SYSTEMS AND METHODS FOR USING MULTIPLE LATERAL MOVEMENT STRATEGIES IN PENETRATION TESTING

US 20190081974A1
Filed: 05/30/2018
Published: 03/14/2019
Est. Priority Date: 09/13/2017
Status: Active Grant

First Claim

Patent Images

1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device, the method comprising:

a. selecting a plurality of lateral movement strategies from a group of two or more lateral movement strategies that are available to be used in penetration testing campaigns;

b. executing, by the penetration testing system, a plurality of penetration testing campaigns, wherein (i) the number of penetration testing campaigns in the plurality of penetration testing campaigns is equal to the number of lateral movement strategies in the selected plurality of lateral movement strategies, (ii) for each specific lateral movement strategy in the selected plurality of lateral movement strategies there is a corresponding penetration testing campaign in the plurality of penetration testing campaigns that uses the specific lateral movement strategy as the lateral movement strategy of the attacker of the corresponding penetration testing campaign, and (iii) for any two penetration testing campaigns in the plurality of penetration testing campaigns and for any specific information item of penetration testing campaigns other than lateral movement strategy, values of the specific information item in the two penetration testing campaigns are equal; and

c. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the plurality of penetration testing campaigns, wherein the reporting comprises at least one of (i) causing a display device to display a report including information about the at least one security vulnerability, (ii) storing the report including information about the at least one security vulnerability in a file, and (iii) electronically transmitting the report including information about the at least one security vulnerability.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for carrying out multiple campaigns of penetration testing using different lateral movement strategies for discovering and reporting security vulnerabilities of a networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks.

Citations

20 Claims

1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device, the method comprising:
- a. selecting a plurality of lateral movement strategies from a group of two or more lateral movement strategies that are available to be used in penetration testing campaigns;
  
  b. executing, by the penetration testing system, a plurality of penetration testing campaigns, wherein (i) the number of penetration testing campaigns in the plurality of penetration testing campaigns is equal to the number of lateral movement strategies in the selected plurality of lateral movement strategies, (ii) for each specific lateral movement strategy in the selected plurality of lateral movement strategies there is a corresponding penetration testing campaign in the plurality of penetration testing campaigns that uses the specific lateral movement strategy as the lateral movement strategy of the attacker of the corresponding penetration testing campaign, and (iii) for any two penetration testing campaigns in the plurality of penetration testing campaigns and for any specific information item of penetration testing campaigns other than lateral movement strategy, values of the specific information item in the two penetration testing campaigns are equal; and
  
  c. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the plurality of penetration testing campaigns, wherein the reporting comprises at least one of (i) causing a display device to display a report including information about the at least one security vulnerability, (ii) storing the report including information about the at least one security vulnerability in a file, and (iii) electronically transmitting the report including information about the at least one security vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the selecting of the plurality of lateral movement strategies includes selecting all of the lateral movement strategies in the group of two or more lateral movement strategies to be the selected plurality of lateral movement strategies.
  - 3. The method of claim 1, wherein the selecting of the plurality of lateral movement strategies includes selecting only some of the lateral movement strategies in the group of two or more lateral movement strategies to be the selected plurality of lateral movement strategies.
  - 4. The method of claim 1, wherein the selecting of the plurality of lateral movement strategies comprises automatically selecting the plurality of lateral movement strategies from the group of two or more lateral movement strategies, by the penetration testing system.
  - 5. The method of claim 4, wherein the automatically selecting of the plurality of lateral movement strategies is based on a value of an information item of the plurality of penetration testing campaigns.
  - 6. The method of claim 4, wherein the automatically selecting of the plurality of lateral movement strategies is a random selection.
  - 7. The method of claim 1, wherein the selecting of the plurality of lateral movement strategies includes receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs selecting the plurality of lateral movement strategies from the group of two or more lateral movement strategies.
  - 8. The method of claim 1, wherein a number of lateral movement strategies in the selected plurality of lateral movement strategies is pre-defined by a vendor of the penetration testing system.
  - 9. The method of claim 1, wherein a number of lateral movement strategies in the selected plurality of lateral movement strategies depends on a value of an information item of the plurality of penetration testing campaigns.
  - 10. The method of claim 1, wherein the selecting of the plurality of lateral movement strategies includes receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs defining a number of lateral movement strategies in the selected plurality of lateral movement strategies.
  - 11. The method of claim 1, further comprising, prior to the selecting, determining, by the penetration testing system, the group of two or more lateral movement strategies that are available to be used in penetration testing campaigns.
  - 12. The method of claim 11, wherein the determining of the group of two or more lateral movement strategies that are available to be used in penetration testing campaigns is based on a value of an information item of the plurality of penetration testing campaigns.
  - 13. The method of claim 1, wherein the executing of the plurality of penetration testing campaigns includes executing at least two penetration testing campaigns of the plurality of penetration testing campaigns in parallel.
  - 14. The method of claim 1, wherein the executing of the plurality of penetration testing campaigns includes executing at least two penetration testing campaigns of the plurality of penetration testing campaigns in series.
  - 15. The method of claim 14, wherein the at least two penetration testing campaigns executed in series are executed according to an order of the corresponding lateral movement strategies, wherein the order of the lateral movement strategies is pre-defined by a vendor of the penetration testing system.
  - 16. The method of claim 14, wherein the at least two penetration testing campaigns executed in series are executed according to a random order determined at the time of the executing.
  - 17. The method of claim 1, wherein said executing the plurality of penetration testing campaigns comprises assigning a corresponding time limit to each penetration testing campaign of said plurality of penetration testing campaigns, wherein execution time of each penetration testing campaign of the plurality of penetration testing campaigns is limited by the corresponding time limit.
  - 18. The method of claim 17, wherein the plurality of penetration testing campaigns includes a first penetration testing campaign and a second penetration testing campaign, wherein the time limit assigned to the first penetration testing campaign is different from the time limit assigned to the second penetration testing campaign.
  - 19. The method of claim 1, wherein the executing of the plurality of penetration testing campaigns comprises:
    - in response to determining, by one penetration testing campaign of the plurality of penetration testing campaigns, that at least one security vulnerability exists in the networked system, (i) aborting all penetration testing campaigns of the plurality of penetration testing campaigns that are running at the time of the determining, and (ii) cancelling execution of all penetration testing campaigns of the plurality of penetration testing campaigns scheduled to be executed that have not yet started execution.

20. A penetration testing system for penetration testing of a networked system , the penetration testing system comprising:
- a. a set-up module including;
  
  i. one or more set-up processors; and
  
  ii. a set-up non-transitory computer readable storage medium for instructions execution by the one or more set-up processors, the set-up non-transitory computer readable storage medium having stored instructions to select a plurality of lateral movement strategies from a group of two or more lateral movement strategies that are available to be used in penetration testing campaigns;
  
  b. a penetration-testing-campaign module including;
  
  i. one or more penetration-testing-campaign processors; and
  
  ii. a penetration-testing-campaign non-transitory computer readable storage medium for instructions execution by the one or more penetration-testing-campaign processors, the penetration-testing-campaign non-transitory computer readable storage medium having stored instructions to execute a plurality of penetration testing campaigns, wherein (i) the number of penetration testing campaigns in the plurality of penetration testing campaigns is equal to the number of lateral movement strategies in the selected plurality of lateral movement strategies, (ii) for each specific lateral movement strategy in the selected plurality of lateral movement strategies there is a corresponding penetration testing campaign in the plurality of penetration testing campaigns that uses the specific lateral movement strategy as the lateral movement strategy of the attacker of the corresponding penetration testing campaign, and (iii) for any two penetration testing campaigns in the plurality of penetration testing campaigns and for any specific information item of penetration testing campaigns other than lateral movement strategy, values of the specific information item in the two penetration testing campaigns are equal; and
  
  c. a reporting module, including;
  
  i. one or more reporting processors; and
  
  ii. a reporting non-transitory computer readable storage medium for instructions execution by the one or more reporting processors, the reporting non-transitory computer readable storage medium having stored instructions to report at least one security vulnerability determined to exist in the networked system according to results of the plurality of penetration testing campaigns executed by the penetration testing campaign module, the instructions to report including at least one of (i) instructions to cause a display device to display a report including information about the at least one security vulnerability, (ii) instructions to store the report including information about the at least one security vulnerability in a file, and (iii) instructions to electronically transmit the report including information about the at least one security vulnerability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
XM Cyber Ltd. (Schwarz Unternehmenskommunikation GmbH & Co. KG)
Original Assignee
XM Ltd.
Inventors
LASSER, Menahem

Granted Patent

US 10,447,721 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/22   comprising specially adapte...

H04L 43/50   Testing arrangements

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

SYSTEMS AND METHODS FOR USING MULTIPLE LATERAL MOVEMENT STRATEGIES IN PENETRATION TESTING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR USING MULTIPLE LATERAL MOVEMENT STRATEGIES IN PENETRATION TESTING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links