SYSTEMS AND METHODS FOR DETECTING COMPUTER VULNERABILITIES THAT ARE TRIGGERED BY EVENTS
First Claim
1. ) A method for discovering and reporting a security vulnerability of a networked system by a penetration testing system, the networked system comprising a plurality of network nodes interconnected by one or more networks, wherein the penetration testing system comprises (i) a reconnaissance agent software module, that (A) can be installed on one or more network nodes of the plurality of network nodes, and (B) when installed on a network node of the plurality of network nodes, is operable to detect at least some free events occurring in the network node on which it is installed and to transmit data about occurrences of the at least some free events to a remote computing device, and (ii) a penetration testing software module installed on the remote computing device and operable to communicate with at least one of the plurality of network nodes on which the reconnaissance agent software module is installed, the method comprising:
- a) receiving, by the penetration testing software module installed on the remote computing device, a message from a first network node on which the reconnaissance agent software module is installed, the message notifying the remote computing device of a specific occurrence of a specific free event in the first network node, wherein the message originates from the reconnaissance agent software module installed on the first network node, and wherein the specific free event is one of;
i) sending a network message out of the first network node caused by a command from a user of the first network node;
ii) sending a network message out of the first network node caused by an operating system of the first network node;
iii) sending a network message out of the first network node caused by a software application installed on the first network node;
iv) mounting a storage volume onto the first network node; and
v) physically attaching a physical device to the first network node;
b) identifying, by the penetration testing software module and based on the received message, a specific opportunistic vulnerability with which the specific free event is associated, wherein the identifying of the specific opportunistic vulnerability comprises;
i) identifying a method for an attacker to compromise the first network node, andii) identifying that the method to compromise would be available to the attacker at or after a future occurrence of the specific free event in the first network node; and
c) reporting, by the penetration testing system, the specific opportunistic vulnerability, wherein the reporting comprises at least one of;
(i) causing a display device to display a report including information about the specific opportunistic vulnerability, (ii) storing the report including information about the specific opportunistic vulnerability in a file, and (iii) electronically transmitting the report including information about the specific opportunistic vulnerability.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for carrying out campaigns of penetration testing for discovering and reporting security vulnerabilities of a networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks.
39 Citations
21 Claims
-
1. ) A method for discovering and reporting a security vulnerability of a networked system by a penetration testing system, the networked system comprising a plurality of network nodes interconnected by one or more networks, wherein the penetration testing system comprises (i) a reconnaissance agent software module, that (A) can be installed on one or more network nodes of the plurality of network nodes, and (B) when installed on a network node of the plurality of network nodes, is operable to detect at least some free events occurring in the network node on which it is installed and to transmit data about occurrences of the at least some free events to a remote computing device, and (ii) a penetration testing software module installed on the remote computing device and operable to communicate with at least one of the plurality of network nodes on which the reconnaissance agent software module is installed, the method comprising:
-
a) receiving, by the penetration testing software module installed on the remote computing device, a message from a first network node on which the reconnaissance agent software module is installed, the message notifying the remote computing device of a specific occurrence of a specific free event in the first network node, wherein the message originates from the reconnaissance agent software module installed on the first network node, and wherein the specific free event is one of; i) sending a network message out of the first network node caused by a command from a user of the first network node; ii) sending a network message out of the first network node caused by an operating system of the first network node; iii) sending a network message out of the first network node caused by a software application installed on the first network node; iv) mounting a storage volume onto the first network node; and v) physically attaching a physical device to the first network node; b) identifying, by the penetration testing software module and based on the received message, a specific opportunistic vulnerability with which the specific free event is associated, wherein the identifying of the specific opportunistic vulnerability comprises; i) identifying a method for an attacker to compromise the first network node, and ii) identifying that the method to compromise would be available to the attacker at or after a future occurrence of the specific free event in the first network node; and c) reporting, by the penetration testing system, the specific opportunistic vulnerability, wherein the reporting comprises at least one of;
(i) causing a display device to display a report including information about the specific opportunistic vulnerability, (ii) storing the report including information about the specific opportunistic vulnerability in a file, and (iii) electronically transmitting the report including information about the specific opportunistic vulnerability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. ) A system for discovering and reporting a security vulnerability of a networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks, each network node of the plurality of network nodes including one or more processors, and at least one network node of the plurality of network nodes is in electronic communication with a remote computing device, the remote computing device including one or more processors, the system comprising:
-
a) a reconnaissance agent non-transitory computer readable storage medium for instructions execution by the one or more processors of a first network node which is in electronic communication with the remote computing device, the reconnaissance agent non-transitory computer readable storage medium having stored; (1) instructions to detect at least some free events occurring in the first network node; and (2) instructions to transmit data about occurrences of the at least some free events to the remote computing device; b) a penetration testing non-transitory computer readable storage medium for instructions execution by the one or more processors of the remote computing device, the penetration testing non-transitory computer readable storage medium having stored; (1) instructions to receive a message from the first network node, the message notifying the remote computing device of a specific occurrence of a specific free event in the first network node, wherein the specific free event is one of; (a) sending a network message out of the first network node caused by a command from a user of the first network node; (b) sending a network message out of the first network node caused by an operating system of the first network node; (c) sending a network message out of the first network node caused by a software application installed on the first network node; (d) mounting a storage volume onto the first network node; and (e) physically attaching a physical device to the first network node; (2) instructions to identify, based on the received message, a specific opportunistic vulnerability with which the specific free event is associated, wherein the instructions to identify the specific opportunistic vulnerability comprise; (a) instructions to identify a method for an attacker to compromise the first network node, and (b) instructions to identify that the method to compromise would be available to the attacker at or after a future occurrence of the specific free event in the first network node; and (c) instructions to report the specific opportunistic vulnerability, the instructions to report comprising at least one of;
(i) instructions to cause a display device to display information about the specific opportunistic vulnerability, (ii) instructions to store the information about the specific opportunistic vulnerability in a file, and (iii) instructions to electronically transmit the information about the specific opportunistic vulnerability. - View Dependent Claims (19, 20, 21)
-
Specification