Testing for risk of macro vulnerability
First Claim
1. A method of penetration testing of a network node by a penetration testing system, the penetration testing system comprising (A) a penetration testing software module and (B) a reconnaissance agent software module installed in the network node, where (i) a macro-supporting software application which supports auto-executing macros is installed on the network node, and (ii) the macro-supporting software application is configured to prompt a user of the network node upon detecting an opening of a file containing an auto-executing macro in the network node, the method comprising:
- a. detecting, by the reconnaissance agent software module of the penetration testing system, a first event of the macro-supporting software application opening a file in the network node, wherein (i) opening the file either includes importing it into the network node or includes opening it from a storage device of the network node where it was saved after being imported into the network node, and (ii) the file is devoid of auto-executing macros;
b. in response to the detecting of the opening of the file in the network node, prompting the user of the network node to decide between permitting and not permitting execution of a macro;
c. ascertaining, by the reconnaissance agent software module, the decision made by the user in response to the prompting;
d. sending a message, by the reconnaissance agent software module to the penetration testing software module, the message containing information concerning the decision made by the user;
e. making a determination, by the penetration testing software module, regarding the vulnerability of the network node to a macro-based attack, the determination being based on the information concerning the decision made by the user;
f. reporting the determination, the reporting comprising at least one action selected form the group consisting of;
(i) causing a display device to display information about the determination, (ii) recording the information about the determination in a file, and (iii) electronically transmitting the information about the determination.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are disclosed for penetration testing of a network node by a penetration testing system to determine vulnerability of network nodes to macro-based attacks. A reconnaissance agent runs in a network node to prompt user responses to macro warnings upon detecting file openings by macro-supporting software applications of files not containing auto-executing macros, and the responses are used for determining vulnerability.
55 Citations
26 Claims
-
1. A method of penetration testing of a network node by a penetration testing system, the penetration testing system comprising (A) a penetration testing software module and (B) a reconnaissance agent software module installed in the network node, where (i) a macro-supporting software application which supports auto-executing macros is installed on the network node, and (ii) the macro-supporting software application is configured to prompt a user of the network node upon detecting an opening of a file containing an auto-executing macro in the network node, the method comprising:
-
a. detecting, by the reconnaissance agent software module of the penetration testing system, a first event of the macro-supporting software application opening a file in the network node, wherein (i) opening the file either includes importing it into the network node or includes opening it from a storage device of the network node where it was saved after being imported into the network node, and (ii) the file is devoid of auto-executing macros; b. in response to the detecting of the opening of the file in the network node, prompting the user of the network node to decide between permitting and not permitting execution of a macro; c. ascertaining, by the reconnaissance agent software module, the decision made by the user in response to the prompting; d. sending a message, by the reconnaissance agent software module to the penetration testing software module, the message containing information concerning the decision made by the user; e. making a determination, by the penetration testing software module, regarding the vulnerability of the network node to a macro-based attack, the determination being based on the information concerning the decision made by the user; f. reporting the determination, the reporting comprising at least one action selected form the group consisting of;
(i) causing a display device to display information about the determination, (ii) recording the information about the determination in a file, and (iii) electronically transmitting the information about the determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A penetration testing system for testing a network node on which are installed (i) a reconnaissance agent software module of the penetration testing system and (ii), at least one macro-supporting software application which supports auto-executing macros, the penetration testing system comprising:
-
a. a remote computing device comprising one or more processors and a data storage device, wherein a penetration testing software module of the penetration testing system is installed on the remote computing device, the remote computing device being in electronic communication with the network node; b. a first non-transitory computer-readable storage medium containing first program instructions, wherein execution of the first program instructions by one or more processors of the network node causes the one or more processors of the network node to carry out the following steps; i. detecting, by the reconnaissance agent software module, a first event of a first macro-supporting software application opening a file in the network node, wherein (i) opening the file either includes importing it into the network node or includes opening it from a storage device of the network node where it was saved after being imported into the network node, and (ii) the file is devoid of auto-executing macros, ii. in response to the detecting of the opening of the file in the network node, prompting a user of the network node to decide between permitting and not permitting execution of a macro, iii. ascertaining, by the reconnaissance agent software module, the decision made by the user of the network node in response to the prompting, iv. sending a message, by the reconnaissance agent software module to the penetration testing software module, the message containing information concerning the decision made by the user of the network node; and c. a second non-transitory computer-readable storage medium containing second program instructions, wherein execution of the second program instructions by the one or more processors of the remote computing device causes the one or more processors of the remote computing device to carry out the following steps; i. receiving a message sent by the reconnaissance agent software module, the message containing information concerning a decision made by the user of the network node in response to being prompted to decide between permitting and not permitting execution of a macro; ii. making a determination, by the penetration testing software module, regarding the vulnerability of the network node to a macro-based attack, the determination being based on the information concerning the decision made by the user of the network node; iii. reporting the determination, the reporting comprising at least one action selected from the group consisting of;
(i) causing a display device of the remote computing device to display information about the determination, (ii) recording the information about the determination in a file on a data storage device of the remote computing device, and (iii) electronically transmitting the information about the determination to another computer.
-
-
25. A method of penetration testing of a network node to determine vulnerability to a macro-based attack, comprising:
-
a. detecting, by a module of a penetration testing system, the module installed on the network node, an event of a macro-supporting software application opening a file in the network node, the file not containing any auto-executing macros; b. in response to the detecting, prompting a user of the network node to decide between permitting and not permitting execution of a macro; c. based on the decision made by the user, making a determination regarding the vulnerability of the network node to a macro-based attack; and d. reporting the determination, the reporting comprising at least one action selected from the group consisting of;
(i) causing a display device to display information about the determination, (ii) recording the information about the determination in a file, and (iii) electronically transmitting the information about the determination.
-
-
26. A non-transitory computer-readable storage medium containing program instructions for penetration testing of a network node, wherein execution of the program instructions by one or more computer processors causes the one or more computer processors to carry out the following steps:
-
a. detecting an event of a macro-supporting software application opening a file in the network node, the file not containing any auto-executing macros; b. in response to the detecting, prompting a user of the network node to decide between permitting and not permitting execution of a macro; c. based on the decision made by the user, making a determination regarding the vulnerability of the network node to a macro-based attack; and d. reporting the determination, the reporting comprising at least one action selected from the group consisting of;
(i) causing a display device to display information about the determination, (ii) recording the information about the determination in a file, and (iii) electronically transmitting the information about the determination.
-
Specification