Penetration Testing of a Networked System
First Claim
1. A method for executing a penetration test of a networked system by a penetration testing system so as to determine, while enforcing first and second rules, a method for an attacker to compromise the networked system, where the penetration testing system comprises (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module (RASM) installed on at least some network nodes of the networked system so that each network node of the networked system on which the RASM is installed is defined as a RASM-hosting network node, the method for executing the penetration test comprising:
- a. obtaining, by each given RASM-hosting network node of one or more RASM-hosting network nodes, respective internal data of the given RASM-hosting network node, the obtaining comprising executing computer code of the RASM by one or more processors of the given RASM-hosting network node, the respective internal data including data about at least one of;
A. an internal event of the given RASM-hosting network node,B. an internal condition of the given RASM-hosting network node, andC. an internal fact of the given RASM-hosting network node; and
b. transmitting to the remote computing device, by each given RASM-hosting network node of the one or more RASM-hosting network nodes, the obtained respective internal data of the given RASM-hosting network node, the transmitting comprising executing computer code of the RASM by the one or more processors of the given RASM-hosting network node;
c. analyzing, by the remote computing device, the internal data transmitted by at least one RASM-hosting network node of the one or more RASM-hosting network nodes, so as to determine the method for the attacker to compromise the networked system, the analyzing comprising executing computer code of the penetration testing software module by one or more processors of the remote computing device; and
d. reporting, by the penetration testing system, the method for the attacker to compromise the networked system, the reporting comprising executing computer code of the penetration testing software module by the one or more processors of the remote computing device, wherein the reporting comprises at least one of (i) causing a display device to display a report including information about the determined method for the attacker to compromise the networked system, (ii) recording the report including the information about the determined method for the attacker to compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined method for the attacker to compromise the networked system,wherein each given RASM-hosting network node of the one or more RASM-hosting network nodes performs at least one of step (a) and step (b) in response to a receiving of one or more data-requesting commands from the remote computing device, and wherein the method for executing the penetration test is performed in a manner that enforces the first and second rules such that;
A. according to the first rule, all of the analyzing of the internal data for determining the method for the attacker to compromise the networked system is performed by the remote computing device; and
B. according to the second rule, no network node of the networked system is ever put at risk of being compromised by the executing of the penetration test.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for penetration testing of a networked system comprising a set of network-nodes by a penetration testing system (e.g. to enforce first and/or second rules) are disclosed herein. The penetration testing system comprises: (i) reconnaissance agent software module (RASM) installed on multiple nodes (each of which is a RASM-hosting node) of the networked system to be penetration-tested and (ii) a penetration testing software module (PTSM) installed on a remote computing device (RCD). Internal data from each of the RASM-hosting nodes is collected and transmitted to the RCD. Analysis of the internal data collected from multiple RASM-hosting network nodes determines a method for an attacker to compromise the networked system. The first and second rules are defined herein. Alternatively or additionally, one or more of the RASM instances are pre-installed on one or more RASM-hosting nodes before the penetration testing commences.
-
Citations
20 Claims
-
1. A method for executing a penetration test of a networked system by a penetration testing system so as to determine, while enforcing first and second rules, a method for an attacker to compromise the networked system, where the penetration testing system comprises (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module (RASM) installed on at least some network nodes of the networked system so that each network node of the networked system on which the RASM is installed is defined as a RASM-hosting network node, the method for executing the penetration test comprising:
-
a. obtaining, by each given RASM-hosting network node of one or more RASM-hosting network nodes, respective internal data of the given RASM-hosting network node, the obtaining comprising executing computer code of the RASM by one or more processors of the given RASM-hosting network node, the respective internal data including data about at least one of; A. an internal event of the given RASM-hosting network node, B. an internal condition of the given RASM-hosting network node, and C. an internal fact of the given RASM-hosting network node; and b. transmitting to the remote computing device, by each given RASM-hosting network node of the one or more RASM-hosting network nodes, the obtained respective internal data of the given RASM-hosting network node, the transmitting comprising executing computer code of the RASM by the one or more processors of the given RASM-hosting network node; c. analyzing, by the remote computing device, the internal data transmitted by at least one RASM-hosting network node of the one or more RASM-hosting network nodes, so as to determine the method for the attacker to compromise the networked system, the analyzing comprising executing computer code of the penetration testing software module by one or more processors of the remote computing device; and d. reporting, by the penetration testing system, the method for the attacker to compromise the networked system, the reporting comprising executing computer code of the penetration testing software module by the one or more processors of the remote computing device, wherein the reporting comprises at least one of (i) causing a display device to display a report including information about the determined method for the attacker to compromise the networked system, (ii) recording the report including the information about the determined method for the attacker to compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined method for the attacker to compromise the networked system, wherein each given RASM-hosting network node of the one or more RASM-hosting network nodes performs at least one of step (a) and step (b) in response to a receiving of one or more data-requesting commands from the remote computing device, and wherein the method for executing the penetration test is performed in a manner that enforces the first and second rules such that; A. according to the first rule, all of the analyzing of the internal data for determining the method for the attacker to compromise the networked system is performed by the remote computing device; and B. according to the second rule, no network node of the networked system is ever put at risk of being compromised by the executing of the penetration test. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A penetration testing system for executing a penetration test of a networked system so as to determine, while enforcing first and second rules, a method for an attacker to compromise the networked system, the penetration testing system comprising:
-
a. a remote computing device comprising a computer memory and one or more processors, the remote computing device in electronic communication with the networked system; b. a first non-transitory computer-readable storage medium containing first code of a reconnaissance agent software module (RASM), wherein execution of the first code of the RASM by respective one or more processors of each given network node of a first set of network nodes of the networked system, causes the one or more processors of the given network node of the first set to carry out the following; i. obtaining respective internal data of the given network node of the first set, the respective internal data including data about at least one of; A. an internal event of the given network node of the first set, B. an internal condition of the given network node of the first set, and C. an internal fact of the given network node of the first set; and ii. transmitting to the remote computing device and out of the given network node of the first set the obtained respective internal data of the given network node of the first set, such that at least one of the obtaining and the transmitting is performed in response to one or more data-requesting commands issued by the remote computing device; c. a second non-transitory computer-readable storage medium containing second code of a penetration testing software module, wherein execution of the second code of the penetration testing software module by the one or more processors of the remote computing device; i. analyzes the respective internal data transmitted by each given network node of a second set of network-nodes of the networked system so as to determine the method for the attacker to compromise the networked system; and ii. reports the method for the attacker to compromise the networked system, wherein the reporting comprises at least one of (A) causing a display device to display a report including information about the determined method for the attacker to compromise the networked system, (B) recording the report including the information about the determined method for the attacker to compromise the networked system in a file, and (C) electronically transmitting a report including the information about the determined method for the attacker to compromise the networked system, wherein (i) the execution of the first code of the RASM by the respective one or more processors of each given network node of the first set of network nodes of the networked system; and
(ii) the execution of the second code of the penetration testing software module by the one or more processors of the remote computing device, subject the networked system to penetration testing while enforcing both of the first and second rules such that;A. according to the first rule, all of the analyzing of the internal data for determining the method for the attacker to compromise the networked system is performed by the remote computing device; and B. according to the second rule, no network node of the networked system is ever put at risk of being compromised by the executing of the penetration test. - View Dependent Claims (11)
-
-
12. A method for executing a penetration test of a networked system by a penetration testing system so as to determine a method for an attacker to compromise the networked system, where the penetration testing system comprises (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module (RASM) installable on network nodes of the networked system so that each network node of the networked system on which the RASM is installed is defined as a RASM-hosting network node, the method for executing the penetration test comprising:
-
a. subsequent to an installing of the RASM on at least some network nodes of the networked system, which installing occurs prior to starting the executing of the penetration test, performing the following; i. obtaining, by each given RASM-hosting network node of one or more RASM-hosting network nodes, respective internal data of the given RASM-hosting network node, the obtaining comprising executing computer code of the RASM by one or more processors of the given RASM-hosting network node, the respective internal data including data about at least one of; A. an internal event of the given RASM-hosting network node, B. an internal condition of the given RASM-hosting network node, and C. an internal fact of the given RASM-hosting network node; and ii. transmitting to the remote computing device, by each given RASM-hosting network node of the one or more RASM-hosting network nodes, the obtained respective internal data of the given RASM-hosting network node, the transmitting comprising executing computer code of the RASM by the one or more processors of the given RASM-hosting network node; b. analyzing, by the remote computing device, the internal data transmitted by at least one RASM-hosting network node of the one or more RASM-hosting network nodes, so as to determine the method for the attacker to compromise the networked system, the analyzing comprising executing computer code of the penetration testing software module by one or more processors of the remote computing device; and c. reporting, by the penetration testing system, the method for the attacker to compromise the networked system, the reporting comprising executing computer code of the penetration testing software module by the one or more processors of the remote computing device, wherein the reporting comprises at least one of (i) causing a display device to display a report including information about the determined method for the attacker to compromise the networked system, (ii) recording the report including the information about the determined method for the attacker to compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined method for the attacker to compromise the networked system, wherein each given RASM-hosting network node of the one or more RASM-hosting network nodes performs at least one of step a(i) and step a(ii) in response to a receiving of one or more data-requesting commands from the remote computing device. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A penetration testing system for executing a penetration test of a networked system so as to determine a method for an attacker to compromise the networked system, the penetration testing system comprising:
-
a. a remote computing device comprising a computer memory and one or more processors, the remote computing device in electronic communication with the networked system; b. a first non-transitory computer-readable storage medium containing first code of a reconnaissance agent software module (RASM), wherein for a first set of network-nodes of the networked system on which the RASM is pre-installed before starting the executing of the penetration test, subsequent execution of the first code, after starting the executing of the penetration test, by respective one or more processors of each given network node of the first set of network nodes, causes the one or more processors of the given network node of the first set to carry out the following; i. obtaining respective internal data of the given network node of the first set, the respective internal data including data about at least one of; A. an internal event of the given network node of the first set, B. an internal condition of the given network node of the first set, and C. an internal fact of the given network node of the first set; and ii. transmitting to the remote computing device and out of the given network node of the first set the obtained respective internal data of the given network node of the first set, such that at least one of the obtaining and the transmitting is performed in response to one or more data-requesting commands issued by the remote computing device; and c. a second non-transitory computer-readable storage medium containing second code of a penetration testing software module, wherein execution of the second code of the penetration testing software module by the one or more processors of the remote computing device; i. analyzes the respective internal data transmitted by each given network node of a second set of network-nodes of the networked system, so as to determine the method for the attacker to compromise the networked system; and ii. reports the method for the attacker to compromise the networked system, wherein the reporting comprises at least one of (A) causing a display device to display a report including information about the determined method for the attacker to compromise the networked system, (B) recording the report including the information about the determined method for the attacker to compromise the networked system in a file, and (C) electronically transmitting a report including the information about the determined method for the attacker to compromise the networked system, wherein (i) the execution of the first code of the RASM by the respective one or more processors of each given network node of the first set of network nodes of the networked system; and
(ii) the execution of the second code of the penetration testing software module by the one or more processors of the remote computing device, subject the networked system to penetration testing.
-
Specification