Taking privilege escalation into account in penetration testing campaigns
First Claim
1. A method of carrying out a penetration testing campaign of a networked system by a simulated penetration testing system for the purpose of determining a way for an attacker to compromise the networked system, wherein the simulated penetration testing system assigns a plurality of network nodes of the networked system to classes based on current information about the compromisability of the plurality of network nodes at a current state of the penetration testing campaign, the classes consisting of (i) a red class, wherein each network node that is a member of the red class is known to be compromisable by the attacker in a way that gives the attacker full control of the red-class-member network node, (ii) a blue class, wherein each network node that is a member of the blue class is not known to be compromisable by the attacker, and (iii) a purple class, wherein each network node that is a member of the purple class is known to be compromisable by the attacker in a way that does not give the attacker full control of the purple-class-member network node, the method comprising:
- a. selecting a first target network node of the plurality of network nodes of the networked system;
b. handling the first target network node, the handling of the first target network node comprising;
i. based on the selected first target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a first vulnerability that can compromise the first target network node;
ii. checking whether compromising the first target network node using the first vulnerability would result in the attacker achieving full control of the first target network node; and
iii. in response to determining that the compromising of the first target network node using the first vulnerability would result in the attacker achieving full control of the first target network node, assigning the first target network node to the red class;
c. selecting a second target network node of the plurality of network nodes of the networked system;
d. handling the second target network node, the handling of the second target network node comprising;
i. based on the selected second target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a second vulnerability that can compromise the second target network node;
ii. checking whether compromising the second target network node using the second vulnerability would result in the attacker achieving full control of the second target network node; and
iii. in response to determining that (i) the compromising of the second target network node using the second vulnerability would not result in the attacker achieving full control of the second target network node and (ii) the attacker would be able to achieve full control of the second target network node by using (A) one or more privilege escalation techniques and (B) one or more access rights to the second target network node obtained by the compromising of the second target network node using the second vulnerability, assigning the second target network node to the red class;
e. selecting a third target network node of the plurality of network nodes of the networked system;
f. handling the third target network node, the handling of the third target network node comprising;
i. based on the selected third target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a third vulnerability that can compromise the third target network node;
ii. checking whether compromising the third target network node using the third vulnerability would result in the attacker achieving full control of the third target network node; and
iii. in response to determining that (i) the compromising of the third target network node using the third vulnerability would not result in the attacker achieving full control of the third target network node and (ii) the attacker cannot achieve full control of the third target network node by using (A) any combination of privilege escalation techniques and (B) any combination of access rights to the third target network node obtained by the compromising of the third target network node using the third vulnerability, assigning the third target network node to the purple class;
g. based on at least one of the first vulnerability, the second vulnerability and the third vulnerability, determining the way for an attacker to compromise the networked system; and
h. reporting the determined way for an attacker to compromise the networked system, the reporting comprising at least one action selected from the actions group consisting of (i) causing a display device to display a report including information about the determined way to compromise the networked system, (ii) recording the report including the information about the determined way to compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined way to compromise the networked system.
1 Assignment
0 Petitions
Accused Products
Abstract
A simulated penetration testing system that assigns network nodes of the tested networked system to classes based on current information about the compromisability of the nodes at a current state of a penetration testing campaign, the classes consisting of (i) a red class for nodes known to be compromisable by the attacker in a way that gives the attacker full control of the nodes, (ii) a blue class for nodes that are not known to be compromisable by the attacker, and (iii) a purple class for nodes known to be compromisable by the attacker in a way that does not give the attacker full control of the purple-class-member network node. The campaign tests whether an attacker would be able to achieve full control of a target node by using privilege escalation techniques and one or more access rights achieved by compromising the target node.
101 Citations
20 Claims
-
1. A method of carrying out a penetration testing campaign of a networked system by a simulated penetration testing system for the purpose of determining a way for an attacker to compromise the networked system, wherein the simulated penetration testing system assigns a plurality of network nodes of the networked system to classes based on current information about the compromisability of the plurality of network nodes at a current state of the penetration testing campaign, the classes consisting of (i) a red class, wherein each network node that is a member of the red class is known to be compromisable by the attacker in a way that gives the attacker full control of the red-class-member network node, (ii) a blue class, wherein each network node that is a member of the blue class is not known to be compromisable by the attacker, and (iii) a purple class, wherein each network node that is a member of the purple class is known to be compromisable by the attacker in a way that does not give the attacker full control of the purple-class-member network node, the method comprising:
-
a. selecting a first target network node of the plurality of network nodes of the networked system; b. handling the first target network node, the handling of the first target network node comprising; i. based on the selected first target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a first vulnerability that can compromise the first target network node; ii. checking whether compromising the first target network node using the first vulnerability would result in the attacker achieving full control of the first target network node; and iii. in response to determining that the compromising of the first target network node using the first vulnerability would result in the attacker achieving full control of the first target network node, assigning the first target network node to the red class; c. selecting a second target network node of the plurality of network nodes of the networked system; d. handling the second target network node, the handling of the second target network node comprising; i. based on the selected second target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a second vulnerability that can compromise the second target network node; ii. checking whether compromising the second target network node using the second vulnerability would result in the attacker achieving full control of the second target network node; and iii. in response to determining that (i) the compromising of the second target network node using the second vulnerability would not result in the attacker achieving full control of the second target network node and (ii) the attacker would be able to achieve full control of the second target network node by using (A) one or more privilege escalation techniques and (B) one or more access rights to the second target network node obtained by the compromising of the second target network node using the second vulnerability, assigning the second target network node to the red class; e. selecting a third target network node of the plurality of network nodes of the networked system; f. handling the third target network node, the handling of the third target network node comprising; i. based on the selected third target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a third vulnerability that can compromise the third target network node; ii. checking whether compromising the third target network node using the third vulnerability would result in the attacker achieving full control of the third target network node; and iii. in response to determining that (i) the compromising of the third target network node using the third vulnerability would not result in the attacker achieving full control of the third target network node and (ii) the attacker cannot achieve full control of the third target network node by using (A) any combination of privilege escalation techniques and (B) any combination of access rights to the third target network node obtained by the compromising of the third target network node using the third vulnerability, assigning the third target network node to the purple class; g. based on at least one of the first vulnerability, the second vulnerability and the third vulnerability, determining the way for an attacker to compromise the networked system; and h. reporting the determined way for an attacker to compromise the networked system, the reporting comprising at least one action selected from the actions group consisting of (i) causing a display device to display a report including information about the determined way to compromise the networked system, (ii) recording the report including the information about the determined way to compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined way to compromise the networked system. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A simulated penetration testing system for carrying out a penetration testing campaign of a networked system for the purpose of determining a way for an attacker to compromise the networked system, wherein the simulated penetration testing system assigns a plurality of network nodes of the networked system to classes based on current information about the compromisability of the plurality of network nodes at a current state of the penetration testing campaign, the classes consisting of (i) a red class, wherein each network node that is a member of the red class is known to be compromisable by the attacker in a way that gives the attacker full control of the red-class-member network node, (ii) a blue class, wherein each network node that is a member of the blue class is not known to be compromisable by the attacker, and (iii) a purple class, wherein each network node that is a member of the purple class is known to be compromisable by the attacker in a way that does not give the attacker full control of the purple-class-member network node, the penetration testing system comprising:
-
a. a computing device comprising one or more processors, the computing device in networked communication with multiple network nodes of the networked system; and b. a non-transitory computer-readable storage medium containing program instructions, wherein execution of the program instructions by the one or more processors of the computing device causes the one or more processors of the computing device to carry out the following steps; i. selecting a first target network node of the plurality of network nodes of the networked system; ii. handling the first target network node, the handling of the first target network node comprising; A. based on the selected first target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a first vulnerability that can compromise the first target network node; B. checking whether compromising the first target network node using the first vulnerability would result in the attacker achieving full control of the first target network node; and C. in response to determining that the compromising of the first target network node using the first vulnerability would result in the attacker achieving full control of the first target network node, assigning the first target network node to the red class; iii. selecting a second target network node of the plurality of network nodes of the networked system; iv. handling the second target network node, the handling of the second target network node comprising; A. based on the selected second target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a second vulnerability that can compromise the second target network node; B. checking whether compromising the second target network node using the second vulnerability would result in the attacker achieving full control of the second target network node; and C. in response to determining that (I) the compromising of the second target network node using the second vulnerability would not result in the attacker achieving full control of the second target network node and (II) the attacker would be able to achieve full control of the second target network node by using (1) one or more privilege escalation techniques and (2) one or more access rights to the second target network node obtained by the compromising of the second target network node using the second vulnerability, assigning the second target network node to the red class; v. selecting a third target network node of the plurality of network nodes of the networked system; vi. handling the third target network node, the handling of the third target network node comprising; A. based on the selected third target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a third vulnerability that can compromise the third target network node; B. checking whether compromising the third target network node using the third vulnerability would result in the attacker achieving full control of the third target network node; and C. in response to determining that (I) the compromising of the third target network node using the third vulnerability would not result in the attacker achieving full control of the third target network node and (II) the attacker cannot achieve full control of the third target network node by using (1) any combination of privilege escalation techniques and (2) any combination of access rights to the third target network node obtained by the compromising of the third target network node using the third vulnerability, assigning the third target network node to the purple class; vii. based on at least one of the first vulnerability, the second vulnerability and the third vulnerability, determining the way for an attacker to compromise the networked system; and viii. reporting the determined way for an attacker to compromise the networked system, the reporting comprising at least one action selected from the actions group consisting of (i) causing a display device to display a report including information about the determined way to compromise the networked system, (ii) recording the report including the information about the determined way to compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined way to compromise the networked system. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of carrying out a penetration testing campaign of a networked system by a simulated penetration testing system for the purpose of determining a way for an attacker to compromise the networked system, wherein the simulated penetration testing system assigns a plurality of network nodes of the networked system to classes based on current information about the compromisability of the plurality of network nodes at a current state of the penetration testing campaign, the classes consisting of (i) a red class, wherein each network node that is a member of the red class is known to be compromisable by the attacker in a way that gives the attacker full control of the red-class-member network node, (ii) a blue class, wherein each network node that is a member of the blue class is not known to be compromisable by the attacker, and (iii) a purple class, wherein each network node that is a member of the purple class is known to be compromisable by the attacker in a way that does not give the attacker full control of the purple-class-member network node, the method comprising:
-
a. selecting a first target network node of the plurality of network nodes of the networked system; b. handling the first target network node, the handling of the first target network node comprising; i. based on the selected first target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a first vulnerability that can compromise the first target network node; ii. checking whether compromising the first target network node using the first vulnerability would result in the attacker achieving full control of the first target network node; and iii. in response to determining that the compromising of the first target network node using the first vulnerability would result in the attacker achieving full control of the first target network node, assigning the first target network node to the red class; c. selecting a second target network node of the plurality of network nodes of the networked system; d. handling the second target network node, the handling of the second target network node comprising; i. based on the selected second target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a second vulnerability that can compromise the second target network node; ii. checking whether compromising the second target network node using the second vulnerability would result in the attacker achieving full control of the second target network node; and iii. in response to determining that the compromising of the second target network node using the second vulnerability would not result in the attacker achieving full control of the second target network node, assigning the second target network node to the purple class; e. based on at least one of the first vulnerability and the second vulnerability, determining the way for an attacker to compromise the networked system; and f. reporting the determined way for an attacker to compromise the networked system, the reporting comprising at least one action selected from the actions group consisting of (i) causing a display device to display a report including information about the determined way to compromise the networked system, (ii) recording the report including the information about the determined way to compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined way to compromise the networked system. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A simulated penetration testing system for carrying out a penetration testing campaign of a networked system for the purpose of determining a way for an attacker to compromise the networked system, wherein the simulated penetration testing system assigns a plurality of network nodes of the networked system to classes based on current information about the compromisability of the plurality of network nodes at a current state of the penetration testing campaign, the classes consisting of (i) a red class, wherein each network node that is a member of the red class is known to be compromisable by the attacker in a way that gives the attacker full control of the red-class-member network node, (ii) a blue class, wherein each network node that is a member of the blue class is not known to be compromisable by the attacker, and (iii) a purple class, wherein each network node that is a member of the purple class is known to be compromisable by the attacker in a way that does not give the attacker full control of the purple-class-member network node, the penetration testing system comprising:
-
a. a computing device comprising one or more processors, the computing device in networked communication with multiple network nodes of the networked system; and b. a non-transitory computer-readable storage medium containing program instructions, wherein execution of the program instructions by the one or more processors of the computing device causes the one or more processors of the computing device to carry out the following steps; i. selecting a first target network node of the plurality of network nodes of the networked system; ii. handling the first target network node, the handling of the first target network node comprising; A. based on the selected first target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a first vulnerability that can compromise the first target network node; B. checking whether compromising the first target network node using the first vulnerability would result in the attacker achieving full control of the first target network node; and C. in response to determining that the compromising of the first target network node using the first vulnerability would result in the attacker achieving full control of the first target network node, assigning the first target network node to the red class; iii. selecting a second target network node of the plurality of network nodes of the networked system; iv. handling the second target network node, the handling of the second target network node comprising; A. based on the selected second target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a second vulnerability that can compromise the second target network node; B. checking whether compromising the second target network node using the second vulnerability would result in the attacker achieving full control of the second target network node; and C. in response to determining that the compromising of the second target network node using the second vulnerability would not result in the attacker achieving full control of the second target network node, assigning the second target network node to the purple class; v. based on at least one of the first vulnerability and the second vulnerability, determining the way for an attacker to compromise the networked system; and vi. reporting the determined way for an attacker to compromise the networked system, the reporting comprising at least one action selected from the actions group consisting of (i) causing a display device to display a report including information about the determined way to compromise the networked system, (ii) recording the report including the information about the determined way to compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined way to compromise the networked system. - View Dependent Claims (17, 18, 19, 20)
-
Specification