VERIFYING SUCCESS OF COMPROMISING A NETWORK NODE DURING PENETRATION TESTING OF A NETWORKED SYSTEM
First Claim
1. A method of carrying out a penetration testing campaign of a networked system by a penetration testing system, the penetration testing system comprising (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module (RASM) installed on at least some network nodes of the networked system, the method comprising:
- a. subsequent to installing the RASM on the at least some network nodes, initiating the penetration testing campaign;
b. subsequent to the initiating of the penetration testing campaign, selecting a target network node of the networked system on which the RASM is installed;
c. based on the target network node, selecting a potential vulnerability that may compromise the target network node;
d. subsequent to the selecting of the potential vulnerability, receiving at the remote computing device and from the RASM installed on the target network node, internal data of the target network node;
e. validating that the target network node could be successfully compromised using the selected potential vulnerability, the validating being carried out in a manner which does not expose the target network node to a risk of being compromised and which is based on the received internal data of the target network node;
f. based on the potential vulnerability, determining a method for an attacker to compromise the target network node;
g. based on the method for an attacker to compromise the target network node, determining a security vulnerability of the networked system; and
h. reporting the security vulnerability of the networked system, the reporting comprising at least one of (i) causing a display device to display a report including information about the determined security vulnerability of the networked system, (ii) recording the report including the information about the determined security vulnerability of the networked system in a file, and (iii) electronically transmitting the report including the information about the determined security vulnerability of the networked system,wherein each of steps a-h is performed by executing computer code of the penetration testing software module by one or more processors of the remote computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of carrying out a penetration testing campaign of a networked system by a penetration testing system comprising (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module (RASM) installed on at least some network nodes of the networked system. In embodiments, at least the following is performed at the remote computing device: a target network node of the networked system on which the RASM is installed is selected; based on the target network node, a potential vulnerability that may compromise the target network node is selected; internal data of the target network node is received; and a validation step is performed. The validation is (i) carried out in a manner which does not expose the target network node to a risk of being compromised and (ii) is based on the received internal data of the target network node.
24 Citations
18 Claims
-
1. A method of carrying out a penetration testing campaign of a networked system by a penetration testing system, the penetration testing system comprising (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module (RASM) installed on at least some network nodes of the networked system, the method comprising:
-
a. subsequent to installing the RASM on the at least some network nodes, initiating the penetration testing campaign; b. subsequent to the initiating of the penetration testing campaign, selecting a target network node of the networked system on which the RASM is installed; c. based on the target network node, selecting a potential vulnerability that may compromise the target network node; d. subsequent to the selecting of the potential vulnerability, receiving at the remote computing device and from the RASM installed on the target network node, internal data of the target network node; e. validating that the target network node could be successfully compromised using the selected potential vulnerability, the validating being carried out in a manner which does not expose the target network node to a risk of being compromised and which is based on the received internal data of the target network node; f. based on the potential vulnerability, determining a method for an attacker to compromise the target network node; g. based on the method for an attacker to compromise the target network node, determining a security vulnerability of the networked system; and h. reporting the security vulnerability of the networked system, the reporting comprising at least one of (i) causing a display device to display a report including information about the determined security vulnerability of the networked system, (ii) recording the report including the information about the determined security vulnerability of the networked system in a file, and (iii) electronically transmitting the report including the information about the determined security vulnerability of the networked system, wherein each of steps a-h is performed by executing computer code of the penetration testing software module by one or more processors of the remote computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of carrying out a penetration testing campaign of a networked system by a penetration testing system, the penetration testing system comprising (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module (RASM) installed on at least some network nodes of the networked system, the method comprising:
-
a. subsequent to installing the RASM on the at least some network nodes, initiating the penetration testing campaign; b. subsequent to the initiating of the penetration testing campaign, selecting a target network node of the networked system on which the RASM is installed; c. based on the target network node, selecting a potential vulnerability that may compromise the target network node; d. receiving at the remote computing device and from the RASM installed on the target network node, internal data of the target network node; e. validating that the target network node could be successfully compromised using the selected potential vulnerability, the validating being carried out in a manner which does not expose the target network node to a risk of being compromised and which is based on the received internal data of the target network node; f. based on the potential vulnerability, determining a method for an attacker to compromise the target network node; g. based on the method for an attacker to compromise the target network node, determining a security vulnerability of the networked system; and h. reporting the security vulnerability of the networked system, the reporting comprising at least one of (i) causing a display device to display a report including information about the determined security vulnerability of the networked system, (ii) recording the report including the information about the determined security vulnerability of the networked system in a file, and (iii) electronically transmitting the report including the information about the determined security vulnerability of the networked system, wherein each of steps a-h is performed by executing computer code of the penetration testing software module by one or more processors of the remote computing device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A penetration testing system for carrying out a penetration testing campaign of a networked system in cooperation with a reconnaissance agent software module (RASM) installed on at least some network nodes of the networked system, the penetration testing system comprising:
-
A. a remote computing device comprising a computer memory and one or more processors, the remote computing device in electronic communication with the networked system; and B. a non-transitory computer-readable storage medium containing first, second, third, fourth, fifth, sixth, seventh and eighth program instructions of a penetration testing software module, wherein; a. execution of the first program instructions, by the one or more processors of the remote computing device and subsequent to installing the RASM on the at least some network nodes, initiates the penetration testing campaign; b. execution of the second program instructions, by the one or more processors of the remote computing device and subsequent to the initiating of the penetration testing campaign, selects a target network node of the networked system on which the RASM is installed; c. execution of the third program instructions, by the one or more processors of the remote computing device, selects, based on the target network node, a potential vulnerability that may compromise the target network node; d. execution of the fourth program instructions, by the one or more processors of the remote computing device and subsequent to the selecting of the potential vulnerability, receives at the remote computing device and from the RASM installed on the target network node, internal data of the target network node; e. execution of the fifth program instructions, by the one or more processors of the remote computing device, validates that the target network node could be successfully compromised using the selected potential vulnerability such that the validating is carried out in a manner which does not expose the target network node to a risk of being compromised and which is based on the received internal data of the target network node; f. execution of the sixth program instructions, by the one or more processors of the remote computing device, determines, based on the potential vulnerability, a method for an attacker to compromise the target network node; g. execution of the seventh program instructions, by the one or more processors of the remote computing device, determines, based on the method for an attacker to compromise the target network node, a security vulnerability of the networked system; and h. execution of the eighth program instructions, by the one or more processors of the remote computing device, reports the security vulnerability of the networked system, the reporting comprising at least one of (i) causing a display device to display a report including information about the determined security vulnerability of the networked system, (ii) recording the report including the information about the determined security vulnerability of the networked system in a file, and (iii) electronically transmitting the report including the information about the determined security vulnerability of the networked system.
-
-
18. A penetration testing system for carrying out a penetration testing campaign of a networked system in cooperation with a reconnaissance agent software module (RASM) installed on at least some network nodes of the networked system, the penetration testing system comprising:
-
A. a remote computing device comprising a computer memory and one or more processors, the remote computing device in electronic communication with the networked system; and B. a non-transitory computer-readable storage medium containing first, second, third, fourth, fifth, sixth, seventh and eighth program instructions of a penetration testing software module, wherein; a. execution of the first program instructions, by the one or more processors of the remote computing device and subsequent to installing the RASM on the at least some network nodes, initiates the penetration testing campaign; b. execution of the second program instructions, by the one or more processors of the remote computing device and subsequent to the initiating of the penetration testing campaign, selects a target network node of the networked system on which the RASM is installed; c. execution of the third program instructions, by the one or more processors of the remote computing device, selects, based on the target network node, a potential vulnerability that may compromise the target network node; d. execution of the fourth program instructions, by the one or more processors of the remote computing device, receives at the remote computing device and from the RASM installed on the target network node, internal data of the target network node; e. execution of the fifth program instructions, by the one or more processors of the remote computing device, validates that the target network node could be successfully compromised using the selected potential vulnerability such that the validating is carried out in a manner which does not expose the target network node to a risk of being compromised and which is based on the received internal data of the target network node; f. execution of the sixth program instructions, by the one or more processors of the remote computing device, determines, based on the potential vulnerability, a method for an attacker to compromise the target network node; g. execution of the seventh program instructions, by the one or more processors of the remote computing device, determines, based on the method for an attacker to compromise the target network node, a security vulnerability of the networked system; and h. execution of the eighth program instructions, by the one or more processors of the remote computing device, reports the security vulnerability of the networked system, the reporting comprising at least one of (i) causing a display device to display a report including information about the determined security vulnerability of the networked system, (ii) recording the report including the information about the determined security vulnerability of the networked system in a file, and (iii) electronically transmitting the report including the information about the determined security vulnerability of the networked system.
-
Specification