Automated computer system security compromise

US 7,228,566 B2
Filed: 01/22/2002
Issued: 06/05/2007
Est. Priority Date: 07/10/2001
Status: Active Grant

First Claim

Patent Images

1. An agent embodied in a computer-readable medium for use in a system for performing penetration testing of a target computer network having a target host, the agent comprising:

a system-calls proxy server configured to receive and execute, in the target host, system calls received via a network; and

a virtual machine configured to execute, in the target host, scripting language instructions received via the network,wherein the system calls received via the network are routed to the system-calls proxy server and the scripting language instructions received via the network are routed to the virtual machine.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided for performing penetration testing of a target computer network by installing a remote agent in the target computer network. The system includes a local agent provided in a computer console and configured to receive and execute commands. A user interface is provided in the console and configured to send commands to and receive information from the local agent, process the information, and present the processed information. A database is configured to store the information received from the local agent. A network interface is connected to the local agent and configured to communicate with the remote agent installed in the target computer network via a network. Security vulnerability exploitation modules are provided for execution by the local agent and/or the remote agent.

208 Citations

14 Claims

1. An agent embodied in a computer-readable medium for use in a system for performing penetration testing of a target computer network having a target host, the agent comprising:
- a system-calls proxy server configured to receive and execute, in the target host, system calls received via a network; and
  
  a virtual machine configured to execute, in the target host, scripting language instructions received via the network,wherein the system calls received via the network are routed to the system-calls proxy server and the scripting language instructions received via the network are routed to the virtual machine.
- View Dependent Claims (2, 3)
- - 2. The agent of claim 1, further comprising an execution engine configured to control the system-calls proxy server and the virtual machine, wherein the system calls and the scripting language instructions are routed to the system-calls proxy server and the virtual machine, respectively, by the execution engine.
  - 3. The agent of claim 2, further comprising a remote procedure call module configured to receive commands from the network formatted in a remote procedure call protocol and pass the commands to the execution engine.

4. An agent embodied in a computer-readable medium for use in a system for performing penetration testing of a target computer network, having a target host, the agent comprising:
- a system-calls proxy server configured to receive and execute, in the target host system calls received via a network;
  
  a virtual machine configured to execute, in the target host, scripting language instructions received via the network;
  
  a secure communication module configured to provide secure communication between the virtual machine and the network;
  
  an execution engine configured to control the system-calls proxy server and the virtual machine, wherein the system calls and the scripting language instructions are routed to the system-calls proxy server and the virtual machine, respectively, by the execution engine;
  
  a remote procedure call module configured to receive commands via the network formatted in a remote procedure call protocol and pass the commands to the execution engine; and
  
  a second secure communication module configured to provide secure communication between the remote procedure call module and the network.

5. A method for performing penetration testing of a target network, comprising the steps of:
- executing a first module to exploit a security vulnerability of a first target host of the target network;
  
  installing a first remote agent in the first target host as a result of exploiting the security vulnerability of the first target host;
  
  sending a system call to the first remote agent via a network; and
  
  executing the system call in the first target host using a system-calls proxy server of the first remote agent to exploit a security vulnerability of a second target host,wherein the system call comprises a computer instruction that is executed in an operating system of the first target host.

6. A method for performing penetration testing of a target network, comprising the steps of:
- executing a first module to exploit a security vulnerability of a first target host of the target network;
  
  installing a first remote agent in the first target host as a result of exploiting the security vulnerability of the first target host;
  
  executing in the first remote agent a second module that generates a system call; and
  
  executing the system call in the first target host to exploit a security vulnerability of a second target host,wherein the system call comprises a computer instruction that is executed in an operating system of the first target host.

7. A method for performing penetration testing of a target network, comprising the steps of:
- executing a first module to exploit a security vulnerability of a first target host of the target network;
  
  installing a first remote agent in the first target host as a result of exploiting the security vulnerability of the first target host;
  
  executing a second module in the first remote agent that generates a system call;
  
  installing a second remote agent in a second target host as a result of exploiting a security vulnerability of the second target host;
  
  sending the system call generated by the second module to the second remote agent via a network; and
  
  executing the system call in the second target host using a system-calls proxy server of the second remote agent,wherein the system call comprises a computer instruction that is executed in an operating system of the second target host.

8. A method for performing penetration testing of a target network, comprising the steps of:
- executing a first module to exploit a security vulnerability of a first target host of the target network;
  
  installing a first remote agent in thefirst target host as a result of exploiting the security vulnerability of the first target host;
  
  installing a second remote agent in the second target host as a result of exploiting a security vulnerability of the second target host;
  
  sending a system call to the first remote agent;
  
  sending the system call from the first remote agent to the second remote agent; and
  
  executing the system call in the second target host using a system-calls proxy server of the second remote agent,wherein the system call comprises a. computer instruction that is executed in an operating system of the second target host.

9. A method for performing penetration testing of a target network, comprising the steps of:
- installing a first remote agent in a first target host of the target network, the first remote agent having a system-calls proxy server configured to receive and execute system calls;
  
  executing in the first remote agent a system call received via a network, the system call comprising a computer instruction that is executed in an operating system of the first target host;
  
  installing a second remote agent in the first target host, the second remote agent having a system-calls proxy server configured to receive and execute system calls and a virtual machine configured to execute scripting language instructions; and
  
  executing in the second remote agent a scripting language instruction or a system call received via the network.

10. Computer code embodied in a computer readable medium for performing penetration testing of a target network, the code comprising code for:
- executing a first module to exploit a security vulnerability of a first target host of the target network;
  
  installing a first remote agent in the first target host as a result of exploiting the security vulnerability of the first target host;
  
  sending a system call to the first remote agent via a network; and
  
  executing the system call in the first target host using a system-calls proxy server of the first remote agent to exploit a security vulnerability of a second target host, the system call comprising a computer instruction that is executed in an operating system of the first target host.

11. Computer code embodied in a computer readable medium for performing penetration testing of a target network, the code comprising code for:
- executing a first module to exploit a security vulnerability of a first target host of the target network;
  
  installing a first remote agent in the first target host as a result of exploiting the security vulnerability of the first target host;
  
  executing in the first remote agent a second module that generates a system call; and
  
  executing the system call in the first target host to exploit a security vulnerability of a second target host, the system call comprising a computer instruction that is executed in an operating system of the first target host.

12. Computer code embodied in a computer readable medium for performing penetration testing of a target network, the code comprising code for:
- executing a first module to exploit a security vulnerability of a first target host of the target network;
  
  installing a first remote agent in the first target host as a result of exploiting the security vulnerability of the first target host;
  
  executing a second module in the first remote agent that generates a system call;
  
  installing a second remote agent in the second target host as a result of exploiting a security vulnerability of the second target host;
  
  sending the system call generated by the second module to the second remote agent via a network; and
  
  executing the system call in the second target host using a system-calls proxy server of the second remote agent, the system call comprising a computer instruction that is executed in an operating system of the second target host.

13. Computer code embodied in a computer readable medium for performing penetration testing of a target network, the code comprising code for:
- executing a first module to exploit a security vulnerability of a first target host of the target network;
  
  installing a first remote agent in the first target host as a result of exploiting the security vulnerability of the first target host;
  
  installing a second remote agent in the second target host as a result of exploiting a security vulnerability of the second target host;
  
  sending a system call to the first remote agent;
  
  sending the system call from the first remote agent to the second remote agent; and
  
  executing the system call in the second target host using a system-calls proxy server of the second remote agent, the system call comprising a computer instruction that is executed in an operating system of the second target host.

14. Computer code embodied in a computer readable medium for performing penetration testing of a target network, the code comprising code for:
- installing a first remote agent in the first target host, the first remote agent having a system-calls proxy server configured to receive and execute system calls;
  
  executing in the first remote agent a system call received via a network, the system call comprising a computer instruction that is executed in an operating system of the first target host;
  
  installing a second remote agent in the first target host, the second remote agent having a system-calls proxy server configured to receive and execute system calls and a virtual machine configured to execute scripting language instructions; and
  
  executing in the second remote agent a scripting language instruction or a system call received via the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ecrime Management Strategies, Inc.
Original Assignee
Core SDI, Inc.
Inventors
Friederichs, Oliver, Richarte, Gerardo Gabriel, Caceres, Maximiliano Gerardo, Leidl, Bruce, Quesada, Ricardo, Friedman, Agustin Azubel, Becedillas, Gabriel, Ajzenman, Gustavo, Burroni, Javier, Notarfrancesco, Luciano
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Baum; Ronald

Application Number

US10/054,307
Publication Number

US 20030014669A1
Time in Patent Office

1,960 Days
Field of Search

None
US Class Current

726/25
CPC Class Codes

H04L 63/1433 Vulnerability analysis

Automated computer system security compromise

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

208 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Automated computer system security compromise

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

208 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links