Patents Assigned to Synack, Inc.
-
Publication number: 20160342796Abstract: In one aspect, the disclosure provides: A method comprising: assessing a plurality of researchers as a precondition for receiving an invitation to be a researcher of a distributed plurality of researchers, resulting in the distributed plurality of researchers wherein each researcher is associated with one or more tags in records that identify the researcher for one or more attributes; inviting a subset of the distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more computers that are owned or operated by a third party, the subset of the distributed plurality of researchers selected based on the one or more tags in records that identify the researcher and a description of the computer vulnerabilities of the one or more computers; using a computer that is communicatively coupled to a particular researcher among the subset of the distributed plurality of researchers and a network under test among thType: ApplicationFiled: August 8, 2016Publication date: November 24, 2016Applicant: SYNACK, INC.Inventors: Jay KAPLAN, Mark KUHR
-
Patent number: 9477399Abstract: Embedded devices, such as smart phones, can execute an application for performing a set of discrete tasks. To evaluate applications for security vulnerabilities, the application is executed and monitored. Part of this process involves the time-consuming process of performing or invoking the various user interface elements included in the application. An automated interaction system automatically, without human intervention, simulates various gestures that can be performed within each view of the application. The automated interaction system further identifies unactivated elements within subviews of the views and tracks its interactions to ensure that all of the identified UI elements within each view and subview are activated.Type: GrantFiled: May 19, 2015Date of Patent: October 25, 2016Assignee: Synack, Inc.Inventors: Patrick Wardle, Mark G. Kuhr
-
Patent number: 9473524Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulneraType: GrantFiled: May 20, 2016Date of Patent: October 18, 2016Assignee: SYNACK, INC.Inventors: Jay Kaplan, Mark Kuhr
-
Patent number: 9413780Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulneraType: GrantFiled: May 6, 2014Date of Patent: August 9, 2016Assignee: Synack, Inc.Inventors: Jay Kaplan, Mark Kuhr
-
Publication number: 20160156657Abstract: Computer systems and methods in various embodiments are configured to test the security of a server computer by simulating a wide range of attacks from one or more bot-nets. In an embodiment, a computer system comprising a memory; a processor in a home geographic region coupled to the memory; a plurality of network cards in the home geographic region, coupled to the processor and the memory; wherein each network card in the plurality of network cards is configured to send one or more requests to a remote server computer through a geographic region, of a plurality of geographic regions, that is different than the home geographic region; wherein, for each network card of the plurality of network cards, the processor is configured to store in the memory a geo-mapping, of a plurality of geo-mappings, wherein the geo-mapping indicates the certain geographic region the network card is configured to send the one or more requests to the remote server computer through.Type: ApplicationFiled: October 30, 2015Publication date: June 2, 2016Applicant: SYNACK, INC.Inventors: JAY KAPLAN, MARK KUHR, VLAD CRETU
-
Patent number: 9350753Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulneraType: GrantFiled: September 9, 2015Date of Patent: May 24, 2016Assignee: SYNACK, INC.Inventors: Jay Kaplan, Mark Kuhr
-
Publication number: 20160078221Abstract: In an embodiment, a method comprises downloading an application program to a first storage coupled to a first device, wherein the application program comprises an encrypted portion based on a set of personally identifying data stored on the first storage; configuring the application program to load and execute a pre-compiled library when the application program is launched and which when executed by the first device, causes storing an unencrypted version of the application program on the first storage; launching the application program.Type: ApplicationFiled: November 23, 2015Publication date: March 17, 2016Applicant: SYNACK, INC.Inventors: JAY KAPLAN, MARK KUHR, PATRICK WARDLE
-
Patent number: 9201591Abstract: Embedded devices, such as smart phones, can execute an application for performing a set of discrete tasks. To evaluate applications for security vulnerabilities, a coverage monitoring system generates a directed graph of the application running on the embedded device. The directed graph is generated by logging gestures submitted by a user of the application and logging one or more actions taken by the application in response to the gesture. The gesture can include a click, a text input, or a more complex gesture. In response to the gesture, the application can change a current view, or screen, or can transition to a different view. The coverage monitoring system logs the gestures and logs a screenshot or other data about the response of the application. The logged data is used to generate the directed graph which can be accessed by application analysts and analyzed for security vulnerabilities.Type: GrantFiled: May 19, 2015Date of Patent: December 1, 2015Assignee: Synack, Inc.Inventors: Patrick Wardle, Mark G. Kuhr
-
Patent number: 9195809Abstract: In an embodiment, a method comprises downloading an application program to a first storage coupled to a first device, wherein the application program comprises an encrypted portion based on a set of personally identifying data stored on the first storage; configuring the application program to load and execute a pre-compiled library when the application program is launched and which when executed by the first device, causes storing an unencrypted version of the application program on the first storage; launching the application program.Type: GrantFiled: August 14, 2014Date of Patent: November 24, 2015Assignee: SYNACK, INC.Inventors: Jay Kaplan, Mark Kuhr, Patrick Wardle
-
Patent number: 9178903Abstract: Computer systems and methods in various embodiments are configured to test the security of a server computer by simulating a wide range of attacks from one or more bot-nets. In an embodiment, a computer system including a memory; a processor in a home geographic region coupled to the memory; a plurality of network cards in the home geographic region, coupled to the processor and the memory; wherein each network card in the plurality of network cards is configured to send one or more requests to a remote server computer through a geographic region, of a plurality of geographic regions, that is different than the home geographic region; wherein, for each network card of the plurality of network cards, the processor is configured to store a geo-mapping, which indicates the certain geographic region the network card is configured to send the one or more requests to the remote server computer through.Type: GrantFiled: December 2, 2014Date of Patent: November 3, 2015Assignee: Synack, Inc.Inventors: Jay Kaplan, Mark Kuhr, Vlad Cretu
-
Patent number: 9177156Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular system under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular system under test, monitoring communications between the particular researcher and the particular system under test, wherein the communications relate to attempting to identify a candidate security vulnerabilType: GrantFiled: February 17, 2015Date of Patent: November 3, 2015Assignee: Synack, Inc.Inventors: Jay Kaplan, Mark Kuhr
-
Patent number: 9015847Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulneraType: GrantFiled: May 6, 2014Date of Patent: April 21, 2015Assignee: Synack, Inc.Inventors: Jay Kaplan, Mark Kuhr