首页>
外国专利>
TAKING PRIVILEGE ESCALATION INTO ACCOUNT IN PENETRATION TESTING CAMPAIGNS
TAKING PRIVILEGE ESCALATION INTO ACCOUNT IN PENETRATION TESTING CAMPAIGNS
展开▼
机译:在渗透测试活动中考虑特权升级
展开▼
页面导航
摘要
著录项
相似文献
摘要
A simulated penetration testing system that assigns network nodes of the tested networked system to classes based on current information about the compromisability of the nodes at a current state of a penetration testing campaign, the classes consisting of (i) a red class for nodes known to be compromisable by the attacker in a way that gives the attacker full control of the nodes, (ii) a blue class for nodes that are not known to be compromisable by the attacker, and (iii) a purple class for nodes known to be compromisable by the attacker in a way that does not give the attacker full control of the purple-class-member network node. The campaign tests whether an attacker would be able to achieve full control of a target node by using privilege escalation techniques and one or more access rights achieved by compromising the target node.
展开▼