Patents Assigned to Core SDI, Incorporated
-
Patent number: 9183397Abstract: A system for providing automated computer security compromise as a service, contains a web server having a web front end running on the web server. The Web server has stored therein pentest definitions. A command and control component processes the pentest definitions, builds pentest task tickets and reporting task tickets, and monitors at least one penetration tester component and/or at least one report generator component. The command and control component interacts with a cloud computing environment to scale up or down the number of penetration tester components and the number of report generator components, and assigns task tickets to the penetration tester and report generator components. At least one penetration tester component runs penetration testing modules available inside the penetration testing framework as instructed by the pentest task tickets. At least one reporter generator component generates reports based on the reporting tasks tickets generated by the command and control service.Type: GrantFiled: June 5, 2012Date of Patent: November 10, 2015Assignee: Core SDI IncorporatedInventors: Ariel Futoransky, Aureliano Emanuel Calvo, Fernando Russ Federico Russ, Jorge Lucangeli Obes, Ariel Waissbein, Alejandro Javier Frydman, Ezequiel David Gutesman, Pedro Oscar Varangot
-
Publication number: 20140237606Abstract: A system for providing automated computer security compromise as a service, contains a web server having a web front end running on the web server. The Web server has stored therein pentest definitions. A command and control component processes the pentest definitions, builds pentest task tickets and reporting task tickets, and monitors at least one penetration tester component and/or at least one report generator component. The command and control component interacts with a cloud computing environment to scale up or down the number of penetration tester components and the number of report generator components, and assigns task tickets to the penetration tester and report generator components. At least one penetration tester component runs penetration testing modules available inside the penetration testing framework as instructed by the pentest task tickets. At least one reporter generator component generates reports based on the reporting tasks tickets generated by the command and control service.Type: ApplicationFiled: June 5, 2012Publication date: August 21, 2014Applicant: Core SDI IncorporatedInventors: Ariel Futoransky, Aureliano Emanuel Calvo, Alejandro Javier Frydman, Ezequiel David Gutesman, Pedro Oscar Varangot, Fernando Russ Federico Russ, Jorge Lucangeli Obes, Ariel Waissbein
-
Patent number: 8484738Abstract: A system and method provide application penetration testing. The system contains logic configured to find at least one vulnerability in the application so as to gain access to data associated with the application, logic configured to confirm the vulnerability and determine if the application can be compromised, and logic configured to compromise and analyze the application by extracting or manipulating data from a database associated with the application. In addition, the method provides for penetration testing of a target by: receiving at least one confirmed vulnerability of the target; receiving a method for compromising the confirmed vulnerability of the target; installing a network agent on the target in accordance with the method, wherein the network agent allows a penetration tester to execute arbitrary operating system commands on the target; and executing the arbitrary operating system commands on the target to analyze risk to which the target may be exposed.Type: GrantFiled: March 6, 2008Date of Patent: July 9, 2013Assignee: Core SDI IncorporatedInventors: Alberto Gustavo Soliño Testa, Gerardo Gabriel Richarte, Fernando Federico Russ, Diego Martin Kelyacoubian, Ariel Futoransky, Diego Bartolome Tiscornia, Ariel Waissbein, Hector Adrian Manrique, Javier Ricardo De Acha Campos, Eduardo Arias, Sebastian Pablo Cufre, Axel Elián Brzostowski
-
Patent number: 8365289Abstract: A system and method for providing network penetration testing from an end-user computer is provided. The method includes the step of determining at least one of a version of a Web browser of a target computer, contact information associated with an end-user that uses the target computer, and applications running on the target computer. The method also includes the steps of determining exploits that are associated with the running applications and that can be used to compromise the target computer, and launching the exploits to compromise the target computer. Network penetration testing may also be provided by performing the steps of determining an operating system of a target computer, selecting one of a group of modules to use in detecting services of the target computer, and detecting the services of the target computer.Type: GrantFiled: April 14, 2008Date of Patent: January 29, 2013Assignee: Core SDI, IncorporatedInventors: Fernando Federico Russ, Alejandro David Weil, Matias Ernesto Eissler, Francisco Javier Dibar, Hector Adrian Manrique
-
Patent number: 8356353Abstract: The present invention provides a system and method for providing computer network attack simulation. The method includes the steps of: receiving a network configuration and setup description; simulating the network configuration based on the received network configuration; receiving at least one confirmed vulnerability of at least one computer, machine, or network device in the simulated network; receiving a method for compromising the confirmed vulnerability of the at least one computer, machine, or network device; and virtually installing a network agent on the at least one computer, machine, or network device, wherein the network agent allows a penetration tester to execute arbitrary operating system calls on the at least one computer, machine, or network device.Type: GrantFiled: June 26, 2008Date of Patent: January 15, 2013Assignee: Core SDI, IncorporatedInventors: Ariel Futoransky, Fernando Carlos Miranda, Jose Ignacio Orlicki, Carlos Emilio Sarraute Yamada
-
Patent number: 8146135Abstract: Method, system, and computer code for implementing privacy protection in a web application, wherein the web application is executed in a web application language execution environment within a web server, the method containing the steps of: establishing at least one inbound tagging rule for tagging objects entering the web application language execution environment, referred to as inbound objects, according to a respective source of each of the inbound objects; assigning a tag to at least one of the inbound objects being operated on by the web application language execution environment based on the at least one inbound tagging rule; establishing at least one privacy rule for performing privacy actions on at least one object that is outbound from the web application language execution environment, referred to as outbound objects, according to a respective tag of each of the outbound objects; and performing a privacy action on the at least one outbound object being operated on by the web application language exType: GrantFiled: October 21, 2010Date of Patent: March 27, 2012Assignee: Core SDI, IncorporatedInventors: Ariel Waissbein, Ariel Futoransky, Diego Bartolome Tiscornia, Ezequiel David Gutesman
-
Patent number: 7757293Abstract: A system is provided for performing penetration testing of a target computer network by installing a remote agent in the target computer network. The system includes a local agent provided in a computer console and configured to receive and execute commands. A user interface is provided in the console and configured to send commands to and receive information from the local agent, process the information, and present the processed information. A database is configured to store the information received from the local agent. A network interface is connected to the local agent and configured to communicate with the remote agent installed in the target computer network via a network. Security vulnerability exploitation modules are provided for execution by the local agent and/or the remote agent.Type: GrantFiled: April 16, 2007Date of Patent: July 13, 2010Assignee: Core SDI, IncorporatedInventors: Maximiliano Gerardo Caceres, Gerardo Gabriel Richarte, Agustin Azubel Friedman, Ricardo Quesada, Luciano Notarfrancesco, Oliver Friederichs, Javier Burroni, Gustavo Ajzenman, Gabriel Becedillas, Bruce Leidl
-
Patent number: 7549147Abstract: A method for protecting software is provided, where source code for the software has a first directive marking an encryption beginning point and a second directive marking an encryption end point. The method contains the steps of: processing the source code to identify a block of code between the first and second directives; compiling the source code to produce a binary file; generating a valid key and a random string; encrypting the random string with the key to obtain a first encrypted value; encrypting a portion of the binary file corresponding to the block of code with the valid key to obtain a second encrypted value; and replacing the portion of the binary file corresponding to the block of code with the second encrypted value and code that can decrypt the second encrypted value during execution of the software.Type: GrantFiled: April 15, 2003Date of Patent: June 16, 2009Assignee: Core SDI, IncorporatedInventors: Ariel Futoransky, Carlos Emilio Sarraute Yamada, Diego Ariel Bendersky, Luciano Notarfrancesco, Ariel Waissbein
-
Publication number: 20080263671Abstract: A system and method provide application penetration testing. The system contains logic configured to find at least one vulnerability in the application so as to gain access to data associated with the application, logic configured to confirm the vulnerability and determine if the application can be compromised, and logic configured to compromise and analyze the application by extracting or manipulating data from a database associated with the application. In addition, the method provides for penetration testing of a target by: receiving at least one confirmed vulnerability of the target; receiving a method for compromising the confirmed vulnerability of the target; installing a network agent on the target in accordance with the method, wherein the network agent allows a penetration tester to execute arbitrary operating system commands on the target; and executing the arbitrary operating system commands on the target to analyze risk to which the target may be exposed.Type: ApplicationFiled: March 6, 2008Publication date: October 23, 2008Applicant: Core SDI, IncorporatedInventors: Alberto Gustavo Solino Testa, Gerardo Gabriel Richarte, Fernando Federico Russ, Diego Martin Kelyacoubian, Ariel Futoransky, Diego Bartolome Tiscornia, Ariel Waissbein, Hector Adrian Manrique, Javier Ricardo De Acha Campos, Eduardo Arias, Sebastian Pablo Cufre, Axel Elian Brzostowski
-
Patent number: 7277937Abstract: A system is provided for executing a system call originating in a local computer on a first remote computer connected to the local computer via a network. Communication is established between the local computer and the first remote computer via the network. A syscall server is installed in the first remote computer. A reference address is sent from the first remote computer to the local computer via the network through execution of code by the syscall server. A syscall request is built in the local computer with arguments determined using the reference address received from the first remote computer. The syscall request is sent from the local computer to the first remote computer via the network. The syscall request is copied into a stack of the first remote computer through execution of code by the syscall server. Registers are popped from the syscall request in the stack. Execution of a syscall request is initiated on the first remote computer. The result of the syscall request is pushed onto the stack.Type: GrantFiled: July 16, 2003Date of Patent: October 2, 2007Assignee: Core SDI, IncorporatedInventors: Maximiliano Gabriel Caceres, Javier Burroni, Gustavo Ajzenman, Ricardo Quesada, Gerardo Gabriel Richarte, Luciano Notarfrancesco, Bruce Robert Leidl, Agustin Azubel Friedman, Gabriel Martin Becedillas Ruiz
-
Patent number: 7228566Abstract: A system is provided for performing penetration testing of a target computer network by installing a remote agent in the target computer network. The system includes a local agent provided in a computer console and configured to receive and execute commands. A user interface is provided in the console and configured to send commands to and receive information from the local agent, process the information, and present the processed information. A database is configured to store the information received from the local agent. A network interface is connected to the local agent and configured to communicate with the remote agent installed in the target computer network via a network. Security vulnerability exploitation modules are provided for execution by the local agent and/or the remote agent.Type: GrantFiled: January 22, 2002Date of Patent: June 5, 2007Assignee: Core SDI, IncorporatedInventors: Maximiliano Gerardo Caceres, Gerardo Gabriel Richarte, Agustin Azubel Friedman, Ricardo Quesada, Luciano Notarfrancesco, Oliver Friederichs, Javier Burroni, Gustavo Ajzenman, Gabriel Becedillas, Bruce Leidl
-
Publication number: 20060143688Abstract: Method, system, and computer code for implementing security and privacy policy in a web application having an execution environment in which a representation of each object handled by the execution environment accommodates data and an associated tag. An inbound tagging rule is established for tagging inbound objects according to a respective source of each of the inbound objects. A tag is assigned to an object being operated on by the execution environment based on the inbound tagging rule. A security/privacy rule is established for performing security/privacy actions on outbound objects according to a respective tag of each of the outbound objects. A security/privacy action is performed on the object being operated on by the execution environment based on the security/privacy rule.Type: ApplicationFiled: October 31, 2005Publication date: June 29, 2006Applicant: CORE SDI, IncorporatedInventors: Ariel Futoransky, Ariel Waissbein, Diego Tiscornia, Ezequiel Gutesman
-
Publication number: 20040128667Abstract: A system is provided for executing a system call originating in a local computer on a first remote computer connected to the local computer via a network. Communication is established between the local computer and the first remote computer via the network. A syscall server is installed in the first remote computer. A reference address is sent from the first remote computer to the local computer via the network through execution of code by the syscall server. A syscall request is built in the local computer with arguments determined using the reference address received from the first remote computer. The syscall request is sent from the local computer to the first remote computer via the network. The syscall request is copied into a stack of the first remote computer through execution of code by the syscall server. Registers are popped from the syscall request in the stack. Execution of a syscall request is initiated on the first remote computer. The result of the syscall request is pushed onto the stack.Type: ApplicationFiled: July 16, 2003Publication date: July 1, 2004Applicant: Core SDI, IncorporatedInventors: Maximiliano Gerardo Caceres, Javier Burroni, Gustavo Ajzenman, Ricardo Quesada, Gerardo Gabriel Richarte, Luciano Notarfrancesco, Bruce Robert Leidl, Agustin Azubel Friedman, Gabriel Martin Becedillas Ruiz
-
Publication number: 20030221116Abstract: A security framework is provided for protecting software. The source code for the software has directives marking portions of the source code to be modified or encrypted. The source code is modified using a random factor based on the directives. The source code is compiled to produce a binary file. Source code starting and ending lines and binary file positions of each of the blocks to be encrypted are stored. Portions of the binary file that correspond to each of these blocks are encrypted. Each of these blocks is decrypted when a function inside the block is required during execution of the software.Type: ApplicationFiled: April 15, 2003Publication date: November 27, 2003Applicant: Core SDI, IncorporatedInventors: Ariel Futoransky, Carlos Emilio Sarraute Yamada, Diego Ariel Bendersky, Luciano Notarfrancesco, Ariel Waissbein
-
Publication number: 20030220940Abstract: A system and method are provided for analyzing audit log data. Text strings from a plurality of devices are stored in a log database, each of the text strings being indicative of an audit event in the respective device. At least a portion of the text strings are retrieved from the log database and the retrieved text strings are parsed according to pre-defined parsing rules. Each of the retrieved text strings is mapped to a respective audit event. The retrieved text strings are mapped based on the respective audit event. Representations of the filtered text strings are displayed on a grid using color-coded areas. The horizontal axis of the grid represents a first time scale and the vertical axis of the grid represents a second time scale different from the first time scale.Type: ApplicationFiled: April 15, 2003Publication date: November 27, 2003Applicant: Core SDI, IncorporatedInventors: Ariel Futoransky, Emiliano Kargieman, Diego Ariel Bendersky, Luciano Notarfrancesco, Gerardo Gabriel Richarte, Ivan Francisco Arce, Alejo Sanchez, Diego Ariel Aizemberg