operating System they can be run against.

Under the hood, most of the modules are categorized within a hierarchy in the exploits directory under the CANVAS root directory.

Favorites Here you will find some of the favorite modules that you can start playing around with, or are most common to be used.

New This section is updated with every new realease of CANVAS to highlight the latest modules and exploits that were added.

Exploit modules are arranged and categorized based on the vector, followed by the operating system. This makes it quick and easy to narrow down a list of exploits, once the Operating System of the target has been identified.

Exploit Pack. Canvas built-in modules are not the only inventory of tools and exploits that you can use. There are multiple 3rd party companies that provide exploit-packs for CANVAS. This allows you to boost your Canvas capabilities by purchasing and installing those packs to be able to attack even wider ranges of softwares and services using Canvas. Moreover, some of the 3rd party exploit providers offer 0day exploit modules, which is a great way to challenge your network security with real-world threats.

Commands :This group of modules, also categorized by OS type, is used to perform a series of common actions against the active node.

Trojans : Tojans allow you maintain access to a host you have already gained access, by either installing presistence MOSDEF trojan, or by installing the rootkit (HCN) that is included in the CANVAS.

Recon: Recon modules are focused on the tasks such as footprinting and detection of services or operating system version, as well as remote enumeration of data where possible, from relevant services.

DoS: Denial of Service exploit modules that are intended to crash a remote service, cause BSOD or make the system reboot.

Tools: This category contains modules that are developed based on CANVAS internal libraries and other modules, to perform a series of automated tasks.

Reporting: From the moment CANVAS is started until it is closed, every action performed in CANVAS is logged and time stamped. CANVAS can export the session activities into an Open-Office odt document format. This generated report includes the following items and sections:

  • Summary Tables
  • Attempted Exploits
  • Timeline
  • Successfull Attacks
  • Unsucces Attacks
  • Hosts
  • Appendix (Attack outputs, Exploit descriptions, Severity Level reference)

Servers: This category contains CANVAS modules that are used to operate as a server for client-side attack modules (HTTP or SMB server).

Configuration: Here you can find the CANVAS basic configuration module.

Fuzzers: Two basic fuzzers for MS-RPC endpoints and TFTP are included in CANVAS.

Listeners: This module brings up the Listener-Shell GUI, which if you have already have a live exploited node, will automatically connect to the active node.

Feature: CANVAS Command-line

As comfortable as it is to use the powerful CANVAS GUI, there will be some times when it is necessary to run CANVAS or a specific module from a terminal or command-line interface, for example over SSH. Most of the features provided through the GUI can be used from the command-line interface. It is possible to directly call modules (which are basically Python scripts) and provide the parameters and switches they required.

CANVAS also provides a tab in its GUI, that allows you to interact with Canvas by typing commands.

One of the benefits of having this CMDline interface in the GUI, beside its standard commands, is the Python shell which allows direct interaction with CANVAS objects from Python.

Feature: CANVAS Listeners

Once you successfully exploit a remote machine via any of the available modules, CANVAS automatically opens a news ‘Listener-shell’ window, which is basically an GUI for interacting with MOSDEF to perform various actions. This is more powerful than a a simple remote shell, providing the ability to browse files on the remote machine, upload or download files, pipe and run OS commands or spawn new processes.

The listener-shell can be of different types, depending on the machine, service or the (web) application you are exploiting. Therefore some of the functions of the listnener-shell might not be available on all node types.

Feature: CANVAS Strategic

The Canvas Strategic essentially allows live communication between multiple instances of Canvas and sharing the information (knowledge, performed actions, obtained shells) with a central commander instance, which is a machine running the the Commander module from the Canvas. This feature is specially useful when a team of users are working together on an engagement and activities, progress and achievements needs to be coordinated and collaborated. Moreover it can be also used as a central activity monitoring and logging for multiple canvas instances. Canvas Strategic allows creating multiple channels for multiple simultaneous engagements as well as a simple chat server that Canvas users could join and communicate with.

Feature: CANVAS Integrated Pentesting Platform

WhatsUp Gold Application Perfomance Monitor (APM) Technical Overview

CANVAS is easier to use and master than free open source tools, due to integrated penetration testing and exploit development framework is special craft and for that result in mind. Which means it is easier for less-experienced penetration testers to jump start the penetration testing, as well as for experienced ethical hackers use it for craft special red team campaigns like running multiple licenses as for red team operation.

Some of the typical use case example

Exploiting Windows Remotely

Suppose we are in a network and our goal is to scan, identify and exploit some Windows machines, remotely. There are many different modules targeting Windows machines available in Canvas, aimed at different versions of Windows. Of course it very rare to find a Windows machine exposed over the Internet that is vulnerable to some old known RPC vulnerability, but auditing and penetration testing internal networks is a different story. It is likely that in larger networks you discover systems vulnerable to issues from a few years back. When possible, Canvas takes care of version detection automatically so there is no need to worry about which version of payload to select unless you are already certain about it.

Exploiting Windows Locally (Privilege Escalation)

Scenarios in which we have successfully exploited a node, but the access rights are limited on the system. In such cases, privilege escalation may be accomplished by exploiting a vulnerability in a Windows OS components or service, or any 3rd party softwares and services that are running with administrator/SYSTEM privileges. To use any of the privilege escalation exploits available in CANVAS, the target machine must be running an active MOSDEF callback, for instance a remote web or client-side exploit was used to gain access or possibly the target executed a MOSDEF trojan.

Exploiting Client-Side Vulnerabilities

CANVAS is well suited to serving and handling client-side attacks in addition to remote attacks. Since there are a wide range and different classifications of vulnerabilities are supported by CANVAS, the exploitation methods used by CANVAS are dependent on the type of exploit. In most cases when dealing with client-side vulnerabilities, the vulnerability can be triggered from a web-browser. For these situations, CANVAS provides a dedicated engine for automatically selecting, serving and handling browser based exploits. Vulnerabilities in the browser or third party plugings (Adobe Reader, MS-Office, etc.) are examples of such cases.

Post-Exploitation

Once we have access to the node, you will likely want to gather information from that node to further penetrate the network. Depending on the privilege gained, it is possible to gather file and registry information, dump password hashes or even attack other machines inside the network from the exploited machine. Persistent Access: Relying on a session that has been obtained from an exploit for lateral movement an extended period of time may not be the best idea. In such cases, one of the first actions on the remote machine should be stablizing access so that you can connect back to the same machine without much effort and resume your work. In other words, plant a backdoor on the remote machine. Pivoting: in CANVAS terms, is using a compromised machine as a stepping stone to reach and exploit other machines that might not be otherwise accessible. CANVAS does not limit you in the number of hosts you can pivot from. If you are in a complicated and restricted network, you can go through the same steps and use this third host as your pivot point to reach yet another machine three levels deep inside the network.

Supported Platform

CANVAS is a product developed completely using Python, thus technically any platform and operating system that can run Python and meet the package dependencies can be used to run CANVAS. However, Immunity officially supports the installation of CANVAS only on Windows and Linux (Ubuntu, Kali). CANVAS can also be installed and used within a virtual machine, this is our recommended method of using CANVAS on unsupported platforms, or simply to have a clean and isolated environment. Users who are running CANVAS on restricted environments might also prefer to use a virtual machine. CANVAS is mainly developed and tested to run on Linux, and it is the platform that CANVAS shines on. You might notice that you may lose a few features of CANVAS if you run it on Windows. Some of the features of CANVAS (a few number of modules and tools) also require privileged access to the operating system to run correctly.

Hardware Requirements

CANVAS is very lightweight and can be used on any system that is capable of running Linux or Windows. It is recommended to have at least 5GB of disk space and 1GB of memory on the system or virtual machine that is being used for CANVAS. One of the interesting features of CANVAS is that it can also run on headless systems in command line mode, in which it requires even less hardware resources. This means you can even run CANVAS on your Android based phones or tablets, although it is not officially supported by Immunity.

macOS

CANVAS used to support macOS but due to GTK2 deprecation and issues, CANVAS can no longer officially support CANVAS on macOS. CANVAS generally runs but it breaks on most UI operations, CANVAS will keep providing the installer for all those users that will want to try and fight the beast on their own (or simply install it on older versions of macOS).

Last checked and updated: 25-Aug-2022 latest version at the time is 7.35 released on 2022-Aug-11.


Other post you may interest

Immunity CANVAS Latest Build and Release

Immunity CANVAS Early Updates Program Subscription

 

Tagged under: Exploitation Testing, Immunity, Immunity CANVAS, Penetration Testing (Pentesting)

What you can read next

JetBrains Space Product Overview Webinar
The One Stop Business-to-Business Enterprise Technology Solutions, Shared Service Outsourcing, Distribution and Trading service provider
VMware Airwatch EMM Product Overview by E-SPIN
Website and Web Application Security trend
Burp Suite Professional Web Vulnerability Scanner

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Why Composite AI is so important?

    Next wave of tech transformation is arrived

    Next wave of tech transformation is arrived now...
  • Key Factors to Consider When Choosing a Carrier Network Infrastructure (CNI) Service Provider

    As the global IT industry undergoes mass layoff...
  • The real variable in play for mass laying off right now

    In the past year, we have seen a trend of large...
  • 2 hours Workshop VMware AnyWhere Workspace Seminar Workshop-Unified Endpoint Security (UES)

    The journey in establishing anywhere workspace ...
  • Hex-Rays IDA Pro

    What is Hex-Rays IDA Pro? Hex-rays IDA Pro is a...

Recent Comments

  • JEAN ARIANE H. EVANGELISTA on E-SPIN Wishes all Filipino Araw ng Kagitingan 2022
  • Ira Camille Arellano on E-SPIN Wishes all Filipino Araw ng Kagitingan 2022
  • NKIRU OKEKE on Top 5 Challenges in the Consumer Products Industry
  • Md Abul Quashem on Types of Online Banking or E-Banking
  • Atalay marie on What is Cybersecurity Mesh ?

Archives

  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 2015
  • December 2014
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • February 2012
  • July 2011
  • June 2011

Categories

  • Acunetix
  • Adobe
  • Aerospace and Defence
  • AppSec Labs
  • Automotive
  • Banking and Financial Markets
  • Brand
  • Case Studies
  • Cerbero Labs
  • Chemical and petroleum
  • Codified Security
  • Commercial and Professional Services
  • Construction and Real Estate
  • Consumer products
  • Contact Us
  • Core Impact
  • Core Security
  • DBeaver
  • DefenseCode
  • DSquare Security
  • DSquare Security
  • E-Lock
  • Education
  • Electronics
  • Energy and utilities
  • Excelledia
  • FAQ
  • Food and Beverage (F&B)
  • GFI
  • GitLab
  • Global Themes and Feature Topics
  • Government
  • HCL
  • Healthcare
  • Hex-Rays
  • IBM
  • Immunity
  • ImmuniWeb
  • Industries
  • Information Technology
  • Insurance
  • Invicti
  • Ipswitch
  • Isorobot
  • JetBrains
  • Job
  • Life Science
  • LiveAction
  • Magnet forensics
  • Manufacturing
  • McAfee
  • Media and Entertainment
  • Metageek
  • Micro Focus
  • Microsoft
  • Mining and Natural Resources
  • Nessus
  • Netsparker
  • News
  • Nutanix
  • Paessler
  • Parasoft
  • PortSwigger
  • Pradeo
  • Product
  • Progress
  • Rapid7
  • RedHat
  • Retail
  • Retina
  • Riverbed
  • RSA
  • SecHard
  • Security Innovation
  • Security Roots
  • Services
  • SILICA
  • Soft Activity
  • SolarWinds
  • Solution
  • SUSE
  • Symantec
  • TamoSoft
  • Telecommunications
  • Tenable
  • Titania
  • Transportation
  • Travel
  • Trend Micro
  • Trustwave
  • TSFactory
  • UBsecure
  • Uncategorized
  • Vandyke
  • Veracode
  • Videos
  • VisiWave
  • VMware
  • Webinar Archive

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

CORPORATE

  • Profile
  • About us
  • Investor Relations
  • Procurement

SOLUTIONS & PRODUCTS

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services
  • Case Studies

STORE & SUPPORT

  • Shop
  • Cart
  • Checkout
  • My Account
  • Support

PRODUCTS & SERVICES

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services
  • Case Studies

FOLLOW US

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • YouTube
  • WordPress Blog
© 2005 - 2022 E-SPIN Group of Companies | All rights reserved.
E-SPIN refers to the global organisation, and may refer to one or more of the member firms of E-SPIN Group of Companies, each of which is a separate legal entity.
  • Contact
  • Privacy
  • Terms of use
TOP