US Patent 11005878 Cooperation between reconnaissance agents in penetration testing campaigns

Methods and systems are disclosed for carrying out penetration testing campaigns of a networked system. These include having a reconnaissance agent software module (RASM) installed on a first network node detect an occurrence of a risky event in the node, an event that would allow an attacker of the penetration testing campaign to compromise the node if a specific Boolean condition is satisfied; in response to detecting the risky event, the RASM sends queries to a second network node requesting information, receives answers to the queries including at least one or more portions of the requested information, and, based on the received information, determines that the specific Boolean condition is satisfied and concludes that the node could be compromised by the attacker of the penetration testing campaign. Based on the above, a security vulnerability may be reported.