OAT Office Communication Server Tool Assessment released
OAT is a free VoIP security assessment tool designed to test the security configuration of Microsoft OCS SIP infrastructures, for deployment/implementation issues. It’s the first OCS SIP validation tool written in windows. OAT is the first security assessment tool for Office Communication Server 2007 (Including R2)
OAT has a user friendly tabbed interface that begins with a password strength test feature. Once the OAT user has successfully elicited the password, attack modules from subsequent tabs can be used for launching UC attacks against valid, registered OCS users.
Some key features of OAT:
- Online dictionary attack against SIP user credentials
- "Presence Stealing" - automated download of all SIP-enabled domain users and SIP presence enumeration
- IM flood security test of domain/targeted OCS users
- Automated calling of domain/targeted OCS users, for purposes of testing for reconnaissance or DoS
