SYSTEMS AND METHODS FOR SELECTING A LATERAL MOVEMENT STRATEGY FOR A PENETRATION TESTING CAMPAIGN
First Claim
Patent Images
1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to a lateral movement strategy of an attacker of the penetration testing campaign, the method comprising:
- a. automatically selecting, by the penetration testing system, one lateral movement strategy from a group of multiple lateral movement strategies available for use in the penetration testing campaign;
wherein the automatic selecting is done by randomly selecting the one lateral movement strategy from the group of lateral movement strategies;
b. executing the penetration testing campaign, by the penetration testing system and according to the automatically selected lateral movement strategy of the attacker, so as to test the networked system; and
c. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report describing the at least one security vulnerability in a file, and (iii) electronically transmitting the report describing the at least one security vulnerability.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for carrying out campaigns of penetration testing for discovering and reporting security vulnerabilities of a networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks.
26 Citations
12 Claims
-
1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to a lateral movement strategy of an attacker of the penetration testing campaign, the method comprising:
-
a. automatically selecting, by the penetration testing system, one lateral movement strategy from a group of multiple lateral movement strategies available for use in the penetration testing campaign;
wherein the automatic selecting is done by randomly selecting the one lateral movement strategy from the group of lateral movement strategies;b. executing the penetration testing campaign, by the penetration testing system and according to the automatically selected lateral movement strategy of the attacker, so as to test the networked system; and c. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report describing the at least one security vulnerability in a file, and (iii) electronically transmitting the report describing the at least one security vulnerability. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for penetration testing of a networked system by performing a penetration testing campaign against the networked system, the system comprising:
-
a. a set-up module including; i. one or more set-up processors; and ii. a set-up non-transitory computer readable storage medium for instructions execution by the one or more set-up processors, the set-up non-transitory computer readable storage medium having stored instructions to automatically select one lateral movement strategy of an attacker of the penetration testing campaign from a group of multiple lateral movement strategies available for use in the penetration testing campaign, the instructions to automatically select including instructions to randomly select the one lateral movement strategy from the group of lateral movement strategies; b. a penetration-testing-campaign module including; i. one or more penetration-testing-campaign processors; and ii. a penetration-testing-campaign non-transitory computer readable storage medium for instructions execution by the one or more penetration-testing-campaign processors, the penetration-testing-campaign non-transitory computer readable storage medium having stored instructions to perform the penetration testing campaign according to the automatically selected lateral movement strategy of the attacker so as to test the networked system; and c. a reporting module including; i. one or more reporting processors; and ii. a reporting non-transitory computer readable storage medium for instructions execution by the one or more reporting processors, the reporting non-transitory computer readable storage medium having stored instructions to report at least one security vulnerability determined to exist in the networked system according to results of the penetration testing campaign performed by the penetration-testing-campaign module, the instructions to report including at least one of (i) instructions to cause a display device to display a report describing the at least one security vulnerability, (ii) instructions to store the report describing the at least one security vulnerability in a file and (iii) instructions to electronically transmit the report describing the at least one security vulnerability. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification