Abstract: A testing computer system communicates with a client computer system coupled to one or more target computer systems. The testing computer system sends test payloads to the client computer system, which are forwarded to the target computer systems. Based on the test results generated by the target computer system, the testing computer system generates a runtime payload that is executable to perform a response to a security breach identified using the test results and sends the runtime payload to the client computer platform for execution. The testing computer system receives from the client computer platform an indication of the execution of the runtime payload.

Abstract: A testing computer system communicates with a cloud computing platform coupled to one or more target computer systems. The testing computer system receives a list of target computer systems from the cloud computing platform, generates respective test payloads for a set of the target systems, and sends the test payloads to the set of target systems. Each respective test payload is useable by its respective target system to perform a security scan of the target system and send test results to the testing computer system and includes instructions that cause the test payloads to be deleted after the security scan is performed. The testing computer system receives test results generated by the set of target systems and evaluates the test results to determine whether any of the set of target systems is implicated in a security breach.

Abstract: A testing computer system communicates with a client computer system coupled to one or more target computer systems. The testing computer system sends test payloads to the client computer system, which are forwarded to the target computer systems. Based on the test results generated by the target computer system, the testing computer system generates a runtime payload that is executable to perform a response to a security breach identified using the test results and sends the runtime payload to the client computer platform for execution. The testing computer system receives from the client computer platform an indication of the execution of the runtime payload.

Abstract: Techniques are disclosed relating to detecting potential malware. A computer system may access process information identifying a set of software modules stored in a memory space allocated for a computer process. The computer system may determine address ranges that are respectively associated with a software module and define a segment in the memory space where program instructions are stored corresponding to that software module. The computer system may access thread information specifying, for each of a set of threads, a start address that identifies a location from which an initial program instruction is to be retrieved to begin execution of that thread. The computer system may make a determination that a thread is associated with a start address identifying a location outside of all address ranges, but within the memory space. Based on the determination, the computer system may classify the thread as being associated with malicious activity.

Abstract: Techniques are disclosed relating to detecting potential malware. A computer system may access process information identifying a set of software modules stored in a memory space allocated for a computer process. The computer system may determine address ranges that are respectively associated with a software module and define a segment in the memory space where program instructions are stored corresponding to that software module. The computer system may access thread information specifying, for each of a set of threads, a start address that identifies a location from which an initial program instruction is to be retrieved to begin execution of that thread. The computer system may make a determination that a thread is associated with a start address identifying a location outside of all address ranges, but within the memory space. Based on the determination, the computer system may classify the thread as being associated with malicious activity.