Immunity CANVAS exploit pack is leaked on VirusTotal. More than 800 0-day vulnerabilities & exploits to hack into networks

Cybersecurity experts report that a version of CANVAS, an exploit platform to test vulnerabilities in computer systems, was leaked into the VirusTotal database, so now all users of this platform can access the tool.

VirusTotal, owned by Google, is a platform on which users can upload samples of the virus to the database to determine if they have been detected by any of the most popular antivirus engines. On the other hand, CANVAS was developed by Immunity, a firm created by Dave Aitel, former hacker of the National Security Agency (NSA).

Experts report that the exposed version of the tool is CANVAS v7.26, released in September 2020. Ege Balci, director of PRODAFT’s threat intelligence team, confirmed the leak through his Twitter account.

Last Tuesday, French security researcher Julien Voisin found a functional exploit for Spectre, a dangerous hardware security flaw on Linux systems, which also appears to have been developed by Immunity.

Researchers also posted screenshots of the CANVAS interface, adding a new post on Twitter: “The quality of this framework is remarkable; since it was leaked, Immunity should do it open source.” As you will remember, Metasploit is a free exploit development framework created by expert H.D. Moore. Although very similar to CANVAS, it has been rewritten in Ruby after being originally written in Perl. The filtered version of CANVAS is also available in a Telegram chat group.

What do you think about this technology application? Is it useful? Are you willing to learn more about this? To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.