Patents by Inventor Marina Simakov
Marina Simakov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12063219Abstract: Methods and systems for detecting forged Kerberos protocol tickets are presented. In one embodiment, a method is presented that includes receiving and decrypting an authentication request including a ticket. A validity start time and a validity end time may then be extracted from the ticket and a validity period may be calculated based on the validity start time and the validity end time. The method may then include retrieving a domain validity period from a domain controller and comparing the validity period to the domain validity period. If the validity period differs from the domain validity period, the authentication request may be blocked.Type: GrantFiled: October 6, 2020Date of Patent: August 13, 2024Assignee: CrowdStrike, Inc.Inventors: Marina Simakov, Sagi Sheinfeld
-
Publication number: 20240250943Abstract: A security agent configured to initiate multifactor authentication (MFA) in response to security triggers occurring on a computing device. Upon occurrence of a security trigger, the security agent delays action associated with a process on the computing device and provides, to a display of a user of the computing device, a prompt asking if the security trigger resulted from an action of the user. The security agent then initiates MFA with an MFA provider to authenticate the user and, based at least on a result of the MFA and the user answer to the prompt, takes further action. The user answer may be provided separately from the MFA or through successful completion of the MFA.Type: ApplicationFiled: January 20, 2023Publication date: July 25, 2024Inventors: Marina Simakov, Yaron Zinar
-
Publication number: 20240054209Abstract: Techniques and systems are described for enabling an identity provider to identify a computing device during authentication of a user that uses the computing device, and to do so in a manner that is independent of a browser and/or a client application and/or an operating system on the computing device. For example, upon receiving, from a first identity provider, redirection data to redirect an authentication request to a second identity provider, a security agent executing on the computing device may intercept the authentication request, retrieve data about the computing device, and send the authentication request with the device data to the second identity provider. Upon receiving, from the second identity provider, a signed response to the authentication request, the computing device may send the signed response to the first identity provider to receive a result of the authentication request from the first identity provider.Type: ApplicationFiled: August 9, 2022Publication date: February 15, 2024Inventors: Marina Simakov, Eyal Karni, Yaron Zinar
-
Patent number: 11233790Abstract: A method is provided for verifying an authentication request to a computer network. The method may include receiving a network packet and extracting an authentication request from the network packet. The authentication request may be encrypted to store attribute-value pairs, and the method may further include decrypting the authentication request to access the attribute-value pairs. The method may also include extracting a target name and a device name from the attribute-value pairs, wherein the device name indicates an identified target device, and determining whether the target name refers to the identified target device identified by the device name.Type: GrantFiled: February 19, 2020Date of Patent: January 25, 2022Assignee: Crowd Strike, Inc.Inventors: Yaron Zinar, Marina Simakov, Avraham Kama
-
Publication number: 20210105285Abstract: Methods and systems for detecting forged Kerberos protocol tickets are presented. In one embodiment, a method is presented that includes receiving and decrypting an authentication request including a ticket. A validity start time and a validity end time may then be extracted from the ticket and a validity period may be calculated based on the validity start time and the validity end time. The method may then include retrieving a domain validity period from a domain controller and comparing the validity period to the domain validity period. If the validity period differs from the domain validity period, the authentication request may be blocked.Type: ApplicationFiled: October 6, 2020Publication date: April 8, 2021Inventors: Marina Simakov, Sagi Sheinfeld
-
Patent number: 10915622Abstract: Embodiments are directed to monitoring local users' activity without installing an agent on a monitored machine. Periodic scans of the local users' directory using the standard protocol messages and APIs of a remote admin interface provide access to local machine data. Using the remote admin interface, defenders gain visibility to local users' logons, group membership, password changes, and other parameters. Security applications enabled by this visibility include, but are not limited to, abnormal logons detection, abnormal group addition and removal detection, and abnormal password changes detection.Type: GrantFiled: June 20, 2017Date of Patent: February 9, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Marina Simakov, Tal Be'ery, Itai Grady Ashkenazy, Chaim Menachem Hoch, Tal Joseph Maor
-
Publication number: 20200274870Abstract: A method is provided for verifying an authentication request to a computer network. The method may include receiving a network packet and extracting an authentication request from the network packet. The authentication request may be encrypted to store attribute-value pairs, and the method may further include decrypting the authentication request to access the attribute-value pairs. The method may also include extracting a target name and a device name from the attribute-value pairs, wherein the device name indicates an identified target device, and determining whether the target name refers to the identified target device identified by the device name.Type: ApplicationFiled: February 19, 2020Publication date: August 27, 2020Inventors: Yaron Zinar, Marina Simakov, Avraham Kama
-
Patent number: 10587611Abstract: The network logon protocol used in a pass-through authentication request embedded in an encrypted network packet is identified. A protocol detection engine correlates events and network requests received at a domain controller in order to use the data contained in a correlated pair to determine a size of a challenge response in the encrypted network packet. The size of the response is used to identify the network logon protocol used in the pass-through authentication request.Type: GrantFiled: August 29, 2017Date of Patent: March 10, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Tal Joseph Maor, Itai Grady Ashkenazy, Michael Dubinsky, Marina Simakov
-
Publication number: 20190068573Abstract: The network logon protocol used in a pass-through authentication request embedded in an encrypted network packet is identified. A protocol detection engine correlates events and network requests received at a domain controller in order to use the data contained in a correlated pair to determine a size of a challenge response in the encrypted network packet. The size of the response is used to identify the network logon protocol used in the pass-through authentication request.Type: ApplicationFiled: August 29, 2017Publication date: February 28, 2019Inventors: TAL JOSEPH MAOR, ITAI GRADY ASHKENAZY, MICHAEL DUBINSKY, MARINA SIMAKOV
-
Patent number: 10148639Abstract: Brute force attacks on a given account with various password attempts are a common threat to computer security. When a suspected brute force on an account is detected, systems may lock the account from access, which is frustrating to users and time consuming for administrators in the event of a false positive. To reduce the number of false positives, brute force counterattacks are taught in the present disclosure. A brute force counterattack is used to learn whether the login attempts change the passwords attempted, and are to be classified as malicious, or keep the attempted password the same in multiple attempts, and are to be classified as benign.Type: GrantFiled: May 24, 2016Date of Patent: December 4, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Idan Plotnik, Michael Dolinsky, Sivan Krigsman, Tal Arieh Be'ery, Gil David, Marina Simakov
-
Publication number: 20180218134Abstract: The present disclosure is directed to systems, methods and devices for determining computer ownership in a distributed computer network associated with a directory service. Username similarity between username textual attributes and a computer's associated account management name may be determined. Network traffic information and event logs may be analyzed and determinations regarding local behavior and user behavior relating to a plurality of computers on a distributed computer network may be made. Local user data and an owner candidate list may be generated therefrom. Directory service data, including ownership attributes, may be analyzed to determine whether a user is the owner of a computer.Type: ApplicationFiled: May 27, 2017Publication date: August 2, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Tal Arieh Be'ery, Igal Gofman, Marina Simakov, Itai Grady, Gil David
-
Publication number: 20180107820Abstract: Embodiments are directed to monitoring local users' activity without installing an agent on a monitored machine. Periodic scans of the local users' directory using the standard protocol messages and APIs of a remote admin interface provide access to local machine data. Using the remote admin interface, defenders gain visibility to local users' logons, group membership, password changes, and other parameters. Security applications enabled by this visibility include, but are not limited to, abnormal logons detection, abnormal group addition and removal detection, and abnormal password changes detection.Type: ApplicationFiled: June 20, 2017Publication date: April 19, 2018Inventors: Marina SIMAKOV, Tal BE'ERY, Itali Grady ASHKENAZY, Chaim Menachem HOCH, Tal Joseph MAOR
-
Publication number: 20170346809Abstract: Brute force attacks on a given account with various password attempts are a common threat to computer security. When a suspected brute force on an account is detected, systems may lock the account from access, which is frustrating to users and time consuming for administrators in the event of a false positive. To reduce the number of false positives, brute force counterattacks are taught in the present disclosure. A brute force counterattack is used to learn whether the login attempts change the passwords attempted, and are to be classified as malicious, or keep the attempted password the same in multiple attempts, and are to be classified as benign.Type: ApplicationFiled: May 24, 2016Publication date: November 30, 2017Applicant: Microsoft Technology Licensing, LLC.Inventors: Idan Plotnik, Michael Dolinsky, Sivan Krigsman, Tal Arieh Be'ery, Gil David, Marina Simakov