SYSTEMS AND METHODS FOR USING MULTIPLE LATERAL MOVEMENT STRATEGIES IN PENETRATION TESTING
First Claim
Patent Images
1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device, the method comprising:
- a. selecting a plurality of lateral movement strategies from a group of two or more lateral movement strategies that are available to be used in penetration testing campaigns;
b. executing, by the penetration testing system, a plurality of penetration testing campaigns, wherein (i) the number of penetration testing campaigns in the plurality of penetration testing campaigns is equal to the number of lateral movement strategies in the selected plurality of lateral movement strategies, (ii) for each specific lateral movement strategy in the selected plurality of lateral movement strategies there is a corresponding penetration testing campaign in the plurality of penetration testing campaigns that uses the specific lateral movement strategy as the lateral movement strategy of the attacker of the corresponding penetration testing campaign, and (iii) for any two penetration testing campaigns in the plurality of penetration testing campaigns and for any specific information item of penetration testing campaigns other than lateral movement strategy, values of the specific information item in the two penetration testing campaigns are equal; and
c. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the plurality of penetration testing campaigns, wherein the reporting comprises at least one of (i) causing a display device to display a report including information about the at least one security vulnerability, (ii) storing the report including information about the at least one security vulnerability in a file, and (iii) electronically transmitting the report including information about the at least one security vulnerability.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for carrying out multiple campaigns of penetration testing using different lateral movement strategies for discovering and reporting security vulnerabilities of a networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks.
-
Citations
20 Claims
-
1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device, the method comprising:
-
a. selecting a plurality of lateral movement strategies from a group of two or more lateral movement strategies that are available to be used in penetration testing campaigns; b. executing, by the penetration testing system, a plurality of penetration testing campaigns, wherein (i) the number of penetration testing campaigns in the plurality of penetration testing campaigns is equal to the number of lateral movement strategies in the selected plurality of lateral movement strategies, (ii) for each specific lateral movement strategy in the selected plurality of lateral movement strategies there is a corresponding penetration testing campaign in the plurality of penetration testing campaigns that uses the specific lateral movement strategy as the lateral movement strategy of the attacker of the corresponding penetration testing campaign, and (iii) for any two penetration testing campaigns in the plurality of penetration testing campaigns and for any specific information item of penetration testing campaigns other than lateral movement strategy, values of the specific information item in the two penetration testing campaigns are equal; and c. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the plurality of penetration testing campaigns, wherein the reporting comprises at least one of (i) causing a display device to display a report including information about the at least one security vulnerability, (ii) storing the report including information about the at least one security vulnerability in a file, and (iii) electronically transmitting the report including information about the at least one security vulnerability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A penetration testing system for penetration testing of a networked system , the penetration testing system comprising:
-
a. a set-up module including; i. one or more set-up processors; and ii. a set-up non-transitory computer readable storage medium for instructions execution by the one or more set-up processors, the set-up non-transitory computer readable storage medium having stored instructions to select a plurality of lateral movement strategies from a group of two or more lateral movement strategies that are available to be used in penetration testing campaigns; b. a penetration-testing-campaign module including; i. one or more penetration-testing-campaign processors; and ii. a penetration-testing-campaign non-transitory computer readable storage medium for instructions execution by the one or more penetration-testing-campaign processors, the penetration-testing-campaign non-transitory computer readable storage medium having stored instructions to execute a plurality of penetration testing campaigns, wherein (i) the number of penetration testing campaigns in the plurality of penetration testing campaigns is equal to the number of lateral movement strategies in the selected plurality of lateral movement strategies, (ii) for each specific lateral movement strategy in the selected plurality of lateral movement strategies there is a corresponding penetration testing campaign in the plurality of penetration testing campaigns that uses the specific lateral movement strategy as the lateral movement strategy of the attacker of the corresponding penetration testing campaign, and (iii) for any two penetration testing campaigns in the plurality of penetration testing campaigns and for any specific information item of penetration testing campaigns other than lateral movement strategy, values of the specific information item in the two penetration testing campaigns are equal; and c. a reporting module, including; i. one or more reporting processors; and ii. a reporting non-transitory computer readable storage medium for instructions execution by the one or more reporting processors, the reporting non-transitory computer readable storage medium having stored instructions to report at least one security vulnerability determined to exist in the networked system according to results of the plurality of penetration testing campaigns executed by the penetration testing campaign module, the instructions to report including at least one of (i) instructions to cause a display device to display a report including information about the at least one security vulnerability, (ii) instructions to store the report including information about the at least one security vulnerability in a file, and (iii) instructions to electronically transmit the report including information about the at least one security vulnerability.
-
Specification