Identifying communicating network nodes in the same local network
First Claim
1. A method for executing a computer-implemented penetration test of a networked system by a penetration testing system so as to determine a method by which an attacker could compromise the networked system, where the penetration testing system comprises (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module installed on at least a first network node and a second network node of the networked system, the method for executing the computer-implemented penetration test comprising:
- a. receiving, by the penetration testing software module and from the first network node, first information about a first data packet, the first data packet being one member of the group consisting of (i) a data packet received by the first network node from another network node sharing a common broadcast domain with the first network node, and (ii) a data packet sent by the first network node only to one or more other network nodes sharing a common broadcast domain with the first network node, wherein execution of computer code of the reconnaissance agent software module by one or more processors of the first network node causes the one or more processors of the first network node to send the first information;
b. receiving, by the penetration testing software module and from the second network node, second information about a second data packet, the second data packet being one member of the group consisting of (i) a data packet received by the second network node from another network node sharing a common broadcast domain with the second network node, and (ii) a data packet sent by the second network node only to one or more other network nodes sharing a common broadcast domain with the second network node, wherein execution of computer code of the reconnaissance agent software module by one or more processors of the second network node causes the one or more processors of the second network node to send the second information;
c. checking, by the penetration testing software module, whether the first information and the second information satisfy a matching condition;
d. in response to a determination by the checking that the first information and the second information satisfy a matching condition, carrying out the following steps;
i. concluding, by the penetration testing software module, that the first data packet and the second data packet are a same data packet, and that the first network node and the second network node share a common broadcast domain, andii. determining, by the penetration testing software module, the method by which the attacker could compromise the networked system, wherein the method by which the attacker could compromise includes a step that depends on the first network node and the second network node sharing the common broadcast domain; and
e. reporting, by the penetration testing software module, the method by which the attacker could compromise the networked system, wherein the reporting comprises at least one member of the group consisting of (i) causing a display device to display a report including information about the determined method by which the attacker could compromise the networked system, (ii) recording the report including the information about the determined method by which the attacker could compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined method by which the attacker could compromise the networked system.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for executing a penetration test of a networked system by a penetration testing system so as to determine a method by which an attacker could compromise the networked system, and/or for distributing common sets of data to nodes of a networked system. The methods and systems include identifying network nodes which have shared broadcast domains.
-
Citations
20 Claims
-
1. A method for executing a computer-implemented penetration test of a networked system by a penetration testing system so as to determine a method by which an attacker could compromise the networked system, where the penetration testing system comprises (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module installed on at least a first network node and a second network node of the networked system, the method for executing the computer-implemented penetration test comprising:
-
a. receiving, by the penetration testing software module and from the first network node, first information about a first data packet, the first data packet being one member of the group consisting of (i) a data packet received by the first network node from another network node sharing a common broadcast domain with the first network node, and (ii) a data packet sent by the first network node only to one or more other network nodes sharing a common broadcast domain with the first network node, wherein execution of computer code of the reconnaissance agent software module by one or more processors of the first network node causes the one or more processors of the first network node to send the first information; b. receiving, by the penetration testing software module and from the second network node, second information about a second data packet, the second data packet being one member of the group consisting of (i) a data packet received by the second network node from another network node sharing a common broadcast domain with the second network node, and (ii) a data packet sent by the second network node only to one or more other network nodes sharing a common broadcast domain with the second network node, wherein execution of computer code of the reconnaissance agent software module by one or more processors of the second network node causes the one or more processors of the second network node to send the second information; c. checking, by the penetration testing software module, whether the first information and the second information satisfy a matching condition; d. in response to a determination by the checking that the first information and the second information satisfy a matching condition, carrying out the following steps; i. concluding, by the penetration testing software module, that the first data packet and the second data packet are a same data packet, and that the first network node and the second network node share a common broadcast domain, and ii. determining, by the penetration testing software module, the method by which the attacker could compromise the networked system, wherein the method by which the attacker could compromise includes a step that depends on the first network node and the second network node sharing the common broadcast domain; and e. reporting, by the penetration testing software module, the method by which the attacker could compromise the networked system, wherein the reporting comprises at least one member of the group consisting of (i) causing a display device to display a report including information about the determined method by which the attacker could compromise the networked system, (ii) recording the report including the information about the determined method by which the attacker could compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined method by which the attacker could compromise the networked system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for executing a computer-implemented penetration test of a networked system so as to determine a method by which an attacker could compromise the networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks, the system for executing the computer-implemented penetration test comprising:
-
a. a first reconnaissance-agent non-transitory computer-readable storage medium for storage of instructions for execution by one or more processors of a first network node, the first network node being in electronic communication with a remote computing device, the first reconnaissance-agent non-transitory computer-readable storage medium having stored therein first instructions, that when executed by the one or more processors of the first network node, cause the one or more processors of the first network node to send, to the remote computing device, first information about a first data packet, the first data packet being one member of the group consisting of (i) a data packet received by the first network node from another network node sharing a common broadcast domain with the first network node, and (ii) a data packet sent by the first network node only to one or more other network nodes sharing a common broadcast domain with the first network node; b. a second reconnaissance-agent non-transitory computer-readable storage medium for storage of instructions for execution by one or more processors of a second network node, the second network node being in electronic communication with the remote computing device, the second reconnaissance-agent non-transitory computer-readable storage medium having stored therein second instructions, that when executed by the one or more processors of the second network node, cause the one or more processors of the second network node to send, to the remote computing device, second information about a second data packet, the second data packet being one member of the group consisting of (i) a data packet received by the second network node from another network node sharing a common broadcast domain with the second network node, and (ii) a data packet sent by the second network node only to one or more other network nodes sharing a common broadcast domain with the second network node; c. a penetration-testing non-transitory computer-readable storage medium for storage of instructions for execution by one or more processors of the remote computing device, the penetration-testing non-transitory computer-readable storage medium having stored therein; i. third instructions, that when executed by the one or more processors of the remote computing device, cause the one or more processors of the remote computing device to receive, from the first network node, the first information sent by the first network node, ii. fourth instructions, that when executed by the one or more processors of the remote computing device, cause the one or more processors of the remote computing device to receive, from the second network node, the second information sent by the second network node, iii. fifth instructions, that when executed by the one or more processors of the remote computing device, cause the one or more processors of the remote computing device to check whether the first information and the second information satisfy a matching condition, iv. sixth instructions, that when executed by the one or more processors of the remote computing device, cause the one or more processors of the remote computing device to carry out the following steps in response to a determination made by executing the fifth instructions that the first information and the second information satisfy a matching condition; A. concluding that the first data packet and the second data packet are a same data packet, and that the first network node and the second network node share a common broadcast domain, and B. determining the method by which the attacker could compromise the networked system, wherein the method by which the attacker could compromise includes a step that depends on the first network node and the second network node sharing the common broadcast domain, and v. seventh instructions, that when executed by the one or more processors of the remote computing device, cause the one or more processors of the remote computing device to report the determined method by which the attacker could compromise the networked system, wherein the reporting comprises at least one member of the group consisting of (i) causing a display device to display a report including information about the determined method by which the attacker could compromise the networked system, (ii) recording the report including the information about the determined method by which the attacker could compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined method by which the attacker could compromise the networked system.
-
-
20-21. -21. (canceled)
Specification