US 12,113,824 B2
Distributed system for autonomous discovery and exploitation of an organization's computing
David Wolpoff, Denver, CO (US); Eric McIntyre, Vancouver, WA (US); and Evan Anderson, Highlands Ranch, CO (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Sep. 9, 2022, as Appl. No. 17/941,958.
Application 17/941,958 is a continuation of application No. 16/783,136, filed on Feb. 5, 2020, granted, now 11,444,968.
Claims priority of provisional application 62/801,778, filed on Feb. 6, 2019.
Claims priority of provisional application 62/900,847, filed on Sep. 16, 2019.
Claims priority of provisional application 62/955,724, filed on Dec. 31, 2019.
Prior Publication US 2023/0015670 A1, Jan. 19, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 9/50 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/1433 (2013.01) [G06F 9/5011 (2013.01); G06F 2209/5011 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A modularized system for evaluation of a vulnerability presented by an instance of software executed by a computing resource, the modularized system configured to receive a set of entity reconnaissance data associated with an entity, comprising:
identifying at least one computing resource likely administered by the entity and, for each respective computing resource:
identifying an instance of software executed by the computing resource:
identifying a vulnerability presented by the instance of software; and
generating or updating an appeal score based at least in part on the vulnerability, the appeal score corresponding to a prediction of attractiveness of the respective computing resource to an exploitation attempt by a third party; and
generating or updating a reconnaissance plan comprising a set of jobs, each job defining at least one computational task, the reconnaissance plan based on one or more of:
at least one appeal score; or
at least one identified vulnerability.