Setting-up penetration testing campaigns

US 10,505,969 B2
Filed: 09/19/2018
Issued: 12/10/2019
Est. Priority Date: 01/30/2017
Status: Active Grant

First Claim

Patent Images

1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to a manual and explicit selecting of one or more network nodes of the networked system, the method comprising:

receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs explicitly selecting the one or more network nodes of the networked system, wherein at least one of the manually and explicitly selected nodes is other than the computing device;

in accordance with the manual and explicit selecting of the network nodes, executing the penetration testing campaign by the penetration testing system so as to test the networked system, the penetration testing campaign being executed under the assumption that at the time of beginning the penetration testing campaign, the manually and explicitly selected one or more network nodes of the networked system are both (i) already compromised and (ii) the only network nodes of the networked system that are already compromised; and

reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one operation selected from the group consisting of;

(i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report containing information about the at least one security vulnerability, and (iii) electronically transmitting the report describing the at least one security vulnerability.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for penetration testing of a networked system by a penetration testing system (e.g. that is controlled by a user interface of a computing device) are disclosed herein. In one example, a penetration testing campaign is executed according to a manual and explicit selecting of one or more network nodes of the networked system. Alternatively or additionally, a penetration testing campaign is executed according to a manually and explicitly selected node-selection condition. Alternatively or additionally, a penetration testing campaign is executed according to an automatic selecting of one or more network nodes of the networked system.

66 Citations

View as Search Results

19 Claims

1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to a manual and explicit selecting of one or more network nodes of the networked system, the method comprising:
- receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs explicitly selecting the one or more network nodes of the networked system, wherein at least one of the manually and explicitly selected nodes is other than the computing device;
  
  in accordance with the manual and explicit selecting of the network nodes, executing the penetration testing campaign by the penetration testing system so as to test the networked system, the penetration testing campaign being executed under the assumption that at the time of beginning the penetration testing campaign, the manually and explicitly selected one or more network nodes of the networked system are both (i) already compromised and (ii) the only network nodes of the networked system that are already compromised; and
  
  reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one operation selected from the group consisting of;
  
  (i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report containing information about the at least one security vulnerability, and (iii) electronically transmitting the report describing the at least one security vulnerability.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein before receiving the one or more manually-entered inputs that explicitly select the one or more network nodes of the networked system, the penetration testing system automatically computes and displays an explicit recommendation for selecting the one or more network nodes that are the only network nodes that are already compromised at the time of beginning the penetration testing campaign.
  - 3. The method of claim 2 wherein the received one or more manually-entered inputs comprise an explicit user approval of the explicit recommendation.
  - 4. The method of claim 1, further comprising:
    - subsequent to the receiving by the penetration testing system of the one or more manually-entered inputs that explicitly select the one or more network nodes of the networked system, receiving, by the penetration testing system and via the user interface of the computing device, one or more additional manually-entered inputs, the one or more additional manually-entered inputs explicitly selecting a value for a second information item of the penetration testing campaign, wherein the second information item is not a set of one or more network nodes that are assumed to be the only network nodes that are already compromised at the time of beginning the penetration testing campaign.
  - 5. The method of claim 4 wherein the executing of the penetration testing campaign is performed using both (i) the manually and explicitly selected value for the second information item, and (ii) the assumption that the manually and explicitly selected one or more network nodes of the networked system are the only network nodes that are already compromised at the time of beginning the penetration testing campaign.

6. A system for penetration testing of a networked system, the system comprising:
- a. a network-nodes-selection user interface including one or more user interface components for manual and explicit selection of one or more network nodes, where the network-nodes-selection user interface resides in a computing device and at least one of the manually and explicitly selected one or more network nodes is other than the computing device;
  
  b. a penetration-testing-campaign module comprising;
  
  i. at least one penetration-testing-campaign processor; and
  
  ii. a penetration-testing-campaign non-transitory computer readable storage medium for instructions execution by the one or more penetration-testing-campaign processers, the penetration-testing-campaign non-transitory computer readable storage medium having stored instructions to perform a penetration testing campaign under the assumption that at the time of beginning the penetration testing campaign, the manually and explicitly selected one or more network nodes of the networked system are both (i)) already compromised and (ii) the only network nodes of the networked system that are already compromised; and
  
  c. a reporting module comprising;
  
  i. at least one reporting processor; and
  
  ii. a reporting non-transitory computer readable storage medium for instructions execution by the one or more reporting processors, the reporting non-transitory computer readable storage medium having stored instructions to report at least one security vulnerability determined to exist in the networked system according to results of the penetration testing campaign that is performed by the penetration-testing-campaign module, wherein the reporting module is configured to report the at least one security vulnerability by performing at least one operation selected from the group consisting of;
  
  (i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report containing information about the at least one security vulnerability, and (iii) electronically transmitting the report describing the at least one security vulnerability.
- View Dependent Claims (7)
- - 7. The system of claim 6, further comprising a recommendation module comprising:
    - i. at least one recommendation processor;
      
      ii. a recommendation non-transitory computer readable storage medium for instructions execution by the one or more recommendation processors, the recommendation non-transitory computer readable storage medium having stored instructions to automatically compute an explicit recommendation for selecting the one or more network nodes, wherein the network-nodes-selection user interface displays the explicit recommendation.

8. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to a manually and explicitly provided node-selection condition, the method comprising:
- receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs explicitly selecting a Boolean node-selection condition, the manually and explicitly selected node-selection condition defining a proper subset of network nodes of the networked system such that any network node of the networked system is a member of the subset of network nodes if and only if it satisfies the condition;
  
  in accordance with the manual and explicit selecting of the node-selection condition, executing the penetration testing campaign by the penetration testing system so as to test the networked system, the penetration testing campaign being executed under the assumption that every node of the subset of network nodes is already compromised at the time of beginning the penetration testing campaign; and
  
  reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one operation selected from the group consisting of;
  
  (i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report containing information about the at least one security vulnerability, and (iii) electronically transmitting the report describing the at least one security vulnerability.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein before receiving the one or more manually-entered inputs that explicitly select the Boolean node-selection condition, the penetration testing system automatically computes and displays an explicit recommendation for selecting the Boolean node-selection condition.
  - 10. The method of claim 9 wherein the received one or more manually-entered inputs for selecting the Boolean node-selection condition comprise an explicit user approval of the explicit recommendation.
  - 11. The method of claim 8, further comprising:
    - subsequent to the receiving by the penetration testing system of the one or more manually-entered inputs that explicitly select the Boolean node-selection condition, receiving, by the penetration testing system and via the user interface of the computing device, one or more additional manually-entered inputs, the one or more additional manually-entered inputs explicitly selecting a value for a second information item of the penetration testing campaign, wherein the second information item is not a node-selection condition defining a subset of network nodes that are assumed to be already compromised at the time of beginning the penetration testing campaign.
  - 12. The method of claim 11 wherein the executing of the penetration testing campaign is performed using both (i) the manually and explicitly selected value for the second information item, and (ii) an assumption that every node of the subset of network nodes is already compromised at the time of beginning the penetration testing campaign.

13. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to an automatic selecting of one or more network nodes of the networked system, the method comprising:
- determining, by the penetration testing system, a type of an attacker of the penetration testing campaign;
  
  based on a result of the determining, automatically selecting, by the penetration testing system, the one or more network nodes of the networked system, wherein at least one of the automatically selected network nodes is other than the computing device;
  
  in accordance with the automatically selecting of the network nodes, executing the penetration testing campaign by the penetration testing system so as to test the networked system, the penetration testing campaign being executed under the assumption that the automatically selected one or more network nodes of the networked system are already compromised at the time of beginning the penetration testing campaign; and
  
  reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one operation selected from the group consisting of;
  
  (i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report containing information about the at least one security vulnerability, and (iii) electronically transmitting the report describing the at least one security vulnerability.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein the determining of the type of the attacker comprises automatically determining the type of the attacker by the penetration testing system.
  - 15. The method of claim 13, wherein the determining of the type of the attacker comprises receiving, via the user interface of the computing device, one or more manually-entered inputs that explicitly select the type of the attacker.

16. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to an automatic selecting of one or more network nodes of the networked system, the method comprising:
- automatically determining, by the penetration testing system, whether one or more network nodes of the networked system satisfy a pre-defined Boolean condition;
  
  based on a result of the determining, automatically selecting, by the penetration testing system, the one or more network nodes of the networked system, wherein at least one of the automatically selected network nodes is other than the computing device;
  
  in accordance with the automatically selecting of the network nodes, executing the penetration testing campaign by the penetration testing system so as to test the networked system, the penetration testing campaign being executed under the assumption that the automatically selected one or more network nodes of the networked system are already compromised at the time of beginning the penetration testing campaign; and
  
  reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one operation selected from the group consisting of;
  
  (i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report containing information about the at least one security vulnerability, and (iii) electronically transmitting the report describing the at least one security vulnerability.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, wherein the pre-defined Boolean condition is satisfied for a given network node if and only if the given network node has a direct connection to a computing device that is outside the networked system.
  - 18. The method of claim 16, wherein the pre-defined Boolean condition is satisfied for a given network node if and only if the given network node has an operating system that is a member of a pre-defined set of operating systems.
  - 19. The method of claim 16, wherein the pre-defined Boolean condition is satisfied for a given network node if and only if the given network node has a cellular communication channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
XM Cyber Ltd. (Schwarz Unternehmenskommunikation GmbH & Co. KG)
Original Assignee
XM Cyber Ltd. (Schwarz Unternehmenskommunikation GmbH & Co. KG)
Inventors
Gorodissky, Boaz, Ashkenazy, Adi, Segal, Ronen
Primary Examiner(s)
Lemma, Samson B

Application Number

US16/135,720
Publication Number

US 20190036961A1
Time in Patent Office

447 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Setting-up penetration testing campaigns

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

66 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Setting-up penetration testing campaigns

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links