Penetration test attack tree generator
First Claim
1. A computer-implemented method executed by one or more processors, the method comprising:
- receiving, by the one or more processors, goal data and start-up information, the goal data indicating a goal to be achieved during a penetration test, the start-up information indicating initial data for beginning the penetration test and defining a target system;
receiving, by the one or more processors, tool data from a register of tools, the tool data comprising one or more tools, each of the one or more tools comprising computer-executable programs configured to perform a security related function that can be used during the penetration test, and, for each tool, input data required to execute the tool and output data provided by the tool, the goal comprising obtaining administrative privileges on the target system by using a plurality of attack chains;
processing, by the one or more processors, the goal data, the start-up information and the tool data to automatically generate an attack tree comprising attack tree data, the attack tree data comprising the goal as a root node and a plurality of data sets and links between data sets and being configured to address the plurality of attack chains;
pruning the attack tree, by the one or more processors, by determining that a data set of the attack tree data cannot be bound to one or more elements of the start-up data, indicating that information that is required to achieve the goal during the penetration test cannot be obtained, and in response, deleting the data set from the attack tree data; and
providing, by the one or more processors, the attack tree data to display a graphical representation of the attack tree on a display and a report on the data set that was deleted from the attack tree data comprising a determination whether the start-up data was not correctly input at the outset.
1 Assignment
0 Petitions
Accused Products
Abstract
Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving goal data and start-up information, the goal data indicating a goal to be achieved during a penetration test, the start-up information indicating initial data for beginning the penetration test, receiving tool data from a register of tools, the tool data including one or more tools that can be used during the penetration test, and, for each tool, input data required to execute the tool and output data provided by the tool, processing the goal data, the start-up information and the tool data to automatically generate attack tree data, the attack tree data including a plurality of data sets and links between data sets, and providing the attack tree data to display a graphical representation of an attack tree on a display.
67 Citations
20 Claims
-
1. A computer-implemented method executed by one or more processors, the method comprising:
-
receiving, by the one or more processors, goal data and start-up information, the goal data indicating a goal to be achieved during a penetration test, the start-up information indicating initial data for beginning the penetration test and defining a target system; receiving, by the one or more processors, tool data from a register of tools, the tool data comprising one or more tools, each of the one or more tools comprising computer-executable programs configured to perform a security related function that can be used during the penetration test, and, for each tool, input data required to execute the tool and output data provided by the tool, the goal comprising obtaining administrative privileges on the target system by using a plurality of attack chains; processing, by the one or more processors, the goal data, the start-up information and the tool data to automatically generate an attack tree comprising attack tree data, the attack tree data comprising the goal as a root node and a plurality of data sets and links between data sets and being configured to address the plurality of attack chains; pruning the attack tree, by the one or more processors, by determining that a data set of the attack tree data cannot be bound to one or more elements of the start-up data, indicating that information that is required to achieve the goal during the penetration test cannot be obtained, and in response, deleting the data set from the attack tree data; and providing, by the one or more processors, the attack tree data to display a graphical representation of the attack tree on a display and a report on the data set that was deleted from the attack tree data comprising a determination whether the start-up data was not correctly input at the outset. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations comprising:
-
receiving goal data and start-up information, the goal data indicating a goal to be achieved during a penetration test, the start-up information indicating initial data for beginning the penetration test and defining a target system, the goal comprising obtaining administrative privileges on the target system by using a plurality of attack chains; receiving tool data from a register of tools, the tool data comprising one or more tools, each of the one or more tools comprising computer-executable programs configured to perform a security related function that can be used during the penetration test, and, for each tool, input data required to execute the tool and output data provided by the tool; processing the goal data, the start-up information and the tool data to automatically generate an attack tree comprising attack tree data, the attack tree data comprising the goal as a root node and a plurality of data sets and links between data sets and being configured to address the plurality of attack chains; pruning the attack tree, by the one or more processors, by determining that a data set of the attack tree data cannot be bound to one or more elements of the start-up data, indicating that information that is required to achieve the goal during the penetration test cannot be obtained, and in response, deleting the data set from the attack tree data; and providing the attack tree data to display a graphical representation of the attack tree on a display and a report on the data set that was deleted from the attack tree data comprising a determination whether the start-up data was not correctly input at the outset. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a computing device; and a computer-readable storage device coupled to the computing device and having instructions stored thereon which, when executed by the computing device, cause the computing device to perform operations comprising; receiving goal data and start-up information, the goal data indicating a goal to be achieved during a penetration test, the start-up information indicating initial data for beginning the penetration test and defining a target system, the goal comprising obtaining administrative privileges on the target system by using a plurality of attack chains; receiving tool data from a register of tools, the tool data comprising one or more tools, each of the one or more tools comprising computer-executable programs configured to perform a security related function that can be used during the penetration test, and, for each tool, input data required to execute the tool and output data provided by the tool; processing the goal data, the start-up information and the tool data to automatically generate an attack tree comprising attack tree data, the attack tree data comprising the goal as a root node and a plurality of data sets and links between data sets and being configured to address the plurality of attack chains; pruning the attack tree, by the one or more processors, by determining that a data set of the attack tree data cannot be bound to one or more elements of the start-up data, indicating that information that is required to achieve the goal during the penetration test cannot be obtained, and in response, deleting the data set from the attack tree data; and providing the attack tree data to display a graphical representation of the attack tree on a display and a report on the data set that was deleted from the attack tree data comprising a determination whether the start-up data was not correctly input at the outset. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification