Abstract: Methods and systems of testing for phishing security vulnerabilities are disclosed, including methods of penetration testing of a network node by a penetration testing system comprising a reconnaissance agent software module installed in the network node, and a penetration testing software module installed on a remote computing device. Penetration testing systems are provided so as to locally detect weaknesses that would expose network nodes to phishing-based attacks.

Abstract: Systems and methods of carrying out a penetration testing campaign of a networked system by a penetration testing system, in which reconnaissance agent software modules are dynamically removed from at least one network node based on changing conditions in the tested networked system. The networked system includes multiple network nodes, and the penetration testing system includes a penetration testing software module and a reconnaissance agent software module installed on at least some network nodes of the multiple network nodes. For one network node, a dynamic Boolean uninstalling condition is evaluated, and in response to determining that the dynamic Boolean uninstalling condition is satisfied for that network node, the reconnaissance agent software module is uninstalled from that network node.

Abstract: Methods and systems for carrying out campaigns of penetration testing for discovering and reporting security vulnerabilities of a networked system. Penetration testing campaigns are carried out based on pre-defined penetration testing scenarios associated with respective time tags. A penetration testing scenario is selected by a user from a set of pre-defined test scenarios, the set containing only pre-defined test scenarios with time tags matching a scheduled starting time of a penetration testing campaign.

Abstract: Methods and systems for sharing the access rights of multiple users in a computing system, each of the multiple users having corresponding user credentials and corresponding access rights to controlled objects in the computing system, so as to enable a specific user to temporarily access controlled objects for which he does not have access rights, and another user does have access rights.

Abstract: Methods and systems for executing a penetration test of a networked system by a penetration testing system so as to determine a method by which an attacker could compromise the networked system, and/or for distributing common sets of data to nodes of a networked system. The methods and systems include identifying network nodes which have shared broadcast domains.

Abstract: Methods and systems for executing a penetration test of a networked system by a penetration testing system so as to determine a method by which an attacker could compromise the networked system, and/or for distributing common sets of data to nodes of a networked system. The methods and systems include identifying network nodes which have shared broadcast domains.

Abstract: Penetration testing campaigns are carried out using a lateral movement strategy based at least in part on information about files stored in network nodes of the networked system. Information is obtained about files stored in a plurality of network nodes of the networked system, and based on the obtained information, a corresponding data-value score for each network node of the plurality of network nodes is determined according to a common data-value metric. The penetration testing campaign is executed, during which a next network node targeted for determining its compromisability is selected based on the data-value scores corresponding to at least some of the plurality of network nodes. Based on results of the penetration testing campaign, a method by which an attacker could compromise the networked system is determined and reported.

Abstract: A simulated penetration testing system that assigns network nodes of the tested networked system to classes based on current information about the compromisability of the nodes at a current state of a penetration testing campaign, the classes consisting of (i) a red class for nodes known to be compromisable by the attacker in a way that gives the attacker full control of the nodes, (ii) a blue class for nodes that are not known to be compromisable by the attacker, and (iii) a purple class for nodes known to be compromisable by the attacker in a way that does not give the attacker full control of the purple-class-member network node. The campaign tests whether an attacker would be able to achieve full control of a target node by using privilege escalation techniques and one or more access rights achieved by compromising the target node.

Abstract: Methods and systems for penetration testing of a networked system by a penetration testing system. In some embodiments, both active and passive validation methods are used during a single penetration testing campaign in a single networked system. In other embodiments, a first penetration testing campaign uses only active validation and a second penetration campaign uses only passive validation, where both campaigns are performed by a single penetration testing system in a single networked system. Node-by-node determination of whether to use active or passive validation can be based on expected extent and/or likelihood of damage from actually compromising a network node using active validation.

Abstract: Methods and systems for carrying out multiple campaigns of penetration testing using different lateral movement strategies for discovering and reporting security vulnerabilities of a networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks.

Abstract: Methods and systems for executing a penetration test of a networked system by a penetration testing system so as to determine a method by which an attacker could compromise the networked system, and/or for distributing common sets of data to nodes of a networked system. The methods and systems include identifying network nodes which have shared broadcast domains.

Abstract: Methods and systems for executing a penetration test of a networked system by a penetration testing system so as to determine a method by which an attacker could compromise the networked system, and/or for distributing common sets of data to nodes of a networked system. The methods and systems include identifying network nodes which have shared broadcast domains.

Abstract: Methods and systems for carrying out campaigns of penetration testing for discovering and reporting security vulnerabilities of a networked system. Penetration testing campaigns are carried out based on pre-defined penetration testing scenarios associated with respective time tags. A penetration testing scenario is selected by a user from a set of pre-defined test scenarios, the set containing only pre-defined test scenarios with time tags matching a scheduled starting time of a penetration testing campaign.

Abstract: Methods and systems for penetration testing of a networked system by a penetration testing system. In some embodiments, both active and passive validation methods are used during a single penetration testing campaign in a single networked system. In other embodiments, a first penetration testing campaign uses only active validation and a second penetration campaign uses only passive validation, where both campaigns are performed by a single penetration testing system in a single networked system. Node-by-node determination of whether to use active or passive validation can be based on expected extent and/or likelihood of damage from actually compromising a network node using active validation.

Abstract: This patent application discloses methods and systems for alerting computerized motor-vehicles about predicted accidents. In an example method, a motor vehicle alerts another motor vehicle about a predicted accident, even though that accident is between the alerting car and a third motor vehicle—for example, the alert is transmitted by non-visual electromagnetic (EM) radiation. When an adjacent motor vehicle receives such accident alert and determines it might itself be hit, it will react so as to minimize its chances of being hit or at least to minimize the damage if it is being hit. Optionally, one or more of the motor vehicles has an onboard device for measuring a blood-alcohol level of a human driver thereof. The measured blood-alcohol level may be used to compute a probability of an occurrence of an accident and/or may be included in one or more of the transmitted accident alerts.

Abstract: Methods and systems for providing a recommendation for improving the security of a networked system against attackers. The recommendation may include a recommendation of a single attacker step to be blocked to achieve optimal improvement in security, or of multiple such attacker steps. If the recommendation includes multiple attacker steps, the steps may be ordered such that the first attacker step is more important to block, provides a greater benefit by blocking, or is more cost effective to block than subsequent attacker steps in the ordered list of attacker steps.

Abstract: Methods and systems for penetration testing of a networked system by a penetration testing system that is user-interface controlled, so that a penetration testing campaign is executed according to manually and explicitly-selected capabilities of an attacker of the campaign. The testing includes receiving manually-entered inputs explicitly selecting one or more capabilities of the attacker of the penetration testing campaign, executing the penetration testing according to the selected capabilities of the attacker, and reporting at least one security vulnerability determined to exist in the networked system.

Abstract: Methods and systems for penetration testing of a networked system by a penetration testing system. In some embodiments, both active and passive validation methods are used during a single penetration testing campaign in a single networked system. In other embodiments, a first penetration testing campaign uses only active validation and a second penetration campaign uses only passive validation, where both campaigns are performed by a single penetration testing system in a single networked system. Node-by-node determination of whether to use active or passive validation can be based on expected extent and/or likelihood of damage from actually compromising a network node using active validation.

Abstract: Methods and devices for enhancing user experience while a user is watching a content item using a content playing device, by proposing and/or displaying an enrichment content item related to the content item watched by the user, where the enrichment content item is assigned a dynamic title. The dynamic title may be a different title at different instances the enrichment content item is recommended to a user. The dynamic title may be based on a connection between the content item watched by the user and the enrichment content item. The dynamic title may be automatically generated, in real time, based on such a connection, or may be selected, in real-time, from a group of pre-defined titles reflecting different aspects of the watched content item.

Abstract: Methods and systems for presenting, on a user's screen, enrichment data related to a displayed content item, the enrichment data comprising a sequence of related multiple content units, each one of which is (i) is either a content item or a video segment that is a portion of a larger video content item, (ii) has a connection to the displayed content item, (iii) is independent of all other related content units of the multiple related content units, and (iv) is not included in the displayed content item.