SYSTEMS AND METHODS FOR SELECTING A LATERAL MOVEMENT STRATEGY FOR A PENETRATION TESTING CAMPAIGN
First Claim
Patent Images
1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to a lateral movement strategy of an attacker of the penetration testing campaign, the method comprising:
- a. automatically selecting, by the penetration testing system, one lateral movement strategy from a group of multiple lateral movement strategies available for use in the penetration testing campaign;
wherein the automatic selecting is done by randomly selecting the one lateral movement strategy from the group of lateral movement strategies;
b. executing the penetration testing campaign, by the penetration testing system and according to the automatically selected lateral movement strategy of the attacker, so as to test the networked system; and
c. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report describing the at least one security vulnerability in a file, and (iii) electronically transmitting the report describing the at least one security vulnerability.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for carrying out campaigns of penetration testing for discovering and reporting security vulnerabilities of a networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks.
26 Citations
12 Claims
-
1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to a lateral movement strategy of an attacker of the penetration testing campaign, the method comprising:
-
a. automatically selecting, by the penetration testing system, one lateral movement strategy from a group of multiple lateral movement strategies available for use in the penetration testing campaign;
wherein the automatic selecting is done by randomly selecting the one lateral movement strategy from the group of lateral movement strategies;b. executing the penetration testing campaign, by the penetration testing system and according to the automatically selected lateral movement strategy of the attacker, so as to test the networked system; and c. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a display device to display a report describing the at least one security vulnerability, (ii) storing the report describing the at least one security vulnerability in a file, and (iii) electronically transmitting the report describing the at least one security vulnerability. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for penetration testing of a networked system by performing a penetration testing campaign against the networked system, the system comprising:
-
a. a set-up module including; i. one or more set-up processors; and ii. a set-up non-transitory computer readable storage medium for instructions execution by the one or more set-up processors, the set-up non-transitory computer readable storage medium having stored instructions to automatically select one lateral movement strategy of an attacker of the penetration testing campaign from a group of multiple lateral movement strategies available for use in the penetration testing campaign, the instructions to automatically select including instructions to randomly select the one lateral movement strategy from the group of lateral movement strategies; b. a penetration-testing-campaign module including; i. one or more penetration-testing-campaign processors; and ii. a penetration-testing-campaign non-transitory computer readable storage medium for instructions execution by the one or more penetration-testing-campaign processors, the penetration-testing-campaign non-transitory computer readable storage medium having stored instructions to perform the penetration testing campaign according to the automatically selected lateral movement strategy of the attacker so as to test the networked system; and c. a reporting module including; i. one or more reporting processors; and ii. a reporting non-transitory computer readable storage medium for instructions execution by the one or more reporting processors, the reporting non-transitory computer readable storage medium having stored instructions to report at least one security vulnerability determined to exist in the networked system according to results of the penetration testing campaign performed by the penetration-testing-campaign module, the instructions to report including at least one of (i) instructions to cause a display device to display a report describing the at least one security vulnerability, (ii) instructions to store the report describing the at least one security vulnerability in a file and (iii) instructions to electronically transmit the report describing the at least one security vulnerability. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeXM Cyber Ltd. (Schwarz Unternehmenskommunikation GmbH & Co. KG)
-
Original AssigneeXM Ltd.
-
InventorsSEGAL, Ronen
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current
-
CPC Class CodesG06F 21/577 Assessing vulnerabilities a...G06F 2221/034 Test or assess a computer o...G06F 9/451 Execution arrangements for ...H04L 63/1433 Vulnerability analysisH04L 63/20 for managing network securi...
