Abstract: A data collection application is executed on a target system. Various data indicative of privilege elevation pathways is collected, including user account data, file permission data, and system registry data. The collected data is analyzed according to heuristics. System accounts are displayed on a graph as nodes. Detected privilege elevations between the accounts are displayed as edges between their corresponding accounts. A user may customize the displayed graph to focus on particular goal accounts, and categories of privilege elevations.

Abstract: A privilege elevation flaw detection analysis is performed on a host system on a network. In addition, accounts on the host system are identified that have access to, or corresponding accounts on, other systems on the network. Privilege elevation analyses are performed on one or more of the network systems corresponding to the identified accounts. A privilege elevation graph is generated of the host system from the privilege elevation analysis. The graph includes account nodes and edges illustrating the detected privilege elevations between the accounts on the host system. In addition, nodes for the network systems are added to the graphs along with edges connecting to the nodes corresponding to the accounts identified as having access to the particular network systems. The user may then select a particular network system node and view its detected privilege elevations in relation to the host system.

Abstract: Techniques are described herein for securely prompting a user to confirm sensitive operations, input sensitive information or the like. The techniques include receiving or intercepting calls from applications to prompting routines. When a call to a prompting routine is received or intercepted a hint may be provided to the user to switch to a secure desktop. When the user switches from the user desktop to the secure desktop the particular prompt is displayed. The input to the prompt is received on the secure desktop and verified to have been provided by the user. The user input or a representation of the input is then returned to the application running on the user desktop. Using these techniques, interception of prompting messages by malware does not result in sensitive information being revealed. Furthermore, spoofing of new messages by malware does not lead to the dismissal of critical prompting.

Abstract: A privilege elevation flaw detection analysis is performed on a host system on a network. In addition, accounts on the host system are identified that have access to, or corresponding accounts on, other systems on the network. Privilege elevation analyses are performed on one or more of the network systems corresponding to the identified accounts. A privilege elevation graph is generated of the host system from the privilege elevation analysis. The graph includes account nodes and edges illustrating the detected privilege elevations between the accounts on the host system. In addition, nodes for the network systems are added to the graphs along with edges connecting to the nodes corresponding to the accounts identified as having access to the particular network systems. The user may then select a particular network system node and view its detected privilege elevations in relation to the host system.

Abstract: A data collection application is executed on a target system. Various data indicative of privilege elevation pathways is collected, including user account data, file permission data, and system registry data. The collected data is analyzed according to heuristics. System accounts are displayed on a graph as nodes. Detected privilege elevations between the accounts are displayed as edges between their corresponding accounts. A user may customize the displayed graph to focus on particular goal accounts, and categories of privilege elevations.

Abstract: A data collection application is executed on a target system. Various data indicative of privilege elevation pathways is collected, including user account data, file permission data, and system registry data. The collected data is analyzed according to heuristics. Potential privilege elevation pathways are identified based on the analysis and presented to a user or administrator. The effect of a new application on a system can be determined by performing the analysis before the application installation, and comparing the results with an analysis performed after the application installation.

Abstract: One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.