Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign

US 10,454,966 B2
Filed: 05/01/2019
Issued: 10/22/2019
Est. Priority Date: 11/15/2017
Status: Active Grant

First Claim

Patent Images

1. A method for penetration testing of a networked system by a penetration testing system using both active and passive validation methods during a single penetration testing campaign, the method for penetration testing comprising:

a. determining a first target network node of the networked system to be the next network node to attempt to compromise during the single penetration testing campaign;

b. determining a first vulnerability of network nodes to be used for compromising the first target network node;

c. selecting a first validation method for validating the first vulnerability for the first target network node, a type of the first validation method being selected from the type group consisting of active validation and passive validation;

d. validating the first vulnerability for the first target network node using the first validation method;

e. determining a second target network node of the networked system to be the next network node to attempt to compromise during the single penetration testing campaign;

f. determining a second vulnerability of network nodes to be used for compromising the second target network node;

g. selecting a second validation method for validating the second vulnerability for the second target network node, a type of the second validation method being selected from the type group consisting of active validation and passive validation and being different from the type of the first validation method;

h. validating the second vulnerability for the second target network node using the second validation method; and

i. reporting at least one security vulnerability of the networked system determined to exist based on results of the executing of the single penetration testing campaign, wherein the reporting comprises performing at least one operation selected from the group consisting of;

(A) causing a display device to display a report containing information about the at least one security vulnerability of the networked system,(B) storing the report containing information about the at least one security vulnerability of the networked system in a file and (C) electronically transmitting the report containing information about the at least one security vulnerability of the networked system,wherein all of steps a-i are performed by the penetration testing system, and all of steps a-h are performed during the single penetration testing campaign.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for penetration testing of a networked system by a penetration testing system. In some embodiments, both active and passive validation methods are used during a single penetration testing campaign in a single networked system. In other embodiments, a first penetration testing campaign uses only active validation and a second penetration campaign uses only passive validation, where both campaigns are performed by a single penetration testing system in a single networked system. Node-by-node determination of whether to use active or passive validation can be based on expected extent and/or likelihood of damage from actually compromising a network node using active validation.

Citations

16 Claims

1. A method for penetration testing of a networked system by a penetration testing system using both active and passive validation methods during a single penetration testing campaign, the method for penetration testing comprising:
- a. determining a first target network node of the networked system to be the next network node to attempt to compromise during the single penetration testing campaign;
  
  b. determining a first vulnerability of network nodes to be used for compromising the first target network node;
  
  c. selecting a first validation method for validating the first vulnerability for the first target network node, a type of the first validation method being selected from the type group consisting of active validation and passive validation;
  
  d. validating the first vulnerability for the first target network node using the first validation method;
  
  e. determining a second target network node of the networked system to be the next network node to attempt to compromise during the single penetration testing campaign;
  
  f. determining a second vulnerability of network nodes to be used for compromising the second target network node;
  
  g. selecting a second validation method for validating the second vulnerability for the second target network node, a type of the second validation method being selected from the type group consisting of active validation and passive validation and being different from the type of the first validation method;
  
  h. validating the second vulnerability for the second target network node using the second validation method; and
  
  i. reporting at least one security vulnerability of the networked system determined to exist based on results of the executing of the single penetration testing campaign, wherein the reporting comprises performing at least one operation selected from the group consisting of;
  
  (A) causing a display device to display a report containing information about the at least one security vulnerability of the networked system,(B) storing the report containing information about the at least one security vulnerability of the networked system in a file and (C) electronically transmitting the report containing information about the at least one security vulnerability of the networked system,wherein all of steps a-i are performed by the penetration testing system, and all of steps a-h are performed during the single penetration testing campaign.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the first and second validation methods are respectively selected in accordance with the first and second vulnerabilities.
  - 3. The method of claim 1 wherein:
    - i. the selecting of the first validation method comprises;
      
      A. determining a first damage to the first target network node that can be caused by validating the first vulnerability for the first target network node by using active validation; and
      
      B. selecting the type of the first validation method to be a type of a validation method that is associated with the first damage; and
      
      ii. the selecting of the second validation method comprises;
      
      A. determining a second damage to the second target network node that can be caused by validating the second vulnerability for the second target network node by using active validation; and
      
      B. selecting the type of the second validation method to be a type of a validation method that is associated with the second damage.
  - 4. The method of claim 3, wherein the determining of the first damage includes determining an extent of the first damage.
  - 5. The method of claim 3, wherein the determining of the first damage includes determining a likelihood of the first damage occurring.
  - 6. The method of claim 1, wherein the selecting of the type of the first and second validation methods are performed such that the identity of the first vulnerability uniquely determines the type of the first validation method, and the identity of the second vulnerability uniquely determines the type of the second validation method.
  - 7. The method of claim 1, wherein steps a-i are performed in the order listed.
  - 8. The method of claim 1, wherein the penetration testing system is controlled by a user interface of a computing device, and the method for penetration testing of the networked system further comprises:
    - j. receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs explicitly defining at least one item selected from the group consisting of (i) a type of a validation method to be used for validating the first vulnerability, and (ii) a type of a validation method to be used for validating the second vulnerability.

9. A penetration testing system for executing penetration testing of a networked system using both active and passive validation methods during a single penetration testing campaign, the penetration testing system comprising:
- a. a remote computing device comprising a computer memory and one or more processors, the remote computing device in networked communication with multiple network nodes of the networked system; and
  
  b. a non-transitory computer-readable storage medium containing program instructions, wherein execution of the program instructions by the one or more processors of the remote computing device performs all of the following operations during the single penetration testing campaign;
  
  i. determining a first target network node of the networked system to be the next network node to attempt to compromise during the single penetration testing campaign;
  
  ii. determining a first vulnerability of network nodes to be used for compromising the first target network node;
  
  iii. selecting a first validation method for validating the first vulnerability for the first target network node, a type of the first validation method being selected from the type group consisting of active validation and passive validation;
  
  iv. causing validation of the first vulnerability for the first target network node using the first validation method;
  
  v. determining a second target network node of the networked system to be the next network node to attempt to compromise during the single penetration testing campaign;
  
  vi. determining a second vulnerability of network nodes to be used for compromising the second target network node;
  
  vii. selecting a second validation method for validating the second vulnerability for the second target network node, a type of the second validation method being selected from the type group consisting of active validation and passive validation and being different from the type of the first validation method; and
  
  viii. causing a validation of the second vulnerability for the second target network node using the second validation method;
  
  wherein the execution of the program instructions by the one or more processors of the remote computing device further performs the following operation;
  
  reporting at least one security vulnerability of the networked system determined to exist based on results of executing the single penetration testing campaign, wherein the reporting comprises performing at least one operation selected from the group consisting of;
  
  (A) causing a display device to display a report containing information about the at least one security vulnerability of the networked system, (B) storing the report containing information about the at least one security vulnerability of the networked system in a file and (C) electronically transmitting the report containing information about the at least one security vulnerability of the networked system.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The penetration testing system of claim 9, wherein the execution of the program instructions by the one or more processors of the remote computing device causes the first and second validation methods to be respectively selected in accordance with the first and second vulnerabilities.
  - 11. The system of claim 9 wherein:
    - i. the selecting of the first validation method comprises;
      
      A. determining a first damage to the first target network node that can be caused by validating the first vulnerability for the first target network node by using active validation; and
      
      B. selecting the type of the first validation method to be a type of a validation method that is associated with the first damage; and
      
      ii. the selecting of the second validation method comprises;
      
      A. determining a second damage to the second target network node that can be caused by validating the second vulnerability for the second target network node by using active validation; and
      
      B. selecting the type of the second validation method to be a type of a validation method that is associated with the second damage.
  - 12. The penetration testing system of claim 11, wherein the determining of the first damage includes determining an extent of the first damage.
  - 13. The penetration testing system of claim 11, wherein the program instructions are such that the determining of the first damage includes determining a likelihood of the first damage occurring.
  - 14. The penetration testing system of claim 9, wherein the execution of the program instructions by the one or more processors of the remote computing device causes the selecting of the type of the first and second validation methods to be performed such that the identity of the first vulnerability uniquely determines the type of the first validation method, and the identity of the second vulnerability uniquely determines the type of the second validation method.
  - 15. The penetration testing system of claim 9, wherein the execution of the program instructions by the one or more processors of the remote computing device causes the operations a-viii to be performed in the order listed.
  - 16. The penetration testing system of claim 9, wherein the penetration testing system is controlled by a user interface, and the execution of the program instructions by the one or more processors of the remote computing device further performs the operation:
    - receiving, by the penetration testing system and via the user interface, one or more manually-entered inputs, the one or more manually-entered inputs explicitly defining at least one item selected from the group consisting of (i) a type of a validation method to be used for validating the first vulnerability, and (ii) a type of a validation method to be used for validating the second vulnerability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
XM Cyber Ltd. (Schwarz Unternehmenskommunikation GmbH & Co. KG)
Original Assignee
XM Cyber Ltd. (Schwarz Unternehmenskommunikation GmbH & Co. KG)
Inventors
Gorodissky, Boaz, Ashkenazy, Adi, Segal, Ronen, Lasser, Menahem
Primary Examiner(s)
Do, Khang

Application Number

US16/400,938
Publication Number

US 20190268369A1
Time in Patent Office

174 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

H04L 43/06   Generation of reports

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1466   Active attacks involving in...

H04L 63/1475   Passive attacks, e.g. eaves...

Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links