Using information about exportable data in penetration testing
First Claim
1. A method of carrying out a penetration testing campaign of a networked system by a penetration testing system, using a lateral movement strategy based at least in part on information about files stored in network nodes of the networked system, the method comprising:
- a. obtaining information about files stored in a plurality of network nodes of the networked system;
b. based on the obtained information, determining, for each network node of the plurality of network nodes, a corresponding data-value score according to a common data-value metric;
c. executing the penetration testing campaign, wherein the executing includes;
i. selecting a target network node of the networked system that will be a next network node that the penetration testing system will attempt to compromise or will attempt to determine to be compromisable, the selecting being based on the data-value scores corresponding to at least some of the plurality of network nodes, andii. attempting to compromise the selected target network node or attempting to determine that the selected target network node is compromisable;
d. based on results of the penetration testing campaign, determining a method by which an attacker could compromise the networked system; and
e. reporting the method by which the attacker could compromise the networked system, wherein the reporting comprises at least one action selected from the group consisting of (i) causing a display device to display a report including information about the determined method by which the attacker could compromise the networked system, (ii) recording the report including the information about the determined method by which the attacker could compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined method by which the attacker could compromise the networked system.
1 Assignment
0 Petitions
Accused Products
Abstract
Penetration testing campaigns are carried out using a lateral movement strategy based at least in part on information about files stored in network nodes of the networked system. Information is obtained about files stored in a plurality of network nodes of the networked system, and based on the obtained information, a corresponding data-value score for each network node of the plurality of network nodes is determined according to a common data-value metric. The penetration testing campaign is executed, during which a next network node targeted for determining its compromisability is selected based on the data-value scores corresponding to at least some of the plurality of network nodes. Based on results of the penetration testing campaign, a method by which an attacker could compromise the networked system is determined and reported.
-
Citations
21 Claims
-
1. A method of carrying out a penetration testing campaign of a networked system by a penetration testing system, using a lateral movement strategy based at least in part on information about files stored in network nodes of the networked system, the method comprising:
-
a. obtaining information about files stored in a plurality of network nodes of the networked system; b. based on the obtained information, determining, for each network node of the plurality of network nodes, a corresponding data-value score according to a common data-value metric; c. executing the penetration testing campaign, wherein the executing includes; i. selecting a target network node of the networked system that will be a next network node that the penetration testing system will attempt to compromise or will attempt to determine to be compromisable, the selecting being based on the data-value scores corresponding to at least some of the plurality of network nodes, and ii. attempting to compromise the selected target network node or attempting to determine that the selected target network node is compromisable; d. based on results of the penetration testing campaign, determining a method by which an attacker could compromise the networked system; and e. reporting the method by which the attacker could compromise the networked system, wherein the reporting comprises at least one action selected from the group consisting of (i) causing a display device to display a report including information about the determined method by which the attacker could compromise the networked system, (ii) recording the report including the information about the determined method by which the attacker could compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined method by which the attacker could compromise the networked system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A penetration testing system for carrying out a penetration testing campaign of a networked system by using a lateral movement strategy based at least in part on information about files stored in network nodes of the networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks, each network node of the plurality of network nodes including one or more processors, the penetration testing system comprising:
-
a. a first non-transitory computer-readable storage medium having stored therein first program instructions, wherein execution of the first program instructions by the one or more processors of a given network node of the plurality of network nodes causes the one or more processors of the given network node to collect information about files stored in the given network node; b. a computing device comprising one or more processors, the computing device in networked communication with multiple network nodes of the networked system; and c. a second non-transitory computer-readable storage medium having stored therein second program instructions, wherein execution of the second program instructions by the one or more processors of the computing device causes the one or more processors of the computing device to carry out the following steps; i. for each given network node of the plurality of network nodes, performing one operation selected from the group consisting of (A) determining a corresponding data-value score according to a common data-value metric and (B) obtaining the corresponding data-value score according to the common data-value metric, the corresponding data-value score being based on collected information about files stored in the networked system; ii. executing the penetration testing campaign, wherein the executing includes; A. selecting a target network node of the networked system that will be next network node that the penetration testing system will attempt to compromise or will attempt to determine to be compromisable, the selecting being based on the data-value scores corresponding to at least some of the plurality of network nodes, and B. attempting to compromise the selected target network node or attempting to determine that the selected target network node is compromisable; iii. based on results of the penetration testing campaign, determining a method by which an attacker could compromise the networked system; and iv. reporting the method by which the attacker could compromise the networked system, wherein the reporting comprises at least one action selected from the group consisting of (A) causing a display device to display a report including information about the determined method by which the attacker could compromise the networked system, (B) recording the report including the information about the determined method by which the attacker could compromise the networked system in a file, and (C) electronically transmitting the report including the information about the determined method by which the attacker could compromise the networked system.
-
-
12. A method for delivering, by a penetration testing system, a recommendation for improving the security of a networked system against attackers, the method comprising:
-
a. obtaining information about files stored in a plurality of network nodes of the networked system; b. based on the obtained information, determining, for each network node of the plurality of network nodes, a corresponding data-value score according to a common data-value metric; c. executing a penetration testing campaign for testing the networked system; d. determining the recommendation for improving the security of the networked system against attackers, wherein the determining of the recommendation includes selecting one or more network nodes of the networked system that should be protected against being compromised by the attackers, wherein the selecting of the one or more network nodes is based on (i) results of the penetration testing campaign and (ii) the data-value scores corresponding to at least some of the plurality of network nodes; e. performing at least one operation selected from the group consisting of;
(i) causing a display device to display information about the recommendation for improving the security of the networked system against attackers, (ii) recording the information about the recommendation for improving the security of the networked system against attackers in a file, and (iii) electronically transmitting the information about the recommendation for improving the security of the networked system against attackers,
wherein the data-value score corresponding to a given network node is based on one or more numbers selected from the group consisting of;A. total size of all files residing in the given network node; B. total size of all files residing in one or more given folders in the given network node; C. total size of all files of one or more given types residing in the given network node; D. total size of all files of one or more given types residing in one or more given folders in the given network node; E. number of all files residing in the given network node; F. number of all files residing in one or more given folders in the given network node; G. number of all files of one or more given types residing in the given network node; and H. number of all files of one or more given types residing in one or more given folders in the given network node. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for delivering, by a penetration testing system, a recommendation for improving the security of a networked system against attackers, the method comprising:
-
a. obtaining information about files stored in a plurality of network nodes of the networked system; b. based on the obtained information, determining, for each network node of the plurality of network nodes, a corresponding data-value score according to a common data-value metric; c. executing a penetration testing campaign for testing the networked system; d. determining the recommendation for improving the security of the networked system against attackers, wherein the determining of the recommendation includes selecting one or more network nodes of the networked system that should be protected against being compromised by the attackers, wherein the selecting of the one or more network nodes is based on (i) results of the penetration testing campaign and (ii) the data-value scores corresponding to at least some of the plurality of network nodes; and e. performing at least one operation selected from the group consisting of;
(i) causing a display device to display information about the recommendation for improving the security of the networked system against attackers, (ii) recording the information about the recommendation for improving the security of the networked system against attackers in a file, and (iii) electronically transmitting the information about the recommendation for improving the security of the networked system against attackers, wherein the data-value score corresponding to a given network node is based on a number selected from the group consisting of (i) number of files residing in a second network node, (ii) number of files residing in one or more given folders in the second network node, (iii) number of files residing in the second network node and are of one or more given types, and (iv) number of files residing in the one or more given folders in the second network node that are of the one or more given types, the second network node being reachable from the given network node.
-
-
21. A penetration testing system configured to carry out a penetration testing campaign for testing a networked system and to deliver a recommendation for improving the security of the networked system against attackers based at least in part on information about files stored in network nodes of the networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks, each network node of the plurality of network nodes including one or more processors, the penetration testing system comprising:
-
a. a first non-transitory computer-readable storage medium having stored therein first program instructions, wherein execution of the first program instructions by the one or more processors of a given network node of the plurality of network nodes causes the one or more processors of the given network node to collect information about files stored in the given network node; b. a computing device comprising one or more processors, the computing device in networked communication with multiple network nodes of the networked system; and c. a second non-transitory computer-readable storage medium having stored therein second program instructions, wherein execution of the second program instructions by the one or more processors of the computing device causes the one or more processors of the computing device to carry out the following steps; i. for each given network node of the plurality of network nodes, performing one operation selected from the group consisting of (A) determining a corresponding data-value score according to a common data-value metric and (B) obtaining the corresponding data-value score according to the common data-value metric, the corresponding data-value score being based on collected information about files stored in the networked system; ii. executing the penetration testing campaign; iii. determining the recommendation for improving the security of the networked system against attackers, wherein the determining of the recommendation includes selecting one or more network nodes of the networked system that should be protected against being compromised by the attackers, wherein the selecting of the one or more network nodes is based on (A) results of the penetration testing campaign and (B) the data-value scores corresponding to at least some of the plurality of network nodes; and iv. performing at least one action selected from the group consisting of;
(A) causing a display device to display information about the recommendation for improving the security of the networked system against attackers, (B) recording the information about the recommendation for improving the security of the networked system against attackers in a file, and (C) electronically transmitting the information about the recommendation for improving the security of the networked system against attackers.
-
Specification