Abstract: Carrying out a penetration testing campaign in a networked system by a penetration testing system, for determining a way for an attacker to compromise the networked system, comprises determining that the attacker can obtain user credentials of a first user, determining that when using the user credentials the first user has access rights to a first network node of the networked system, determining that a second network node of the networked system is compromisable by the attacker during the penetration testing campaign, determining that the first network node was accessed from the second network node, and based on the foregoing, determining that the first network node is compromisable by the attacker during the penetration testing campaign, and determining the way for the attacker to compromise the networked system which includes a step of compromising the first network node using the user credentials of the first user.

Abstract: Cybersecurity is enhanced to detect credential spray attacks. Accounts with access failure events are divided into buckets B1 . . . BN based on access failure count ranges R1 . . . RN. For instance, accounts with one logon failure may go in B1, accounts with two failures in B2, etc. Buckets will thus have account involvement extents E1 . . . EN, which are compared to thresholds T1 . . . TN. An intrusion detection tool generates an alert when some Ei hits its Ti. Detection may spot any credential sprays, not merely password sprays. False positives may be reduced by excluding items from consideration, such as logon attempts using old passwords. False positives and false negatives may be balanced by tuning threshold parameters. Breached accounts may be found. Detection may also permit other responses, such as attack disruption, harm mitigation, and attacker identification. Credential spray attack detection may be combined with other security mechanisms for defense in depth of cloud and other network accounts.

Abstract: Methods and systems for carrying out a simulated penetration testing campaign of a networked system for identifying a specific way for an attacker to compromise a networked system, where the specific way includes a step of poisoning the specific network node by the specific network node receiving a poisoned email body, or a poisoned email attachment, which includes malicious code.

Abstract: Carrying out a penetration testing campaign in a networked system by a penetration testing system, for determining a way for an attacker to compromise the networked system, comprises determining that the attacker can obtain user credentials of a first user, determining that when using the user credentials the first user has access rights to a first network node of the networked system, determining that a second network node of the networked system is compromisable by the attacker during the penetration testing campaign, determining that the first network node was accessed from the second network node, and based on the foregoing, determining that the first network node is compromisable by the attacker during the penetration testing campaign, and determining the way for the attacker to compromise the networked system which includes a step of compromising the first network node using the user credentials of the first user.

Abstract: Cybersecurity is enhanced to detect credential spray attacks. Accounts with access failure events are divided into buckets B1 . . . BN based on access failure count ranges R1 . . . RN. For instance, accounts with one logon failure may go in B1, accounts with two failures in B2, etc. Buckets will thus have account involvement extents E1 . . . EN, which are compared to thresholds T1 . . . TN. An intrusion detection tool generates an alert when some Ei hits its Ti. Detection may spot any credential sprays, not merely password sprays. False positives may be reduced by excluding items from consideration, such as logon attempts using old passwords. False positives and false negatives may be balanced by tuning threshold parameters. Breached accounts may be found. Detection may also permit other responses, such as attack disruption, harm mitigation, and attacker identification. Credential spray attack detection may be combined with other security mechanisms for defense in depth of cloud and other network accounts.

Abstract: The present disclosure is directed to systems, methods and devices for determining computer ownership in a distributed computer network associated with a directory service. Username similarity between username textual attributes and a computer's associated account management name may be determined. Network traffic information and event logs may be analyzed and determinations regarding local behavior and user behavior relating to a plurality of computers on a distributed computer network may be made. Local user data and an owner candidate list may be generated therefrom. Directory service data, including ownership attributes, may be analyzed to determine whether a user is the owner of a computer.