Abstract: The present invention discloses system and method to perform automated red teaming in organizational network replacing conventional orchestration and playbooks. The method includes obtaining input data and exit criterion for an organization from data sources. Further, the method includes determining attack surface associated with the organization based on the obtained input data and the exit criterion. The method includes identifying attack frontiers for the attack surfaces. Further, the method includes prioritizing the attack frontiers. Additionally, the method includes simulating the attack frontiers at the attack surfaces based on the prioritization. Moreover, the method includes determining attack paths associated with the attack surface based on results of simulation. Also, the method includes learning attack patterns associated with the attack paths based on the results of execution.

Abstract: The present invention discloses system and method to perform automated red teaming in organizational network replacing conventional orchestration and playbooks. The method includes obtaining input data and exit criterion for an organization from data sources. Further, the method includes determining attack surface associated with the organization based on the obtained input data and the exit criterion. The method includes identifying attack frontiers for the attack surfaces. Further, the method includes prioritizing the attack frontiers. Additionally, the method includes simulating the attack frontiers at the attack surfaces based on the prioritization. Moreover, the method includes determining attack paths associated with the attack surface based on results of simulation. Also, the method includes learning attack patterns associated with the attack paths based on the results of execution.

Abstract: A processor implemented method of performing a security web application testing based on a hybrid pipelined application which includes (a) receiving, a scan profile selected from a group includes (i) an uniform resource locator associated with an application, (ii) one or more scan attack templates, (iii) one or more attack rules, and (iv) one or more automation scan results, (b) generating, a one or more possible tasks based on the scan profile, (c) selecting, at least a sub-set of tasks from the one or more possible tasks, (d) assigning, the sub-set of tasks to an automated task performing tool, and a user for execution, (e) obtaining, one or more tasks results associated with the sub-set of tasks executed by the automated task performing tool, and the user, and (f) updating, a database based on the one or more tasks results.

Abstract: A processor implemented method of performing a security web application testing based on a hybrid pipelined application which includes (a) receiving, a scan profile selected from a group includes (i) an uniform resource locator associated with an application, (ii) one or more scan attack templates, (iii) one or more attack rules, and (iv) one or more automation scan results, (b) generating, a one or more possible tasks based on the scan profile, (c) selecting, at least a sub-set of tasks from the one or more possible tasks, (d) assigning, the sub-set of tasks to an automated task performing tool, and a user for execution, (e) obtaining, one or more tasks results associated with the sub-set of tasks executed by the automated task performing tool, and the user, and (f) updating, a database based on the one or more tasks results.

Abstract: The present invention describes a method for performing one or more social engineering attacks on a plurality of humans connected in a network for assessing vulnerabilities of the humans, wherein the Network comprises at least one of a plurality of data processing devices, memory devices and a plurality of communication links. The method includes gathering information about human profiles including collecting information about target users from actively used social and search sites and performing an automated Social Engineering (SE) phase and updating an Information Model based on the gathered information. Furthermore, the method includes generating a Multiple Attack Vector (MAV) graph based on the information gathered and one or more scan parameters. Moreover, the method includes launching one or more social engineering attacks based on the MAV graph to assess vulnerabilities in the humans in the Network.

Abstract: The present invention describes a method for simulating a hacking attack on a Network, wherein the Network comprises at least one of a plurality of data processing units (DPUs), a plurality of users and a plurality of communication links, to assess vulnerabilities of the Network. The method includes receiving one or more scan parameters for the Network. Further, the method includes creating at least one master agent by a system to gather information about the Network, wherein the information pertains to critical and non-critical information about the Network. The method includes creating an Information Model and then incrementally updating the Information Model during the hacking attack. The Information Model is the abstract representation of information collected by the system. Furthermore, the method includes generating a Multiple Attack Vector (MAV) graph based on one or more scan parameters and the Information Model.