US 12,335,317 B2
Cybersecurity reconnaissance, analysis, and scoring using distributed systems
Jason Crabtree, Vienna, VA (US); Joe Gray, Lenoir City, TN (US); Michael James, Independence, MO (US); Richard Kelley, Woodbridge, VA (US); Andrew Sellers, Monument, CO (US); and Farooq Shaikh, Reston, VA (US)
Assigned to QOMPLX LLC, Reston, VA (US)
Filed by QOMPLX LLC, Reston, VA (US)
Filed on Mar. 2, 2024, as Appl. No. 18/593,909.
Application 18/593,909 is a continuation of application No. 17/567,074, filed on Dec. 31, 2021, granted, now 11,924,251.
Application 17/567,074 is a continuation of application No. 16/887,304, filed on May 29, 2020, granted, now 11,297,109, issued on Apr. 5, 2022.
Application 16/887,304 is a continuation in part of application No. 16/837,551, filed on Apr. 1, 2020, granted, now 11,070,592, issued on Jul. 20, 2021.
Application 16/837,551 is a continuation in part of application No. 16/777,270, filed on Jan. 30, 2020, granted, now 11,025,674, issued on Jun. 1, 2021.
Application 16/777,270 is a continuation in part of application No. 16/720,383, filed on Dec. 19, 2019, granted, now 10,944,795, issued on Mar. 9, 2021.
Application 16/720,383 is a continuation of application No. 15/823,363, filed on Nov. 27, 2017, granted, now 10,560,483, issued on Feb. 11, 2020.
Application 16/837,551 is a continuation in part of application No. 15/818,733, filed on Nov. 20, 2017, granted, now 10,673,887, issued on Jun. 2, 2020.
Application 15/818,733 is a continuation in part of application No. 15/725,274, filed on Oct. 4, 2017, granted, now 10,609,079, issued on Mar. 31, 2020.
Application 15/823,363 is a continuation in part of application No. 15/725,274, filed on Oct. 4, 2017, granted, now 10,609,079, issued on Mar. 31, 2020.
Application 15/725,274 is a continuation in part of application No. 15/655,113, filed on Jul. 20, 2017, granted, now 10,735,456, issued on Aug. 4, 2020.
Application 15/655,113 is a continuation in part of application No. 15/616,427, filed on Jun. 7, 2017, abandoned.
Application 15/655,113 is a continuation in part of application No. 15/237,625, filed on Aug. 15, 2016, granted, now 10,248,910, issued on Apr. 2, 2019.
Application 15/616,427 is a continuation in part of application No. 15/206,195, filed on Jul. 8, 2016, abandoned.
Application 15/206,195 is a continuation in part of application No. 15/186,453, filed on Jun. 18, 2016, abandoned.
Application 15/186,453 is a continuation in part of application No. 15/166,158, filed on May 26, 2016, abandoned.
Application 15/166,158 is a continuation in part of application No. 15/141,752, filed on Apr. 28, 2016, granted, now 10,860,962, issued on Dec. 8, 2020.
Application 15/141,752 is a continuation in part of application No. 15/091,563, filed on Apr. 5, 2016, granted, now 10,204,147, issued on Feb. 12, 2019.
Application 15/141,752 is a continuation in part of application No. 14/986,536, filed on Dec. 31, 2015, granted, now 10,210,255, issued on Feb. 19, 2019.
Application 15/141,752 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Application 15/616,427 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Prior Publication US 2024/0250995 A1, Jul. 25, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 16/2458 (2019.01); G06F 16/951 (2019.01)
CPC H04L 63/20 (2013.01) [G06F 16/2477 (2019.01); G06F 16/951 (2019.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01); H04L 63/1408 (2013.01)] 4 Claims
OG exemplary drawing
 
1. A computing system for cybersecurity reconnaissance, analysis, and scoring using distributed computing services, the computing system comprising:
one or more hardware processor configured for:
upon request by a user application:
receiving a domain name for reconnaissance and scoring; and
creating a first queue of Internet search tasks for the domain name using an in-memory associative array service, the search tasks comprising searches for, and receipt of search results for:
a domain name system search for domain name system records;
a domain name system search for domain name system sender policy framework records;
a domain name system search for domain name system domain-based message authentication, reporting, and conformance records; and
a domain name system search for domain name system zone transfer records;
implementing the first queue of Internet search tasks through one or more selectable attribute nodes of a public-facing proxy network;
identifying Internet protocol addresses associated with the domain name from the domain name system records; and
implementing a second queue of Internet protocol address scanning tasks for the identified Internet protocol addresses, the scanning tasks comprising an open port scan for each of a list of open ports for the domain name;
receiving a cybersecurity scoring model comprising category weights for a plurality of categories drawn from: domain name system records, domain name system sender policy framework records, domain name system domain-based message authentication, reporting, and conformance records, zone transfer records, and the list of open ports, and further comprising an algorithm for combining the categories using the category weights;
retrieving the search results and the list of open ports stored in a cloud-based storage bin;
calculating a cybersecurity score by applying the algorithm to the weighted categories; and
generating a cybersecurity profile for the domain name based on the cybersecurity score.