Validation of security monitoring through automated attack testing
First Claim
1. A computing device, comprising:
- a processor; and
a memory device including instructions embodied thereon, wherein the instructions, which when executed by the processor, configure the processor to perform electronic operations that;
deploy command instructions and a payload for a bot process to a target computing device located within a target infrastructure, the command instructions having been selected based on at least one criterion, wherein the command instructions are configured to test a security feature in the target infrastructure with an automated attack action in the bot process, and wherein the bot process is configured to execute on the target computing device and is configured to start with use of the command instructions and the payload;
communicate with the target computing device to control the automated attack action within the target infrastructure, wherein the automated attack action is configured to perform within the bot process;
send a command to the target computing device, the command configured to initiate a second bot process on the target computing device, the second bot process configured to start using the payload that was deployed with the command instructions;
obtain results of the automated attack action performed within the bot process from the target computing device; and
validate the target infrastructure or identify a vulnerability within the target infrastructure based on the results of the automated attack action.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, devices, and methods of an automatic attack testing framework for the security testing of an operational service are disclosed. In an example, such systems, devices, and methods may include operations that: deploy command instructions and a payload for a bot process to a computing device located within a target infrastructure, with the command instructions being selected based on criteria to test a security feature in the target infrastructure with an automated attack action in the bot process, and with the bot process being executed on the computing device and being started with use of the command instructions and the payload; communicate with the computing device to control the automated attack action within the target infrastructure, such that the automated attack action is performed within the bot process; and obtain results of the automated attack action performed within the bot process from the computing device.
-
Citations
19 Claims
-
1. A computing device, comprising:
-
a processor; and a memory device including instructions embodied thereon, wherein the instructions, which when executed by the processor, configure the processor to perform electronic operations that; deploy command instructions and a payload for a bot process to a target computing device located within a target infrastructure, the command instructions having been selected based on at least one criterion, wherein the command instructions are configured to test a security feature in the target infrastructure with an automated attack action in the bot process, and wherein the bot process is configured to execute on the target computing device and is configured to start with use of the command instructions and the payload; communicate with the target computing device to control the automated attack action within the target infrastructure, wherein the automated attack action is configured to perform within the bot process; send a command to the target computing device, the command configured to initiate a second bot process on the target computing device, the second bot process configured to start using the payload that was deployed with the command instructions; obtain results of the automated attack action performed within the bot process from the target computing device; and validate the target infrastructure or identify a vulnerability within the target infrastructure based on the results of the automated attack action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory device-readable storage medium, the device-readable storage medium including instructions that, when executed by a processor and memory of a computing device, causes the computing device to perform operations that:
-
deploy command instructions and a payload for a bot process to a target computing device located within a target infrastructure, the command instructions having been selected based on at least one criterion, wherein the command instructions are configured to test a security feature in the target infrastructure with an automated attack action in the bot process, and wherein the bot process is configured to execute on the target computing device and is configured to start with use of the command instructions and the payload; communicate with the target computing device to control the automated attack action within the target infrastructure, wherein the automated attack action is configured to perform within the bot process; send a command to the target computing device, the command configured to initiate a second bot process on the target computing device, the second bot process configured to start using the payload that was deployed with the command instructions; obtain results of the automated attack action performed within the bot process from the target computing device; and validate the target infrastructure or identify a vulnerability within the target infrastructure based on the results of the automated attack action. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method, comprising a plurality of electronic operations executed with a processor and memory of a computing device, the plurality of electronic operations including:
-
deploying command instructions and a payload for a bot process to a target computing device located within a target infrastructure, the command instructions having been selected based on at least one criterion, wherein the command instructions are configured to test a security feature in the target infrastructure with an automated attack action in the bot process, and wherein the bot process is configured to execute on the target computing device and is configured to start with use of the command instructions and the payload; communicating with the target computing device to control the automated attack action within the target infrastructure, wherein the automated attack action is configured to perform within the bot process; sending a command to the target computing device, the command configured to initiate a second bot process on the target computing device, the second bot process configured to start using the payload that was deployed with the command instructions; obtaining results of the automated attack action performed within the bot process from the target computing device; and validating the target infrastructure or identify a vulnerability within the target infrastructure based on the results of the automated attack action. - View Dependent Claims (16, 17, 18, 19)
-
Specification