System and method for simulating computer network attacks
First Claim
1. A method of providing computer network attack simulation on a computer, comprising the steps of:
- receiving a network configuration, a network setup description, and a penetration testing framework with a local agent installed in the penetration testing framework;
simulating the network based on the received network configuration, wherein the simulated network contains at least one of the group consisting of a simulated computer, a simulated machine, and a simulated network device;
receiving a remote agent running in one simulated computer of the simulated network and connected to the penetration testing framework through the local agent;
receiving a simulated exploit for compromising the at least one simulated computer, simulated machine, or simulated network device;
querying an exploit database with a property of said simulated exploit;
receiving an exploit outcome probability from said exploit database in response to said querying;
determining an outcome of the simulated exploit for compromising the at least one simulated computer, simulated machine, or simulated network device based on said exploit outcome probability; and
when the outcome of the simulated exploit is compromising the simulated computer, simulated machine, or simulated network device, virtually installing a remote agent on the at least one simulated computer, simulated machine, or simulated network device, wherein the remote agent allows a user to execute arbitrary operating system calls on the at least one simulated computer, simulated machine, or simulated network device from the local agent.
13 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system and method for providing computer network attack simulation. The method includes the steps of: receiving a network configuration and setup description; simulating the network configuration based on the received network configuration; receiving at least one confirmed vulnerability of at least one computer, machine, or network device in the simulated network; receiving a method for compromising the confirmed vulnerability of the at least one computer, machine, or network device; and virtually installing a network agent on the at least one computer, machine, or network device, wherein the network agent allows a penetration tester to execute arbitrary operating system calls on the at least one computer, machine, or network device.
52 Citations
11 Claims
-
1. A method of providing computer network attack simulation on a computer, comprising the steps of:
-
receiving a network configuration, a network setup description, and a penetration testing framework with a local agent installed in the penetration testing framework; simulating the network based on the received network configuration, wherein the simulated network contains at least one of the group consisting of a simulated computer, a simulated machine, and a simulated network device; receiving a remote agent running in one simulated computer of the simulated network and connected to the penetration testing framework through the local agent; receiving a simulated exploit for compromising the at least one simulated computer, simulated machine, or simulated network device; querying an exploit database with a property of said simulated exploit; receiving an exploit outcome probability from said exploit database in response to said querying; determining an outcome of the simulated exploit for compromising the at least one simulated computer, simulated machine, or simulated network device based on said exploit outcome probability; and when the outcome of the simulated exploit is compromising the simulated computer, simulated machine, or simulated network device, virtually installing a remote agent on the at least one simulated computer, simulated machine, or simulated network device, wherein the remote agent allows a user to execute arbitrary operating system calls on the at least one simulated computer, simulated machine, or simulated network device from the local agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification