Locally Detecting Phishing Weakness
First Claim
1. A method of penetration testing of a network node by a penetration testing system, the penetration testing system comprising (A) a reconnaissance agent software module installed in the network node, and (B) a penetration testing software module installed on a remote computing device, the method comprising:
- a. sending to the network node, by the penetration testing software module, a test message containing at least one of an Internet link and an attachment file;
b. detecting, by the reconnaissance agent software module installed in the network node, an event, the event being a member of a group consisting of an event of selecting of the Internet link by a user of the network node, an event of opening of the attachment file by the user of the network node, an event caused by the selecting of the Internet link, and an event caused by the opening of the attachment file;
c. sending, by the reconnaissance agent software module installed in the network node, a reporting message to the remote computing device, the reporting message containing information concerning an occurrence of the detected event;
d. making a determination, by the penetration testing software module, that the network node is vulnerable to an attack, the determination being based on the information concerning the occurrence of the detected event included in the reporting message; and
e. reporting the determination by the penetration testing software module, the reporting comprising at least one of;
(i) causing a display device to display information about the determination, (ii) recording the information about the determination in a file, and (iii) electronically transmitting the information about the determination.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems of testing for phishing security vulnerabilities are disclosed, including methods of penetration testing of a network node by a penetration testing system comprising a reconnaissance agent software module installed in the network node, and a penetration testing software module installed on a remote computing device. Penetration testing systems are provided so as to locally detect weaknesses that would expose network nodes to phishing-based attacks.
-
Citations
81 Claims
-
1. A method of penetration testing of a network node by a penetration testing system, the penetration testing system comprising (A) a reconnaissance agent software module installed in the network node, and (B) a penetration testing software module installed on a remote computing device, the method comprising:
-
a. sending to the network node, by the penetration testing software module, a test message containing at least one of an Internet link and an attachment file; b. detecting, by the reconnaissance agent software module installed in the network node, an event, the event being a member of a group consisting of an event of selecting of the Internet link by a user of the network node, an event of opening of the attachment file by the user of the network node, an event caused by the selecting of the Internet link, and an event caused by the opening of the attachment file; c. sending, by the reconnaissance agent software module installed in the network node, a reporting message to the remote computing device, the reporting message containing information concerning an occurrence of the detected event; d. making a determination, by the penetration testing software module, that the network node is vulnerable to an attack, the determination being based on the information concerning the occurrence of the detected event included in the reporting message; and e. reporting the determination by the penetration testing software module, the reporting comprising at least one of;
(i) causing a display device to display information about the determination, (ii) recording the information about the determination in a file, and (iii) electronically transmitting the information about the determination. - View Dependent Claims (2, 3, 8, 9, 10, 13, 14, 15, 18, 19, 22, 25)
-
-
4-7. -7. (canceled)
-
11-12. -12. (canceled)
-
16-17. -17. (canceled)
-
20-21. -21. (canceled)
-
23-24. -24. (canceled)
-
26-28. -28. (canceled)
-
29. A method of penetration testing of a network node by a penetration testing system, the penetration testing system comprising (A) a reconnaissance agent software module installed in the network node, and (B) a penetration testing software module installed on a remote computing device, the method comprising:
-
a. detecting, by the reconnaissance agent software module installed in the network node, an event, the event being a member of a group consisting of an event of accessing a specific Internet address by the network node, an event caused by the accessing of the specific Internet address by the network node, an event related to or caused by a portable storage device, and an event related to or caused by a shared folder to which the network node has access; b. sending, by the reconnaissance agent software module installed in the network node, a reporting message to the remote computing device, the reporting message containing information concerning an occurrence of the detected event; c. making a determination, by the penetration testing software module, that the network node is vulnerable to an attack, the determination being based on the information concerning an occurrence of the detected event in the reporting message; and d. reporting the determination by the penetration testing software module, the reporting comprising at least one of;
(i) causing a display device to display information about the determination, (ii) recording the information about the determination in a file, and (iii) electronically transmitting the information about the determination. - View Dependent Claims (30, 31, 32, 34, 39, 40, 41, 47, 50, 53)
-
-
33. (canceled)
-
35-38. -38. (canceled)
-
42-46. -46. (canceled)
-
48-49. -49. (canceled)
-
51-52. -52. (canceled)
-
54-56. -56. (canceled)
-
57. A method of penetration testing of a network node by a penetration testing system, the penetration testing system comprising (A) a reconnaissance agent software module installed in the network node, and (B) a penetration testing software module installed on a remote computing device, the method comprising:
-
a. doing, by the penetration testing software module, at least one of (i) attempting to compromise the network node, and (ii) checking whether the network node can be compromised; b. in response to a result of the doing, if the attempting to compromise is successful or the checking concludes that the network node can be compromised, causing the performing of an operation by the network node, the operation selected from a group consisting of (i) sending an outgoing message having a specific characteristic out of the network node, (ii) executing a specific executable file, (iii) executing a specific registry-related operation, and (iv) executing a specific file-related operation; c. detecting, by the reconnaissance agent software module installed in the network node, an event of an occurrence of the operation; d. sending, by the reconnaissance agent software module installed in the network node, a reporting message to the remote computing device, the reporting message containing information concerning an occurrence of the detected event; e. making a determination, by the penetration testing software module, that the network node is vulnerable to an attack, the determining being based on the information concerning an occurrence of the detected event in the reporting message; and f. reporting the determination by the penetration testing software module, the reporting comprising at least one of;
(i) causing a display device to display information about the determination, (ii) recording the information about the determination in a file, and (iii) electronically transmitting the information about the determination. - View Dependent Claims (58, 64, 67, 70)
-
-
59-63. -63. (canceled)
-
65-66. -66. (canceled)
-
68-69. -69. (canceled)
-
71-78. -78. (canceled)
-
79. A penetration testing system for testing a network node on which a reconnaissance agent software module is installed, the penetration testing system comprising:
-
a. a remote computing device in electronic communication with the network node and comprising one or more processors, wherein a penetration testing software module of the penetration testing system is installed on the remote computing device; b. a first non-transitory computer-readable storage medium containing first program instructions, wherein execution of the first program instructions by one or more processors of the network node causes the one or more processors of the network node to carry out the following; i. in response to receiving, from the penetration testing software module installed on the remote computing device, a test message containing at least one of an Internet link and an attachment file, detecting, by the reconnaissance agent software module, an event, the event being a member of a group consisting of an event of selecting of the link by a user of the network node, an event of opening of the attachment file by the user of the network node, an event caused by the selecting of the link, and an event caused by the opening of the attachment file, and ii. sending, by the reconnaissance agent software module, a reporting message to the remote computing device, the reporting message containing information concerning an occurrence of the detected event; and c. a second non-transitory computer-readable storage medium containing second program instructions, wherein execution of the second program instructions by one or more processors of the remote computing device causes the one or more processors of the remote computing device to carry out the following; i. in response to receiving the reporting message from the reconnaissance agent software module installed in the network node, making a determination, by the penetration testing software module, that the network node is vulnerable to an attack, the determination being based on the information concerning the occurrence of the detected event included in the reporting message, and ii. reporting the determination by the penetration testing software module, the reporting comprising at least one of;
(i) causing a display device to display information about the determination, (ii) recording the information about the determination in a file, and (iii) electronically transmitting the information about the determination.
-
-
80. A penetration testing system for testing a network node on which a reconnaissance agent software module is installed, the penetration testing system comprising:
-
a. a remote computing device in electronic communication with the network node and comprising one or more processors, wherein a penetration testing software module of the penetration testing system is installed on the remote computing device; b. a first non-transitory computer-readable storage medium containing first program instructions, wherein execution of the first program instructions by one or more processors of the network node causes the one or more processors of the network node to carry out the following; i. detecting, by the reconnaissance agent software module, an event, the event being a member of a group consisting of an event of accessing a specific Internet address by the network node, an event caused by the accessing of the specific Internet address by the network node, an event related to or caused by a portable storage device, and an event related to or caused by a shared folder to which the network node has access, and ii. sending, by the reconnaissance agent software module, a reporting message to the remote computing device, the reporting message containing information concerning an occurrence of the detected event; and c. a second non-transitory computer-readable storage medium containing second program instructions, wherein execution of the second program instructions by one or more processors of the remote computing device causes the one or more processors of the remote computing device to carry out the following; i. in response to receiving the reporting message from the reconnaissance agent software module installed in the network node, making a determination, by the penetration testing software module, that the network node is vulnerable to an attack, the determination being based on the information concerning the occurrence of the detected event included in the reporting message, and ii. reporting the determination by the penetration testing software module, the reporting comprising at least one of;
(i) causing a display device to display information about the determination, (ii) recording the information about the determination in a file, and (iii) electronically transmitting the information about the determination.
-
-
81. A penetration testing system for testing a network node on which a reconnaissance agent software module is installed, the penetration testing system comprising:
-
a. a remote computing device in electronic communication with the network node and comprising one or more processors, wherein a penetration testing software module of the penetration testing system is installed on the remote computing device; b. a first non-transitory computer-readable storage medium containing first program instructions, wherein execution of the first program instructions by one or more processors causes the one or more processors to carry out the following; i. in response to a result of a doing by the penetration testing software module of at least one of (i) attempting to compromise the network node, and (ii) checking whether the network node can be compromised, if the attempting to compromise is successful or the checking concludes that the network node can be compromised, causing the performing of an operation by the network node, the operation selected from a group consisting of (i) sending an outgoing message having a specific characteristic out of the network node, (ii) executing a specific executable file, (iii) executing a specific registry-related operation, and (iv) executing a specific file-related operation; c. a second non-transitory computer-readable storage medium containing second program instructions, wherein execution of the second program instructions by one or more processors of the network node causes the one or more processors of the network node to carry out the following; i. detecting, by the reconnaissance agent software module installed in the network node, an event of an occurrence of the operation, and ii. sending, by the reconnaissance agent software module, a reporting message to the remote computing device, the reporting message containing information concerning an occurrence of the detected event; and d. a third non-transitory computer-readable storage medium containing third program instructions, wherein execution of the third program instructions by one or more processors of the remote computing device causes the one or more processors of the remote computing device to carry out the following; i. in response to receiving the reporting message from the reconnaissance agent software module installed in the network node, making a determination, by the penetration testing software module, that the network node is vulnerable to an attack, the determination being based on the information concerning the occurrence of the detected event included in the reporting message, and ii. reporting the determination by the penetration testing software module, the reporting comprising at least one of;
(i) causing a display device to display information about the determination, (ii) recording the information about the determination in a file, and (iii) electronically transmitting the information about the determination.
-
Specification