Abstract: A system is provided for performing penetration testing of a target computer network by installing a remote agent in the target computer network. The system includes a local agent provided in a computer console and configured to receive and execute commands. A user interface is provided in the console and configured to send commands to and receive information from the local agent, process the information, and present the processed information. A database is configured to store the information received from the local agent. A network interface is connected to the local agent and configured to communicate with the remote agent installed in the target computer network via a network. Security vulnerability exploitation modules are provided for execution by the local agent and/or the remote agent.

Abstract: A method for protecting software is provided, where source code for the software has a first directive marking an encryption beginning point and a second directive marking an encryption end point. The method contains the steps of: processing the source code to identify a block of code between the first and second directives; compiling the source code to produce a binary file; generating a valid key and a random string; encrypting the random string with the key to obtain a first encrypted value; encrypting a portion of the binary file corresponding to the block of code with the valid key to obtain a second encrypted value; and replacing the portion of the binary file corresponding to the block of code with the second encrypted value and code that can decrypt the second encrypted value during execution of the software.

Abstract: A system is provided for executing a system call originating in a local computer on a first remote computer connected to the local computer via a network. Communication is established between the local computer and the first remote computer via the network. A syscall server is installed in the first remote computer. A reference address is sent from the first remote computer to the local computer via the network through execution of code by the syscall server. A syscall request is built in the local computer with arguments determined using the reference address received from the first remote computer. The syscall request is sent from the local computer to the first remote computer via the network. The syscall request is copied into a stack of the first remote computer through execution of code by the syscall server. Registers are popped from the syscall request in the stack. Execution of a syscall request is initiated on the first remote computer. The result of the syscall request is pushed onto the stack.

Abstract: A system is provided for performing penetration testing of a target computer network by installing a remote agent in the target computer network. The system includes a local agent provided in a computer console and configured to receive and execute commands. A user interface is provided in the console and configured to send commands to and receive information from the local agent, process the information, and present the processed information. A database is configured to store the information received from the local agent. A network interface is connected to the local agent and configured to communicate with the remote agent installed in the target computer network via a network. Security vulnerability exploitation modules are provided for execution by the local agent and/or the remote agent.

Abstract: A system is provided for performing penetration testing of a target computer network by installing a remote agent in the target computer network. The system includes a local agent provided in a computer console and configured to receive and execute commands. A user interface is provided in the console and configured to send commands to and receive information from the local agent, process the information, and present the processed information. A database is configured to store the information received from the local agent. A network interface is connected to the local agent and configured to communicate with the remote agent installed in the target computer network via a network. Security vulnerability exploitation modules are provided for execution by the local agent and/or the remote agent.

Abstract: A system is provided for executing a system call originating in a local computer on a first remote computer connected to the local computer via a network. Communication is established between the local computer and the first remote computer via the network. A syscall server is installed in the first remote computer. A reference address is sent from the first remote computer to the local computer via the network through execution of code by the syscall server. A syscall request is built in the local computer with arguments determined using the reference address received from the first remote computer. The syscall request is sent from the local computer to the first remote computer via the network. The syscall request is copied into a stack of the first remote computer through execution of code by the syscall server. Registers are popped from the syscall request in the stack. Execution of a syscall request is initiated on the first remote computer. The result of the syscall request is pushed onto the stack.

Abstract: A security framework is provided for protecting software. The source code for the software has directives marking portions of the source code to be modified or encrypted. The source code is modified using a random factor based on the directives. The source code is compiled to produce a binary file. Source code starting and ending lines and binary file positions of each of the blocks to be encrypted are stored. Portions of the binary file that correspond to each of these blocks are encrypted. Each of these blocks is decrypted when a function inside the block is required during execution of the software.

Abstract: A system and method are provided for analyzing audit log data. Text strings from a plurality of devices are stored in a log database, each of the text strings being indicative of an audit event in the respective device. At least a portion of the text strings are retrieved from the log database and the retrieved text strings are parsed according to pre-defined parsing rules. Each of the retrieved text strings is mapped to a respective audit event. The retrieved text strings are mapped based on the respective audit event. Representations of the filtered text strings are displayed on a grid using color-coded areas. The horizontal axis of the grid represents a first time scale and the vertical axis of the grid represents a second time scale different from the first time scale.

Abstract: A system is provided for performing penetration testing of a target computer network by installing a remote agent in the target computer network. The system includes a local agent provided in a computer console and configured to receive and execute commands. A user interface is provided in the console and configured to send commands to and receive information from the local agent, process the information, and present the processed information. A database is configured to store the information received from the local agent. A network interface is connected to the local agent and configured to communicate with the remote agent installed in the target computer network via a network. Security vulnerability exploitation modules are provided for execution by the local agent and/or the remote agent.