Systems and methods for selecting a termination rule for a penetration testing campaign

US 10,068,095 B1
Filed: 12/11/2017
Issued: 09/04/2018
Est. Priority Date: 05/15/2017
Status: Active Grant

First Claim

Patent Images

1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed until a termination condition is satisfied, the termination condition being manually and explicitly selected, the method comprising:

a. receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs explicitly selecting the termination condition for the penetration testing campaign, the termination condition being a member of the termination conditions group consisting of;

i. a termination condition associated with exporting one or more files out of the networked system;

ii. a termination condition associated with damaging one or more files;

iii. a termination condition associated with encrypting one or more files;

iv. a termination condition associated with a number of compromised network nodes;

v. a termination condition associated with a specific condition that is either true or false for each network node of the networked system;

vi. a termination condition associated with a specific defensive software application; and

vii. a termination condition associated with changing access rights of one or more files;

b. executing the penetration testing campaign, by the penetration testing system, so as to test the networked system;

c. checking, by the penetration testing system and while the penetration testing campaign is executing, whether the explicitly and manually-selected termination condition that is a member of the termination conditions group is satisfied;

d. in response to a determination by the checking that the explicitly and manually-selected termination condition that is a member of the termination conditions group is satisfied, terminating execution of the penetration testing campaign; and

e. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report describing the at least one security vulnerability in a file and (iii) electronically transmitting the report describing the at least one security vulnerability.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed until a termination condition is satisfied, the termination condition being manually and explicitly selected and being an indirect termination condition.

60 Citations

View as Search Results

30 Claims

1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed until a termination condition is satisfied, the termination condition being manually and explicitly selected, the method comprising:
- a. receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs explicitly selecting the termination condition for the penetration testing campaign, the termination condition being a member of the termination conditions group consisting of;
  
  i. a termination condition associated with exporting one or more files out of the networked system;
  
  ii. a termination condition associated with damaging one or more files;
  
  iii. a termination condition associated with encrypting one or more files;
  
  iv. a termination condition associated with a number of compromised network nodes;
  
  v. a termination condition associated with a specific condition that is either true or false for each network node of the networked system;
  
  vi. a termination condition associated with a specific defensive software application; and
  
  vii. a termination condition associated with changing access rights of one or more files;
  
  b. executing the penetration testing campaign, by the penetration testing system, so as to test the networked system;
  
  c. checking, by the penetration testing system and while the penetration testing campaign is executing, whether the explicitly and manually-selected termination condition that is a member of the termination conditions group is satisfied;
  
  d. in response to a determination by the checking that the explicitly and manually-selected termination condition that is a member of the termination conditions group is satisfied, terminating execution of the penetration testing campaign; and
  
  e. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report describing the at least one security vulnerability in a file and (iii) electronically transmitting the report describing the at least one security vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The method of claim 1, wherein the termination condition is associated with exporting one or more files out of the networked system.
  - 3. The method of claim 2, wherein the termination condition is satisfied when the penetration testing system exports or determines that it could export a file having a specific file name out of the networked system.
  - 4. The method of claim 2, wherein the termination condition is satisfied when the penetration testing system exports or determines that it could export a file, from a specific network node of the networked system, out of the networked system.
  - 5. The method of claim 2, wherein the termination condition is satisfied when the penetration testing system exports or determines that it could export a specific number of files, from a specific network node of the networked system, out of the networked system.
  - 6. The method of claim 2, wherein the termination condition is satisfied when the penetration testing system exports or determines that it could export a specific number of files out of the networked system.
  - 7. The method of claim 2, wherein the termination condition is satisfied when the penetration testing system exports or determines that it could export one or more files, whose total size is more than a specific size, out of the networked system.
  - 8. The method of claim 2, wherein the termination condition is satisfied when the penetration testing system exports or determines that it could export one or more files of a specific type out of the networked system.
  - 9. The method of claim 2, wherein the termination condition is satisfied when the penetration testing system exports or determines that it could export one or more files of a specific type, whose total size is more than a specific size, out of the networked system.
  - 10. The method of claim 1, wherein the termination condition is associated with damaging one or more files.
  - 11. The method of claim 10, wherein the termination condition is satisfied when the penetration testing system damages or determines that it could damage in a specific way a specific number of files of the networked system.
  - 12. The method of claim 10, wherein the termination condition is satisfied when the penetration testing system damages or determines that it could damage in a specific way a file having a specific file name of the networked system.
  - 13. The method of claim 10, wherein the termination condition is satisfied when the penetration testing system damages or determines that it could damage in a specific way a file having a specific file name in a specific network node of the networked system.
  - 14. The method of claim 10, wherein the termination condition is satisfied when the penetration testing system damages or determines that it could damage in a specific way at least one file in a specific network node of the networked system.
  - 15. The method of claim 1, wherein the termination condition is associated with encrypting one or more files.
  - 16. The method of claim 1, wherein the termination condition is associated with a number of compromised network nodes.
  - 17. The method of claim 16, wherein the termination condition is satisfied when the penetration testing system compromises or determines that it could compromise a specific number larger than one of network nodes, regardless of a specific identity of those compromised network nodes.
  - 18. The method of claim 16, wherein the termination condition is satisfied when the penetration testing system compromises or determines that it could compromise a number of network nodes such that a percentage of compromised network nodes in the networked system is higher than a specific threshold.
  - 19. The method of claim 1, wherein the termination condition is associated with a specific condition that is either true or false for each network node of the networked system.
  - 20. The method of claim 19, wherein the termination condition is satisfied when the penetration testing system compromises or determines that it could compromise a specific number of network nodes which satisfy the specific condition.
  - 21. The method of claim 19, wherein the termination condition is satisfied when the penetration testing system compromises or determines that it could compromise all network nodes of the networked system that satisfy the specific condition.
  - 22. The method of claim 1, wherein the termination condition is satisfied when the penetration testing system detects an existence in the networked system of a specific defensive software application.
  - 23. The method of claim 1, wherein the termination condition is associated with changing access rights of one or more files.
  - 24. The method of claim 1, wherein before the receiving the one or more manually-entered inputs that explicitly select the termination condition for the penetration testing campaign, the penetration testing system automatically computes and displays an explicit recommendation for selecting the termination condition.
  - 25. The method of claim 24 wherein the received one or more manually-entered inputs comprises an explicit user approval of the explicit recommendation.
  - 26. The method of claim 1, wherein before the receiving the one or more manually-entered inputs that explicitly select the termination condition for the penetration testing campaign, the penetration testing system automatically computes and displays a list of possible termination conditions.
  - 27. The method of claim 26 wherein the received one or more manually-entered inputs comprises an explicit user selection of one of said possible termination conditions in said list as the termination condition for the penetration testing campaign.

28. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed until a termination condition is satisfied, the termination condition being manually and explicitly selected, the method comprising:
- a. receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs explicitly selecting the termination condition for the penetration testing campaign, the termination condition being an indirect termination condition;
  
  b. executing the penetration testing campaign, by the penetration testing system, so as to test the networked system;
  
  c. checking, by the penetration testing system and while the penetration testing campaign is executing, whether the explicitly and manually-selected indirect termination condition is satisfied;
  
  d. in response to a determination by the checking that the explicitly and manually-selected indirect termination condition is satisfied, terminating execution of the penetration testing campaign; and
  
  e. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report describing the at least one security vulnerability in a file and (iii) electronically transmitting the report describing the at least one security vulnerability.

29. A system of penetration testing of a networked system, the system comprising:
- a. a termination-condition-selecting user interface including one or more user interface components for manual and explicit selection of a termination condition for a penetration testing campaign, where the termination-condition-selecting user interface resides in a computing device, the termination condition being a member of the termination conditions group consisting of;
  
  i. a termination condition associated with exporting one or more files out of the networked system;
  
  ii. a termination condition associated with damaging one or more files;
  
  iii. a termination condition associated with encrypting one or more files;
  
  iv. a termination condition associated with a number of compromised network nodes;
  
  v. a termination condition associated with a specific condition that is either true or false for each network node of the networked system;
  
  vi. a termination condition associated with a specific defensive software application; and
  
  vii. a termination condition associated with changing access rights of one or more files;
  
  b. a penetration-testing-campaign module including;
  
  i. one or more penetration-testing-campaign processors; and
  
  ii. a penetration-testing-campaign non-transitory computer readable storage medium for instructions execution by the one or more penetration-testing-campaign processors, the penetration-testing-campaign non-transitory computer readable storage medium having stored instructions to perform the penetration testing campaign so as to test the networked system, and to terminate the penetration testing campaign in response to a determination that the manually and explicitly-selected termination condition that is a member of the termination conditions group is satisfied; and
  
  c. a reporting module including;
  
  i. one or more reporting processors; and
  
  ii. a reporting non-transitory computer readable storage medium for instructions execution by the one or more reporting processors, the reporting non-transitory computer readable storage medium having stored instructions to report at least one security vulnerability determined to exist in the networked system according to results of the penetration testing campaign performed by the penetration-testing-campaign module, the instructions to report including at least one of (i) instructions to cause a display device to display a report describing the at least one security vulnerability, (ii) instructions to store the report describing the at least one security vulnerability in a file and (iii) instructions to electronically transmit the report describing the at least one security vulnerability.

30. A system of penetration testing of a networked system, the system comprising:
- a. a termination-condition-selecting user interface including one or more user interface components for manual and explicit selection of a termination condition for a penetration testing campaign, where the termination-condition-selecting user interface resides in a computing device, the termination condition being an indirect termination condition;
  
  b. a penetration-testing-campaign module including;
  
  i. one or more penetration-testing-campaign processors; and
  
  ii. a penetration-testing-campaign non-transitory computer readable storage medium for instructions execution by the one or more penetration-testing-campaign processors, the penetration-testing-campaign non-transitory computer readable storage medium having stored instructions to perform the penetration testing campaign so as to test the networked system, and to terminate the penetration testing campaign in response to a determination that the manually and explicitly-selected indirect termination condition is satisfied; and
  
  c. a reporting module including;
  
  i. one or more reporting processors; and
  
  ii. a reporting non-transitory computer readable storage medium for instructions execution by the one or more reporting processors, the reporting non-transitory computer readable storage medium having stored instructions to report at least one security vulnerability determined to exist in the networked system according to results of the penetration testing campaign performed by the penetration-testing-campaign module, the instructions to report including at least one of (i) instructions to cause a display device to display a report describing the at least one security vulnerability, (ii) instructions to store the report describing the at least one security vulnerability in a file and (iii) instructions to electronically transmit the report describing the at least one security vulnerability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
XM Cyber Ltd. (Schwarz Unternehmenskommunikation GmbH & Co. KG)
Original Assignee
XM Cyber Ltd. (Schwarz Unternehmenskommunikation GmbH & Co. KG)
Inventors
Segal, Ronen, Lasser, Menahem
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US15/837,975
Time in Patent Office

267 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Systems and methods for selecting a termination rule for a penetration testing campaign

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for selecting a termination rule for a penetration testing campaign

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links