Patents Assigned to CORE, SDI, Inc.
  • Publication number: 20110061104
    Abstract: A system and method for automated probabilistic planning of network attacks against infrastructures of computer networks and applications is provided. The embodiments automate the analysis and probabilistic planning of multi-step attacks to computer and application networks (in particular in the context of automating penetration tests), optimizing with respect to one of the following metrics: the probability of success of the actions, a numerical parameter that must be minimized (e.g., running time), or the number of logs generated by the control devices in the target network.
    Type: Application
    Filed: September 8, 2010
    Publication date: March 10, 2011
    Applicant: CORE SDI, INC.
    Inventors: Carlos Emilio Sarraute Yamada, Ariel Futoransky, Gerardo Gabriel Richarte, Jorge Lucangeli Obes
  • Patent number: 7831995
    Abstract: Method, system, and computer code for implementing security and privacy policy in a web application having an execution environment in which a representation of each object handled by the execution environment accommodates data and an associated tag. An inbound tagging rule is established for tagging inbound objects according to a respective source of each of the inbound objects. A tag is assigned to an object being operated on by the execution environment based on the inbound tagging rule. A security/privacy rule is established for performing security/privacy actions on outbound objects according to a respective tag of each of the outbound objects. A security/privacy action is performed on the object being operated on by the execution environment based on the security/privacy rule.
    Type: Grant
    Filed: October 31, 2005
    Date of Patent: November 9, 2010
    Assignee: CORE, SDI, Inc.
    Inventors: Ariel Futoransky, Ariel Waissbein, Diego Bartolome Tiscornia, Ezequiel Gutesman
  • Publication number: 20090007270
    Abstract: The present invention provides a system and method for providing computer network attack simulation. The method includes the steps of: receiving a network configuration and setup description; simulating the network configuration based on the received network configuration; receiving at least one confirmed vulnerability of at least one computer, machine, or network device in the simulated network; receiving a method for compromising the confirmed vulnerability of the at least one computer, machine, or network device; and virtually installing a network agent on the at least one computer, machine, or network device, wherein the network agent allows a penetration tester to execute arbitrary operating system calls on the at least one computer, machine, or network device.
    Type: Application
    Filed: June 26, 2008
    Publication date: January 1, 2009
    Applicant: Core SDI, Inc
    Inventors: Ariel Futoransky, Fernando Carlos Miranda, Jose Ignacio Orlicki, Carlos Emilio Sarraute Yamada
  • Publication number: 20080256638
    Abstract: A system and method for providing network penetration testing from an end-user computer is provided. The method includes the step of determining at least one of a version of a Web browser of a target computer, contact information associated with an end-user that uses the target computer, and applications running on the target computer. The method also includes the steps of determining exploits that are associated with the running applications and that can be used to compromise the target computer, and launching the exploits to compromise the target computer. Network penetration testing may also be provided by performing the steps of determining an operating system of a target computer, selecting one of a group of modules to use in detecting services of the target computer, and detecting the services of the target computer.
    Type: Application
    Filed: April 14, 2008
    Publication date: October 16, 2008
    Applicant: Core SDI, Inc.
    Inventors: Fernando Federico Russ, Alejandro David Weil, Matias Ernesto Eissler, Francisco Javier Dibar, Hector Adrian Manrique
  • Publication number: 20070204347
    Abstract: A system is provided for performing penetration testing of a target computer network by installing a remote agent in the target computer network. The system includes a local agent provided in a computer console and configured to receive and execute commands. A user interface is provided in the console and configured to send commands to and receive information from the local agent, process the information, and present the processed information. A database is configured to store the information received from the local agent. A network interface is connected to the local agent and configured to communicate with the remote agent installed in the target computer network via a network. Security vulnerability exploitation modules are provided for execution by the local agent and/or the remote agent.
    Type: Application
    Filed: April 16, 2007
    Publication date: August 30, 2007
    Applicant: Core SDI, Inc.
    Inventors: Maximiliano Caceres, Gerardo Richarte, Agustin Friedman, Ricardo Quesada, Luciano Notarfrancesco, Oliver Friedrichs, Javier Burroni, Gustavo Ajzenman, Gabriel Becedillas, Bruce Leidl
  • Publication number: 20030177376
    Abstract: A system is provided for controlling access to information technology assets in a computer network. The system includes a ticket manager server configured to generate tickets based on user data in a master database. A ticket manager client, resident on a workstation, is configured to receive tickets from the ticket manager server and distribute resource data obtained from the tickets to network security modules. The user data includes resource registers, each of which has a type field designating a particular security module, resource data for use by the designated security module, and an execution domain field that exclusively designates an execution environment in which the designated security module can use the resource data.
    Type: Application
    Filed: January 30, 2003
    Publication date: September 18, 2003
    Applicant: Core SDI, Inc.
    Inventors: Ivan Francisco Fernando Arce Velleggia, Ariel Futoransky, Gerardo Gabriel Richarte, Emiliano Kargieman, Carlos Hernan Ochoa