Method and system simulating a hacking attack on a network
First Claim
1. A method for performing one or more social engineering attacks on a plurality of humans connected in a Network for assessing vulnerabilities of the plurality of humans in the Network, the Network comprising at least one of a plurality of data processing devices, memory devices, and a plurality of communication links, the method comprising:
- gathering information about human profiles including collecting information about target users from actively used social and search sites, and performing at least an automated Social Engineering (SE) phase and updating an Information Model based on the gathered information, wherein the automated Social Engineering phase on the Network is performed by performing at least one of;
creating a human profile,creating a human psychology model,impersonating or building the trust between an attacker and a target;
generating a Multiple Attack Vectors (MAV) graph based on the information gathered in the Information Model and one or more scan parameters for showing possible paths to compromise the Network;
planning the one or more social engineering attacks based on the MAV; and
launching the one or more social engineering attacks to access vulnerabilities in the humans of the Network.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention describes a method for performing one or more social engineering attacks on a plurality of humans connected in a network for assessing vulnerabilities of the humans, wherein the Network comprises at least one of a plurality of data processing devices, memory devices and a plurality of communication links. The method includes gathering information about human profiles including collecting information about target users from actively used social and search sites and performing an automated Social Engineering (SE) phase and updating an Information Model based on the gathered information. Furthermore, the method includes generating a Multiple Attack Vector (MAV) graph based on the information gathered and one or more scan parameters. Moreover, the method includes launching one or more social engineering attacks based on the MAV graph to assess vulnerabilities in the humans in the Network.
157 Citations
18 Claims
-
1. A method for performing one or more social engineering attacks on a plurality of humans connected in a Network for assessing vulnerabilities of the plurality of humans in the Network, the Network comprising at least one of a plurality of data processing devices, memory devices, and a plurality of communication links, the method comprising:
-
gathering information about human profiles including collecting information about target users from actively used social and search sites, and performing at least an automated Social Engineering (SE) phase and updating an Information Model based on the gathered information, wherein the automated Social Engineering phase on the Network is performed by performing at least one of; creating a human profile, creating a human psychology model, impersonating or building the trust between an attacker and a target; generating a Multiple Attack Vectors (MAV) graph based on the information gathered in the Information Model and one or more scan parameters for showing possible paths to compromise the Network; planning the one or more social engineering attacks based on the MAV; and launching the one or more social engineering attacks to access vulnerabilities in the humans of the Network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 15, 16, 17, 18)
-
-
10. A system for performing one or more social engineering attacks on a plurality of humans connected in a Network to assess vulnerabilities of the plurality of humans in the Network, wherein the Network comprises at least one of a plurality of data processing devices, memory devices and a plurality of communication links, the system comprising:
-
a scan controller to perform a scan on the Network and initiating at least one master agent, wherein the at least one master agent gathers information about human profiles, gathering information about the human profiles including collecting information about target users from actively used social and search sites, and performing at least an automated social engineering phase and updates an Information Model based on the gathered information, wherein the automated Social Engineering phase on the Network is performed by performing at least one of; creating a human profile, creating a human psychology model, and impersonating or building the trust between an attacker and a target; an automated Social Engineering (SE) architecture for collecting sensitive information that pertains to the plurality of users; a communication link framework for identifying vulnerabilities associated with the Network and communication protocols; a Multiple Attack Vector (MAV) engine for generating and storing an MAV graph that shows possible paths by which the Network can be compromised, the Network being compromised by using at least one slave agent and the at least one master agent, wherein the slave agents coordinate among themselves when they are isolated from the master agent; and an agent framework for launching one or more social engineering attacks on the Network. - View Dependent Claims (11, 12, 13)
-
-
14. A non-transitory computer program product for use with a computer, the computer program product comprising a non-transitory computer usable medium having a computer readable program code embodied therein for performing one or more social engineering attacks on a plurality of humans connected in a Network to assess vulnerabilities of the plurality of humans in the Network, wherein the Network comprises at least one of a plurality of data processing devices, memory devices, and a plurality of communication links, the computer program product comprising:
-
program instructions for receiving one or more scan parameters; program instructions for gathering information about human profiles including collecting information about target users from actively used social and search sites; program instructions for performing an automated Social Engineering phase on the Network, wherein the automated Social Engineering phase on the Network is performed by performing at least one of; creating a human profile, creating a human psychology model, and impersonating or building the trust between an attacker and a target; program instructions for performing Link Analysis on a communication among the plurality of the users or the plurality of data processing devices; program instructions for creating or updating an Information Model; program instructions for generating a multiple attack vectors graph based on an information gathered in the Information Model and the one or more scan parameters; and program instructions for launching one or more social engineering attacks on the Network to compromise the Network.
-
Specification