Systems and methods for dynamic removal of agents from nodes of penetration testing systems
First Claim
1. A method of carrying out a penetration testing campaign of a networked system including multiple network nodes by a penetration testing system, the penetration testing system comprising (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module installed on at least some network nodes of the multiple network nodes, the method comprising:
- a. for one network node of said at least some network nodes, evaluating a dynamic Boolean uninstalling condition;
b. in response to determining that said dynamic Boolean uninstalling condition is satisfied for said one network node, uninstalling the reconnaissance agent software module from said one network node,wherein said dynamic Boolean uninstalling condition is a Boolean condition (i) that when evaluated for a given network node at two points in time, may produce different values even if network connectivity and an on/off state of said given network node do not change between said two points in time, (ii) that at a time of installing the reconnaissance agent software module on said given network node, for at least one future time point, it is not possible to predict a value of said Boolean condition for said given network node at said at least one future time point, and (iii) for which any evaluation of whether said Boolean condition is satisfied for said given network node does not depend solely on whether said given network node takes part in a penetration testing campaign at the time of said evaluation.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods of carrying out a penetration testing campaign of a networked system by a penetration testing system, in which reconnaissance agent software modules are dynamically removed from at least one network node based on changing conditions in the tested networked system. The networked system includes multiple network nodes, and the penetration testing system includes a penetration testing software module and a reconnaissance agent software module installed on at least some network nodes of the multiple network nodes. For one network node, a dynamic Boolean uninstalling condition is evaluated, and in response to determining that the dynamic Boolean uninstalling condition is satisfied for that network node, the reconnaissance agent software module is uninstalled from that network node.
103 Citations
20 Claims
-
1. A method of carrying out a penetration testing campaign of a networked system including multiple network nodes by a penetration testing system, the penetration testing system comprising (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module installed on at least some network nodes of the multiple network nodes, the method comprising:
-
a. for one network node of said at least some network nodes, evaluating a dynamic Boolean uninstalling condition; b. in response to determining that said dynamic Boolean uninstalling condition is satisfied for said one network node, uninstalling the reconnaissance agent software module from said one network node, wherein said dynamic Boolean uninstalling condition is a Boolean condition (i) that when evaluated for a given network node at two points in time, may produce different values even if network connectivity and an on/off state of said given network node do not change between said two points in time, (ii) that at a time of installing the reconnaissance agent software module on said given network node, for at least one future time point, it is not possible to predict a value of said Boolean condition for said given network node at said at least one future time point, and (iii) for which any evaluation of whether said Boolean condition is satisfied for said given network node does not depend solely on whether said given network node takes part in a penetration testing campaign at the time of said evaluation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for carrying out a penetration testing campaign of a networked system including multiple network nodes, each network node of the multiple network nodes including one or more node processors, the system comprising:
-
a. a penetration testing computing device in communication with at least some network nodes of the multiple network nodes, the penetration testing computing device comprising; i. one or more penetration testing processors; and ii. a penetration testing non-transitory computer readable storage medium for instructions execution by said one or more penetration testing processors, said penetration testing non-transitory computer readable storage medium having stored; A. data receiving instructions that, when executed by said one or more penetration testing processors, cause said penetration testing computing device to receive data from said at least some network nodes; and B. campaign instructions that, when executed by said one or more penetration testing processors, cause said penetration testing computing device to carry out the penetration testing campaign for testing the networked system based on said data received from said at least some network nodes; and b. a reconnaissance agent non-transitory computer readable storage medium for instructions execution by the one or more node processors of one network node of said at least some network nodes, said reconnaissance agent non-transitory computer readable storage medium having stored; i. reconnaissance agent instructions that, when executed by said one or more node processors of said one network node, cause said one network node to transmit from said one network node at least a portion of said data received by said penetration testing computing device; ii. condition evaluation instructions that, when executed by said one or more node processors of said one network node, cause said one network node to evaluate a dynamic Boolean uninstalling condition for said one network node; and iii. uninstalling instructions that, when executed by said one or more node processors of said one network node, cause said one network node to uninstall said reconnaissance agent instructions from said one network node, wherein said uninstalling instructions are executed in response to the condition evaluation instructions determining that said dynamic Boolean uninstalling condition is satisfied for said one network node, wherein said dynamic Boolean uninstalling condition is a Boolean condition (i) that when evaluated for a given network node at two points in time, may produce different values even if network connectivity and an on/off state of said given network node do not change between said two points in time, (ii) that at a time of installing said reconnaissance agent instructions on said given network node, for at least one future time point, it is not possible to predict a value of said Boolean condition for said given network node at said at least one future time point, and (iii) for which any evaluation of whether said Boolean condition is satisfied for said given network node does not depend solely on whether said given network node takes part in a penetration testing campaign at the time of said evaluation.
-
-
20. A system for carrying out a penetration testing campaign of a networked system including multiple network nodes, each network node of the multiple network nodes including one or more node processors, the system comprising:
-
a. a reconnaissance agent non-transitory computer readable storage medium for instructions execution by the one or more node processors of one network node of the multiple network nodes, said reconnaissance agent non-transitory computer readable storage medium having stored; i. reconnaissance agent instructions that, when executed by said one or more node processors of said one network node, cause said one network node to transmit from said one network node data about said one network node; and ii. uninstalling instructions that, when executed by said one or more node processors of said one network node, cause said one network node to uninstall said reconnaissance agent instructions from said one network node; and b. a penetration testing computing device in communication with at least some network nodes of the multiple network nodes, wherein said at least some network nodes include said one network node, said penetration testing computing device comprising; i. one or more penetration testing processors; and ii. a penetration testing non-transitory computer readable storage medium for instructions execution by said one or more penetration testing processors, said penetration testing non-transitory computer readable storage medium having stored; A. data receiving instructions that, when executed by said one or more penetration testing processors, cause said penetration testing computing device to receive data from said at least some network nodes, said received data including said data about said one network node; B. campaign instructions that, when executed by said one or more penetration testing processors, cause said penetration testing computing device to carry out the penetration testing campaign for testing the networked system based on said data received from said at least some network nodes; and C. condition evaluation instructions that, when executed by said one or more penetration testing processors, cause said penetration testing computing device to evaluate a dynamic Boolean uninstalling condition for said one network node, the evaluation being based on said data about said one network node, wherein said uninstalling instructions are executed by said one or more node processors of said one network node in response to said condition evaluation instructions determining that said dynamic Boolean uninstalling condition is satisfied for said one network node, wherein said dynamic Boolean uninstalling condition is a Boolean condition (i) that when evaluated for a given network node at two points in time, may produce different values even if network connectivity and an on/off state of said given network node do not change between said two points in time, (ii) that at a time of installing said reconnaissance agent instructions on said given network node, for at least one future time point, it is not possible to predict a value of said Boolean condition for said given network node at said at least one future time point, and (iii) for which any evaluation of whether said Boolean condition is satisfied for said given network node does not depend solely on whether said given network node takes part in a penetration testing campaign at the time of said evaluation.
-
Specification