Penetration testing of a networked system
First Claim
1. A method for executing a penetration test of a networked system by a penetration testing system so as to determine a method for an attacker to compromise the networked system, where the penetration testing system comprises (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module (RASM) installed on at least some network nodes of the networked system so that each network node of the networked system on which the RASM is installed is defined as a RASM-hosting network node, the method for executing the penetration test comprising:
- a. obtaining, by each given RASM-hosting network node of one or more RASM-hosting network nodes, respective data of the given RASM-hosting network node, the obtaining comprising executing computer code of the RASM by one or more processors of the given RASM-hosting network node, the respective data including data about at least one member selected from the group consisting of;
A. an event of the given RASM-hosting network node,B. a condition of the given RASM-hosting network node, andC. a fact of the given RASM-hosting network node;
b. transmitting to the remote computing device, by each given RASM-hosting network node of the one or more RASM-hosting network nodes, the obtained respective data of the given RASM-hosting network node, the transmitting comprising executing computer code of the RASM by the one or more processors of the given RASM-hosting network node;
c. assessing, by the remote computing device, and based on the data transmitted by at least one RASM-hosting network node of the one or more RASM-hosting network nodes, if a first network node of the networked system can be compromised;
d. in response to assessing that the first network node of the networked system can be compromised, simulating or evaluating, by the remote computing device, a result of compromising the first network node of the networked system;
e. determining, by the remote computing device and based on the result of the compromising of the first network node of the networked system, that a second network node of the networked system can be compromised, wherein the determining that the second network node of the networked system can be compromised comprises (i) using knowledge about known methods of compromising networks or computing devices, and (ii) executing computer code of the penetration testing software module by one or more processors of the remote computing device;
f. determining, by the remote computing device and based on the determining that the second network node of the networked system can be compromised, the method for the attacker to compromise the networked system; and
g. reporting, by the remote computing device of the penetration testing system, the determined method for the attacker to compromise the networked system, the reporting comprising executing computer code of the penetration testing software module by the one or more processors of the remote computing device, wherein the reporting comprises at least one operation selected from the group consisting of (i) causing a display device to display a report including information about the determined method for the attacker to compromise the networked system, (ii) recording the report including the information about the determined method for the attacker to compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined method for the attacker to compromise the networked system,wherein the method for executing the penetration test is such that no network node of the networked system is put at risk of being compromised by the executing of the penetration test.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for penetration testing of a networked system comprising a set of network-nodes by a penetration testing system (e.g. to enforce first and/or second rules) are disclosed herein. The penetration testing system comprises: (i) reconnaissance agent software module (RASM) installed on multiple nodes (each of which is a RASM-hosting node) of the networked system to be penetration-tested and (ii) a penetration testing software module (PTSM) installed on a remote computing device (RCD). Internal data from each of the RASM-hosting nodes is collected and transmitted to the RCD. Analysis of the internal data collected from multiple RASM-hosting network nodes determines a method for an attacker to compromise the networked system. The first and second rules are defined herein. Alternatively or additionally, one or more of the RASM instances are pre-installed on one or more RASM-hosting nodes before the penetration testing commences.
52 Citations
20 Claims
-
1. A method for executing a penetration test of a networked system by a penetration testing system so as to determine a method for an attacker to compromise the networked system, where the penetration testing system comprises (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module (RASM) installed on at least some network nodes of the networked system so that each network node of the networked system on which the RASM is installed is defined as a RASM-hosting network node, the method for executing the penetration test comprising:
-
a. obtaining, by each given RASM-hosting network node of one or more RASM-hosting network nodes, respective data of the given RASM-hosting network node, the obtaining comprising executing computer code of the RASM by one or more processors of the given RASM-hosting network node, the respective data including data about at least one member selected from the group consisting of; A. an event of the given RASM-hosting network node, B. a condition of the given RASM-hosting network node, and C. a fact of the given RASM-hosting network node; b. transmitting to the remote computing device, by each given RASM-hosting network node of the one or more RASM-hosting network nodes, the obtained respective data of the given RASM-hosting network node, the transmitting comprising executing computer code of the RASM by the one or more processors of the given RASM-hosting network node; c. assessing, by the remote computing device, and based on the data transmitted by at least one RASM-hosting network node of the one or more RASM-hosting network nodes, if a first network node of the networked system can be compromised; d. in response to assessing that the first network node of the networked system can be compromised, simulating or evaluating, by the remote computing device, a result of compromising the first network node of the networked system; e. determining, by the remote computing device and based on the result of the compromising of the first network node of the networked system, that a second network node of the networked system can be compromised, wherein the determining that the second network node of the networked system can be compromised comprises (i) using knowledge about known methods of compromising networks or computing devices, and (ii) executing computer code of the penetration testing software module by one or more processors of the remote computing device; f. determining, by the remote computing device and based on the determining that the second network node of the networked system can be compromised, the method for the attacker to compromise the networked system; and g. reporting, by the remote computing device of the penetration testing system, the determined method for the attacker to compromise the networked system, the reporting comprising executing computer code of the penetration testing software module by the one or more processors of the remote computing device, wherein the reporting comprises at least one operation selected from the group consisting of (i) causing a display device to display a report including information about the determined method for the attacker to compromise the networked system, (ii) recording the report including the information about the determined method for the attacker to compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined method for the attacker to compromise the networked system, wherein the method for executing the penetration test is such that no network node of the networked system is put at risk of being compromised by the executing of the penetration test. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A penetration testing system for executing a penetration test of a networked system so as to determine a method for an attacker to compromise the networked system, the penetration testing system comprising:
-
a. a remote computing device comprising a computer memory and one or more processors, the remote computing device in electronic communication with the networked system; b. a first non-transitory computer-readable storage medium containing first code of a reconnaissance agent software module (RASM), wherein execution of the first code of the RASM by respective one or more processors of each given network node of a first set of network nodes of the networked system, causes the one or more processors of the given network node of the first set to carry out the following; i. obtaining respective data of the given network node of the first set, the respective data including data about at least one member selected from the group consisting of; A. an event of the given network node of the first set, B. a condition of the given network node of the first set, and C. a fact of the given network node of the first set; and ii. transmitting to the remote computing device and out of the given network node of the first set the obtained respective data of the given network node of the first set; and c. a second non-transitory computer-readable storage medium containing second code of a penetration testing software module, wherein execution of the second code of the penetration testing software module by the one or more processors of the remote computing device; i. assesses, based on the respective data transmitted by each given network node of a second set of network-nodes of the networked system, if a first network node of the networked system can be compromised; ii. in response to assessing that the first network node can be compromised, simulates or evaluates a result of compromising the first network node of the networked system; iii. determines, based on the result of the compromising of the first network node of the networked system, that a second network node of the networked system can be compromised, wherein the determining that the second network node of the networked system can be compromised comprises using knowledge about known methods of compromising networks or computing devices; iv. determines, based on the determining that the second network node of the networked system can be compromised, the method for the attacker to compromise the networked system; and v. reports the determined method for the attacker to compromise the networked system, wherein the reporting comprises at least one operation selected from the group consisting of (A) causing a display device to display a report including information about the determined method for the attacker to compromise the networked system, (B) recording the report including the information about the determined method for the attacker to compromise the networked system in a file, and (C) electronically transmitting a report including the information about the determined method for the attacker to compromise the networked system, wherein (i) the execution of the first code of the RASM by the respective one or more processors of each given network node of the first set of network nodes of the networked system and (ii) the execution of the second code of the penetration testing software module by the one or more processors of the remote computing device, subject the networked system to penetration testing in which no network node of the networked system is put at risk of being compromised.
-
-
11. A method for executing a penetration test of a networked system by a penetration testing system so as to determine a method for an attacker to compromise the networked system, where the penetration testing system comprises (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module (RASM) installable on network nodes of the networked system so that each network node of the networked system on which the RASM is installed is defined as a RASM-hosting network node, the method for executing the penetration test comprising:
-
a. subsequent to an installing of the RASM on at least some network nodes of the networked system, which installing occurs prior to starting the executing of the penetration test, performing the following; i. obtaining, by each given RASM-hosting network node of one or more RASM-hosting network nodes, respective data of the given RASM-hosting network node, the obtaining comprising executing computer code of the RASM by one or more processors of the given RASM-hosting network node, the respective data including data about at least one member selected from the group consisting of; A. an event of the given RASM-hosting network node, B. a condition of the given RASM-hosting network node, and C. a fact of the given RASM-hosting network node; and ii. transmitting to the remote computing device, by each given RASM-hosting network node of the one or more RASM-hosting network nodes, the obtained respective data of the given RASM-hosting network node, the transmitting comprising executing computer code of the RASM by the one or more processors of the given RASM-hosting network node; c. assessing, by the remote computing device and based on the data transmitted by at least one RASM-hosting network node of the one or more RASM-hosting network nodes, of a first network node of the networked system can be compromised; d. in response to assessing that the first network node of the networked system can be compromised, simulating or evaluating, by the remote computing device, a result of compromising the first network node of the networked system; e. determining, by the remote computing device and based on the result of the compromising of the first network node of the networked system, that a second network node of the networked system can be compromised, wherein the determining that the second network node of the networked system can be comprosmised comprises (i) using knowledge about known methods compromising networks or computing devices, and (ii) executing computer code of the penetration testing software module by one or more processors of the remote computing device; f. determining, by the remote computing device and based on the determining that the second network node of the networked system can be compromised, the method for the attacker to compromise the networked system; and g. reporting, by the remote computing device of the penetration testing system, the method for the attacker to compromise the networked system, the reporting comprising executing computer code of the penetration testing software module by the one or more processors of the remote computing device, wherein the reporting comprises at least one operation selected from the group consisting of (i) causing a display device to display a report including information about the determined method for the attacker to compromise the networked system, (ii) recording the report including the information about the determined method for the attacker to compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined method for the attacker to compromise the networked system. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A penetration testing system for executing a penetration test of a networked system so as to determine a method for an attacker to compromise the networked system, the penetration testing system comprising:
-
a. a remote computing device comprising a computer memory and one or more processors, the remote computing device in electronic communication with the networked system; b. a first non-transitory computer-readable storage medium containing first code of a reconnaissance agent software module (RASM), wherein for a first set of network-nodes of the networked system on which the RASM is pre-installed before starting the executing of the penetration test, subsequent execution of the first code, after starting the executing of the penetration test, by respective one or more processors of each given network node of the first set of network nodes, causes the one or more processors of the given network node of the first set to carry out the following; i. obtaining respective data of the given network node of the first set, the respective data including data about at least one member selected from the group consisting of; A. an event of the given network node of the first set, B. a condition of the given network node of the first set, and C. a fact of the given network node of the first set; and ii. transmitting to the remote computing device and out of the given network node of the first set the obtained respective data of the given network node of the first set; and c. a second non-transitory computer-readable storage medium containing second code of a penetration testing software module, wherein execution of the second code of the penetration testing software module by the one or more processors of the remote computing device; i. assesses, based on the respective data transmitted by each given network node of a second set of network-nodes of the networked system, if a first network node of the networked system can be compromised; ii. in response to assessing that the first network node can be compromised, simulates or evaluates a result of compromising the first network node of the networked system; iii. determines, based on the result of the compromising of the first network node of the networked system, that a second network node of the networked system can be compromised, wherein the determining that the second network node of the networked system can be compromised comprises using knowledge about known methods of compromising networks or computing devices; iv. determines, based on the determining that the second network node of the networked system can be compromised, the method for the attacker to compromise the networked system; and v. reports the determined method for the attacker to compromise the networked system, wherein the reporting comprises at least one operation selected from the group consisting of (A) causing a display device to display a report including information about the determined method for the attacker to compromise the networked system, (B) recording the report including the information about the determined method for the attacker to compromise the networked system in a file, and (C) electronically transmitting a report including the information about the determined method for the attacker to compromise the networked system.
-
Specification