CN103916384A - Penetration testing method for GAP isolation and exchange device - Google Patents
Penetration testing method for GAP isolation and exchange device Download PDFInfo
- Publication number
- CN103916384A CN103916384A CN201410026981.7A CN201410026981A CN103916384A CN 103916384 A CN103916384 A CN 103916384A CN 201410026981 A CN201410026981 A CN 201410026981A CN 103916384 A CN103916384 A CN 103916384A
- Authority
- CN
- China
- Prior art keywords
- test
- switching equipment
- gap isolation
- penetration testing
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a penetration testing method for a GAP isolation and exchange device. The method comprises the concrete steps that (a) policy configuration is tested, wherein according to the working principle, the function and the implementation mode of the tested device, applicable test cases are selected from a preset penetration testing rule base, and test environment parameters are configured; (b) a network attack session is generated, wherein an independent client program and an independent server program are established, hosts in networks at the two ends of the tested device are respectively simulated, afterwards, test plugins corresponding to the test cases are respectively called, and the test environment parameters configured in the step (a) are passed to the test plugins; the test plugins produce corresponding data packets in real time, the data packets are sent through a client or a server, and therefore the network attack session is generated; (c) test results are evaluated, wherein the test results of the test cases are evaluated according to the completion condition of the network attack session and the warning information of the tested device. By the application of the penetration testing method for the GAP isolation and exchange device, automated security testing for the GAP isolation and exchange device can be achieved.
Description
Technical field
The invention belongs to field of information security technology, relate to the security test for GAP isolation switching equipment, particularly relate to the penetration testing method of the main security feature such as application layer protocol control, content safety, intrusion prevention and anti-Trojan of GAP isolation switching equipment.
Background technology
Network security isolation switching system (GAP isolates switching equipment) adopts GAP isolation switching technology.So-called GAP isolation exchange, also referred to as Air GAP(air insulated) technology, its basic technical features is " physics blocking-up, logic connect ", by this technology, can ensure that two networks, on the unconnected basis of physics, realize logic and connect to carry out exchanges data.Network security isolation switching equipment structurally comprises Intranet processing unit, outer net processing unit, three modules of safety isolation switch processing unit.Wherein, Intranet processing unit connects internal network, and outer net processing unit connects external network, and the timesharing of safety isolation crosspoint is communicated with internal, external network processing unit, is data transmission channel unique between internal, external network processing unit.Its basic security technical requirement is as follows:
L procotol stops.Two networks that this system connects, connect and arrive at after the internal, external network processing unit of system at network, all will carry out procotol termination, peel off the protocol headers of network data, carry out pure exchanges data via safety isolation crosspoint.
L data security checks.Safety isolation crosspoint carries out safety detection to the data that will exchange, and guarantees that data are safe, for example, check whether whether data contain malicious code, meet the call format of respective application.
GAP isolation switching equipment possesses the functions such as safe isolation, information exchange and access control, and there is stronger anti-attack ability, because it has the termination characteristic to procotol, and support seldom or not to support general application layer protocol (very limited intranet and extranet data transmission channel), for example FTP, DNS and email protocol.Therefore, it is considered to conventionally than fire compartment wall, security gateway and UTM(UTM) product is safer.
The high strength safe of GAP isolation switching equipment has brought numerous difficulties to safety test, and the test case of much testing gateway type safety product cannot be isolated switching equipment to GAP and be formed effective test.Form effective test, must rely on only data channel, explication network/attack traffic.Therefore, the present invention has created a kind of penetration testing technology towards GAP isolation switching equipment, pretend and data content such as comprises at the mode by application layer protocol, produce the BlueDrama for application-specific, and Web attack and the polytype network attack session based on wooden horse behavior, realize Network Attack GAP is isolated to passing through of switching equipment, reached the target of effectively carrying out security test.
At present, for the security test of GAP isolation switching equipment, also do not form the method for system specifications, the method that each security evaluation mechanism generally adopts or taking manual test as main, coordinates for example give out a contract for a project instrument or hack tool of some aids to carry out.Tester needs artificial diverse network access or the network attack data GAP isolation switching equipment of flowing through that produces, and then according to access to netwoks situation, verifies the fail safe of GAP isolation switching equipment.Although the method for this manual cooperation aid can be isolated switching equipment to GAP and be carried out test to a certain degree, has the problems such as inefficiency, environment configurations complexity, be difficult to carry out test large batch of, that safety is controlled.
Summary of the invention
The object of this invention is to provide a kind of penetration testing method towards GAP isolation switching equipment, realize the security test to GAP isolation switching equipment.Application the present invention, can realize the legitimate network passage (for example HTTP or dedicated data transmission port) that utilizes GAP isolation switching equipment it is carried out to the target of penetration testing.The method comprises the following steps:
test Strategy configuration according to operation principle, function and the implementation of GAP isolation switching equipment, is selected applicable test case, and is configured test environment parameter from the penetration testing rule base setting in advance;
generating network is attacked session, build independently client and serve end program, simulate respectively the main frame in two networks (subnet) at GAP isolation two ends, client and serve end program call respectively probe card corresponding to test case, and the test environment parameter of step a configuration is passed to probe card; Probe card generates corresponding packet in real time, and sends via client or service end, and generating network is attacked session;
test result is passed judgment on, and according to the performance of network attack session, and alarm and the log information of GAP isolation switching equipment, jointly passes judgment on the test result of test case.
Brief description of the drawings
Fig. 1 is know-why frame diagram of the present invention.
Fig. 2 is the connection diagram of the present invention while testing.
Fig. 3 is workflow diagram of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is further detailed explanation.
Fig. 1 is know-why frame diagram of the present invention, passes judgment on three parts form towards the penetration testing method of GAP isolation switching equipment by strategy configuration, session generation and result.Strategy configuration module is used for according to safety test demand, and customized network is attacked the strategy of session, mainly comprises that access control, Web attack and wooden horse is attacked; The main frame (client and service end) that session generation module simulation intranet and extranet network connects, according to the strategy of customization, produces the specific network attack session of explication, passes through tested GAP isolation switching equipment; Result is passed judgment on the state that module checks that this Network Attack passes through (pass through, be blocked, amendment etc.), and in conjunction with alarm and the audit information of GAP isolation switching equipment, determines test result, the safety function that assessment apparatus possesses or anti-attack ability.
At present, isolate the safe practice feature of switching equipment towards the penetration testing method of GAP isolation switching equipment according to GAP, the custom strategies of its tactful configuration module to BlueDrama and network attack session, mainly comprises following four aspects:
The various typical BlueDramas of l.Conventionally, the application that GAP isolates safely switching equipment support is fewer, and it is safer, particularly only supports special application; But for the face of extending one's service, safety isolation switching equipment is supported common application layer protocol or application, for example http protocol, email transfer protocol and database access conventionally; Here for various typical network applications, customized network session, tests the access control function of tested product.
L Web attacks session.For particularly Web application of typical network application, accurately customize the Web such as various cross site scriptings, SQL injection and attack session, test GAP isolation switching equipment is resisted the ability that Web attacks.
The conventional wooden horse of l is attacked session.Comprise conventional wooden horse communications and liaison or attack, and the malicious code behavior such as the wooden horse carrying via webpage or Email.
The wooden horse of l based on agreement camouflage attacked session.The attack of wooden horse and communication behavior are hidden in legitimate network agreement, and such as UDP, SMTP, HTTP, MSN, Dropbox etc. carry out deep test to the anti-attack ability of isolation switching equipment.
Fig. 2 is the connection diagram of application penetration testing system of the present invention in the time of test.Penetration testing system is required to be dual-homed host platform, can be notebook computer, PC main frame or the server with two network interfaces; Client C and service end S are two communication entities of the real-time generation Network Attack of penetration testing system, are bundled in respectively on different network interfaces; Interface 1 and interface 2 are the Inside and outside network interfaces on GAP isolation switching equipment.
When test, the client C of penetration testing system is connected with interface 2 with the interface 1 of GAP isolation switching equipment respectively with service end S, the main frame in two networks that simulation GAP isolation switching equipment is isolated.Like this, the Network Attack that penetration testing system produces will pass through GAP isolation switching equipment, and form closed loop in penetration testing system.As tester, the client C of penetration testing system and service end S should not have the data retransmission in main frame, do not have bypass when guaranteeing to test.
Fig. 3 is workflow diagram of the present invention, is divided into following three steps:
test Strategy configuration according to operation principle, safety function and the implementation of GAP isolation switching equipment, is selected applicable test case, and is configured test environment parameter from the penetration testing rule base setting in advance;
generating network is attacked session, build independently client and serve end program, simulate respectively the main frame in two networks (subnet) at GAP isolation switching equipment two ends, client and serve end program call respectively probe card corresponding to test case, and the test environment parameter of step a configuration is passed to probe card; Probe card generates corresponding packet in real time, and sends via client or service end, and generating network is attacked session;
test result is passed judgment on, and according to the performance of network attack session, and alarm and the log information of GAP isolation switching equipment, jointly passes judgment on the test result of test case.
Here, we are elaborated by the test process of the wooden horse Test Strategy of an application layer protocol camouflage.
First hypothesis will be tested of certain a unit GAP isolation switching equipment now, and this equipment is for connecting two dissimilar networks of this unit, and the function that it is born is the transfer of data of internal-external network, possesses HTTP access and database synchronization function.In equipment, the network segment is 172.16.1.1/24, and the outer network segment is 100.100.1.1/24.The all safety functions of this opening of device and data-transformation facility, its security feature is without collocation strategy.
(1) Test Strategy configuration
It is upper that strategy is embodied in rule, and configuration rule is filled these two data structures below exactly, thereby generates concrete test case.For the penetration testing strategy that utilizes wooden horse, here to customize a wooden horse based on http protocol camouflage as example, the HTTP passage of attempting isolating by GAP switching equipment passes through.Parameter in the data structure of this wooden horse test case rule need configure as follows:
typedef?struct?tagCaseInfo
{
CHAR szID[100]; // test case numbering: GS-005
CHAR szName[100]; // test case title: grey pigeon wooden horse
CHAR szDescription[255]; // test case is described: grey pigeon wooden horse simulation http communication penetrates xegregating unit from accessing outer network from inner network
CHAR szVulnName[50]; // fragility title: grey pigeon wooden horse
CHAR szVulnDisc[255]; // fragility is described: whether test network shielding system can defend the Intranet behavior that penetrates of grey pigeon wooden horse
CHAR szVulnType[255]; // fragility type: data exchange service fragility
Int nRiskLevel; // risk class: 1=low-risk 2=risk 3=excessive risk
Int nPolicyType; // policing type: 1=" elementary tactics "; 2=" recommending strategy "; 3=" maximum strategy "
}CASEINFO
typedef?struct?tagCaseVar
{
CString strClientIP; // true Intranet client ip: 172.16.1.11
CString strServerIP; // true outer net client ip: 100.100.1.11
CString ClientIP; // virtual Intranet client ip: sky
CString ServerIP; // virtual outer net client ip: sky
CString proxyCltIP; // Intranet agent address IP:172.16.1.1
CString proxyServIP; // outer net agent address IP: sky
DWORD dwPort[20]; // dwPort[0-9] be different service agent port; DwPort[10-19] be different service real ports: dwPort[1]=80
CString strKey[20]; // be respectively different agreement filtering content
BOOL bAction[20]; // xegregating unit different agreement configuring condition; True is for allowing, and False is not for allowing
INT Flag; // proxy mode, 1: authorized agency, 2: Transparent Proxy
Char szErrorMsg[255]; // the information that reports an error, for pinpointing the problems
}CASEVAR
Each test case is an independent dll file, every kind of all definition separately in dll file of malicious code critical field.
While generating concrete packet according to this test case, these parameters can pass to corresponding probe card, the content that need to change when probe card generated data bag embodies in these parameters, do not need the content changing to be directly stored in probe card itself, probe card generates concrete one by one test packet according to the content of storing in the parameter in this structure and probe card.
(2) BlueDrama generates
After generating test use case, can test, client and service end can generate concrete packet according to the parameter in regular texture corresponding to test case.Packet can be attempted to pass through GAP isolation switching equipment and arrive the other side, packet of every transmission all can be waited for the other side's response packet, after only receiving the response packet of expectation, just can send next packet (if not data interception bag of GAP isolation switching equipment, packet of every transmission is the response packet that is certain to receive expectation), otherwise, after waiting for a period of time, interrupt the transmission of packet.
(3) test result evaluation
Whether successful according to network attack session, and alarm and the audit situation of GAP isolation switching equipment, jointly determine whether this ash pigeon wooden horse successfully permeates GAP isolation switching equipment.If network attack session is successfully completed, illustrate that this GAP isolation switching equipment can not utilize this grey pigeon wooden horse that http protocol pretends to be on the defensive.If network attack session is blocked (not completing), and GAP isolation switching equipment has correct alarm and daily record, illustrates that this GAP isolation switching equipment possesses the ability that this wooden horse is attacked of resisting.
Claims (2)
1. towards a penetration testing method for GAP isolation switching equipment, comprise the following steps:
(a) Test Strategy configuration according to operation principle, function and the implementation of GAP isolation switching equipment, is selected applicable test case, and is configured test environment parameter from the penetration testing rule base setting in advance; (b) generating network is attacked session, build independently client and serve end program, simulate respectively the main frame in two networks (subnet) at GAP isolation switching equipment two ends, client and serve end program call respectively probe card corresponding to test case, and the test environment parameter of step a configuration is passed to probe card; Probe card generates corresponding packet in real time, and sends via client or service end, and generating network is attacked session; (c) test result is passed judgment on, and according to the performance of network attack session, and alarm and the log information of GAP isolation switching equipment, jointly passes judgment on the test result of test case.
2. application the present invention, can realize the target of utilizing the legitimate network passage (for example HTTP or dedicated data transmission port) of GAP isolation switching equipment to carry out security test to it.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410026981.7A CN103916384A (en) | 2014-01-21 | 2014-01-21 | Penetration testing method for GAP isolation and exchange device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410026981.7A CN103916384A (en) | 2014-01-21 | 2014-01-21 | Penetration testing method for GAP isolation and exchange device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103916384A true CN103916384A (en) | 2014-07-09 |
Family
ID=51041791
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410026981.7A Pending CN103916384A (en) | 2014-01-21 | 2014-01-21 | Penetration testing method for GAP isolation and exchange device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103916384A (en) |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104852921A (en) * | 2015-05-25 | 2015-08-19 | 烽火通信科技股份有限公司 | Test system and method for protecting open port from attacking for network equipment |
| CN105487977A (en) * | 2015-11-30 | 2016-04-13 | 北京锐安科技有限公司 | Agility-oriented automatic test management system and method |
| US10038711B1 (en) | 2017-01-30 | 2018-07-31 | XM Ltd. | Penetration testing of a networked system |
| US10068095B1 (en) | 2017-05-15 | 2018-09-04 | XM Cyber Ltd | Systems and methods for selecting a termination rule for a penetration testing campaign |
| US10122750B2 (en) | 2017-01-30 | 2018-11-06 | XM Cyber Ltd | Setting-up penetration testing campaigns |
| US10257220B2 (en) | 2017-01-30 | 2019-04-09 | Xm Cyber Ltd. | Verifying success of compromising a network node during penetration testing of a networked system |
| US10367846B2 (en) | 2017-11-15 | 2019-07-30 | Xm Cyber Ltd. | Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign |
| US10382473B1 (en) | 2018-09-12 | 2019-08-13 | Xm Cyber Ltd. | Systems and methods for determining optimal remediation recommendations in penetration testing |
| US10412112B2 (en) | 2017-08-31 | 2019-09-10 | Xm Cyber Ltd. | Time-tagged pre-defined scenarios for penetration testing |
| US10440044B1 (en) | 2018-04-08 | 2019-10-08 | Xm Cyber Ltd. | Identifying communicating network nodes in the same local network |
| US10447721B2 (en) | 2017-09-13 | 2019-10-15 | Xm Cyber Ltd. | Systems and methods for using multiple lateral movement strategies in penetration testing |
| US10462177B1 (en) | 2019-02-06 | 2019-10-29 | Xm Cyber Ltd. | Taking privilege escalation into account in penetration testing campaigns |
| US10469521B1 (en) | 2018-11-04 | 2019-11-05 | Xm Cyber Ltd. | Using information about exportable data in penetration testing |
| US10534917B2 (en) | 2017-06-20 | 2020-01-14 | Xm Cyber Ltd. | Testing for risk of macro vulnerability |
| CN110830330A (en) * | 2019-12-06 | 2020-02-21 | 浙江中控技术股份有限公司 | Firewall testing method, device and system |
| US10574687B1 (en) | 2018-12-13 | 2020-02-25 | Xm Cyber Ltd. | Systems and methods for dynamic removal of agents from nodes of penetration testing systems |
| US10574684B2 (en) | 2017-07-09 | 2020-02-25 | Xm Cyber Ltd. | Locally detecting phishing weakness |
| US10581802B2 (en) | 2017-03-16 | 2020-03-03 | Keysight Technologies Singapore (Sales) Pte. Ltd. | Methods, systems, and computer readable media for advertising network security capabilities |
| US10637883B1 (en) | 2019-07-04 | 2020-04-28 | Xm Cyber Ltd. | Systems and methods for determining optimal remediation recommendations in penetration testing |
| US10686822B2 (en) | 2017-01-30 | 2020-06-16 | Xm Cyber Ltd. | Systems and methods for selecting a lateral movement strategy for a penetration testing campaign |
| CN111683044A (en) * | 2020-04-27 | 2020-09-18 | 南京国电南自电网自动化有限公司 | Method and device for automatically detecting forward isolation device strategy |
| US10880326B1 (en) | 2019-08-01 | 2020-12-29 | Xm Cyber Ltd. | Systems and methods for determining an opportunity for node poisoning in a penetration testing campaign, based on actual network traffic |
| US11005878B1 (en) | 2019-11-07 | 2021-05-11 | Xm Cyber Ltd. | Cooperation between reconnaissance agents in penetration testing campaigns |
| US11206281B2 (en) | 2019-05-08 | 2021-12-21 | Xm Cyber Ltd. | Validating the use of user credentials in a penetration testing campaign |
| US11283827B2 (en) | 2019-02-28 | 2022-03-22 | Xm Cyber Ltd. | Lateral movement strategy during penetration testing of a networked system |
| US11533329B2 (en) | 2019-09-27 | 2022-12-20 | Keysight Technologies, Inc. | Methods, systems and computer readable media for threat simulation and threat mitigation recommendations |
| US11575700B2 (en) | 2020-01-27 | 2023-02-07 | Xm Cyber Ltd. | Systems and methods for displaying an attack vector available to an attacker of a networked system |
| US11582256B2 (en) | 2020-04-06 | 2023-02-14 | Xm Cyber Ltd. | Determining multiple ways for compromising a network node in a penetration testing campaign |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101447898A (en) * | 2008-11-19 | 2009-06-03 | 中国人民解放军信息安全测评认证中心 | Test system used for network safety product and test method thereof |
| CN101447991A (en) * | 2008-11-19 | 2009-06-03 | 中国人民解放军信息安全测评认证中心 | Test device used for testing intrusion detection system and test method thereof |
| CN102468985A (en) * | 2010-11-01 | 2012-05-23 | 北京神州绿盟信息安全科技股份有限公司 | Method and system for carrying out penetration test on network safety equipment |
-
2014
- 2014-01-21 CN CN201410026981.7A patent/CN103916384A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101447898A (en) * | 2008-11-19 | 2009-06-03 | 中国人民解放军信息安全测评认证中心 | Test system used for network safety product and test method thereof |
| CN101447991A (en) * | 2008-11-19 | 2009-06-03 | 中国人民解放军信息安全测评认证中心 | Test device used for testing intrusion detection system and test method thereof |
| CN102468985A (en) * | 2010-11-01 | 2012-05-23 | 北京神州绿盟信息安全科技股份有限公司 | Method and system for carrying out penetration test on network safety equipment |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104852921A (en) * | 2015-05-25 | 2015-08-19 | 烽火通信科技股份有限公司 | Test system and method for protecting open port from attacking for network equipment |
| CN105487977A (en) * | 2015-11-30 | 2016-04-13 | 北京锐安科技有限公司 | Agility-oriented automatic test management system and method |
| US10686822B2 (en) | 2017-01-30 | 2020-06-16 | Xm Cyber Ltd. | Systems and methods for selecting a lateral movement strategy for a penetration testing campaign |
| US10122750B2 (en) | 2017-01-30 | 2018-11-06 | XM Cyber Ltd | Setting-up penetration testing campaigns |
| US10257220B2 (en) | 2017-01-30 | 2019-04-09 | Xm Cyber Ltd. | Verifying success of compromising a network node during penetration testing of a networked system |
| US10999308B2 (en) | 2017-01-30 | 2021-05-04 | Xm Cyber Ltd. | Setting-up penetration testing campaigns |
| US10038711B1 (en) | 2017-01-30 | 2018-07-31 | XM Ltd. | Penetration testing of a networked system |
| US10637882B2 (en) | 2017-01-30 | 2020-04-28 | Xm Cyber Ltd. | Penetration testing of a networked system |
| US10505969B2 (en) | 2017-01-30 | 2019-12-10 | Xm Cyber Ltd. | Setting-up penetration testing campaigns |
| US10581802B2 (en) | 2017-03-16 | 2020-03-03 | Keysight Technologies Singapore (Sales) Pte. Ltd. | Methods, systems, and computer readable media for advertising network security capabilities |
| US10068095B1 (en) | 2017-05-15 | 2018-09-04 | XM Cyber Ltd | Systems and methods for selecting a termination rule for a penetration testing campaign |
| US10534917B2 (en) | 2017-06-20 | 2020-01-14 | Xm Cyber Ltd. | Testing for risk of macro vulnerability |
| US10574684B2 (en) | 2017-07-09 | 2020-02-25 | Xm Cyber Ltd. | Locally detecting phishing weakness |
| US10412112B2 (en) | 2017-08-31 | 2019-09-10 | Xm Cyber Ltd. | Time-tagged pre-defined scenarios for penetration testing |
| US10447721B2 (en) | 2017-09-13 | 2019-10-15 | Xm Cyber Ltd. | Systems and methods for using multiple lateral movement strategies in penetration testing |
| US10367846B2 (en) | 2017-11-15 | 2019-07-30 | Xm Cyber Ltd. | Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign |
| US10454966B2 (en) | 2017-11-15 | 2019-10-22 | Xm Cyber Ltd. | Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign |
| US11206282B2 (en) | 2017-11-15 | 2021-12-21 | Xm Cyber Ltd. | Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign |
| US10440044B1 (en) | 2018-04-08 | 2019-10-08 | Xm Cyber Ltd. | Identifying communicating network nodes in the same local network |
| US10382473B1 (en) | 2018-09-12 | 2019-08-13 | Xm Cyber Ltd. | Systems and methods for determining optimal remediation recommendations in penetration testing |
| US10469521B1 (en) | 2018-11-04 | 2019-11-05 | Xm Cyber Ltd. | Using information about exportable data in penetration testing |
| US10574687B1 (en) | 2018-12-13 | 2020-02-25 | Xm Cyber Ltd. | Systems and methods for dynamic removal of agents from nodes of penetration testing systems |
| US10462177B1 (en) | 2019-02-06 | 2019-10-29 | Xm Cyber Ltd. | Taking privilege escalation into account in penetration testing campaigns |
| US11283827B2 (en) | 2019-02-28 | 2022-03-22 | Xm Cyber Ltd. | Lateral movement strategy during penetration testing of a networked system |
| US11206281B2 (en) | 2019-05-08 | 2021-12-21 | Xm Cyber Ltd. | Validating the use of user credentials in a penetration testing campaign |
| US10637883B1 (en) | 2019-07-04 | 2020-04-28 | Xm Cyber Ltd. | Systems and methods for determining optimal remediation recommendations in penetration testing |
| US10880326B1 (en) | 2019-08-01 | 2020-12-29 | Xm Cyber Ltd. | Systems and methods for determining an opportunity for node poisoning in a penetration testing campaign, based on actual network traffic |
| US11533329B2 (en) | 2019-09-27 | 2022-12-20 | Keysight Technologies, Inc. | Methods, systems and computer readable media for threat simulation and threat mitigation recommendations |
| US11005878B1 (en) | 2019-11-07 | 2021-05-11 | Xm Cyber Ltd. | Cooperation between reconnaissance agents in penetration testing campaigns |
| CN110830330A (en) * | 2019-12-06 | 2020-02-21 | 浙江中控技术股份有限公司 | Firewall testing method, device and system |
| US11575700B2 (en) | 2020-01-27 | 2023-02-07 | Xm Cyber Ltd. | Systems and methods for displaying an attack vector available to an attacker of a networked system |
| US11582256B2 (en) | 2020-04-06 | 2023-02-14 | Xm Cyber Ltd. | Determining multiple ways for compromising a network node in a penetration testing campaign |
| CN111683044A (en) * | 2020-04-27 | 2020-09-18 | 南京国电南自电网自动化有限公司 | Method and device for automatically detecting forward isolation device strategy |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103916384A (en) | Penetration testing method for GAP isolation and exchange device | |
| CN101447898B (en) | Test system used for network safety product and test method thereof | |
| CN105227383B (en) | A kind of device of network topology investigation | |
| Fovino et al. | An experimental platform for assessing SCADA vulnerabilities and countermeasures in power plants | |
| CN105450442B (en) | A kind of network topology investigation method and its system | |
| Radoglou-Grammatikis et al. | Attacking iec-60870-5-104 scada systems | |
| Urias et al. | Supervisory Command and Data Acquisition (SCADA) system cyber security analysis using a live, virtual, and constructive (LVC) testbed | |
| CN103746885A (en) | Test system and test method oriented to next-generation firewall | |
| Babay et al. | Deploying intrusion-tolerant scada for the power grid | |
| Rosa et al. | Attacking SCADA systems: A practical perspective | |
| Bernieri et al. | Mimepot: a model-based honeypot for industrial control networks | |
| Qassim et al. | Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system | |
| Dehlaghi-Ghadim et al. | ICSSIM—a framework for building industrial control systems security testbeds | |
| Tippenhauer et al. | Vbump: Securing ethernet-based industrial control system networks with vlan-based traffic aggregation | |
| Rahman et al. | Launch of denial of service attacks on the modbus/TCP protocol and development of its protection mechanisms | |
| Weerathunga et al. | The importance of testing Smart Grid IEDs against security vulnerabilities | |
| Banik et al. | Implementing man-in-the-middle attack to investigate network vulnerabilities in smart grid test-bed | |
| Carcano et al. | Scada malware, a proof of concept | |
| Alquwatli et al. | Review of scada systems and iot honeypots | |
| Pranggono et al. | Intrusion detection systems for critical infrastructure | |
| Basan et al. | Exploring Security Testing Methods for Cyber-Physical Systems | |
| Rodofile | Generating attacks and labelling attack datasets for industrial control intrusion detection systems | |
| Ivanova | Modelling the impact of cyber attacks on the traffic control centre of an urban automobile transport system by means of enhanced cybersecurity | |
| Zhang | An implementation of scada network security testbed | |
| Parcharidis | Simulation of cyber attacks against SCADA systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140709 |