×

SYSTEMS AND METHODS FOR USING MULTIPLE LATERAL MOVEMENT STRATEGIES IN PENETRATION TESTING

  • US 20190081974A1
  • Filed: 05/30/2018
  • Published: 03/14/2019
  • Est. Priority Date: 09/13/2017
  • Status: Active Grant
First Claim
Patent Images

1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device, the method comprising:

  • a. selecting a plurality of lateral movement strategies from a group of two or more lateral movement strategies that are available to be used in penetration testing campaigns;

    b. executing, by the penetration testing system, a plurality of penetration testing campaigns, wherein (i) the number of penetration testing campaigns in the plurality of penetration testing campaigns is equal to the number of lateral movement strategies in the selected plurality of lateral movement strategies, (ii) for each specific lateral movement strategy in the selected plurality of lateral movement strategies there is a corresponding penetration testing campaign in the plurality of penetration testing campaigns that uses the specific lateral movement strategy as the lateral movement strategy of the attacker of the corresponding penetration testing campaign, and (iii) for any two penetration testing campaigns in the plurality of penetration testing campaigns and for any specific information item of penetration testing campaigns other than lateral movement strategy, values of the specific information item in the two penetration testing campaigns are equal; and

    c. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the plurality of penetration testing campaigns, wherein the reporting comprises at least one of (i) causing a display device to display a report including information about the at least one security vulnerability, (ii) storing the report including information about the at least one security vulnerability in a file, and (iii) electronically transmitting the report including information about the at least one security vulnerability.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×