Home Contact

OAT

OCS Assessment Tool

What is OAT?

OAT is an Open Source Security tool designed to check the password strength of Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place.

OAT v2.0 is released!!!

Features

  • Online Dictionary Attack
  • Presence Stealing
  • Contact List Stealing
  • Targeted IM Flood
  • Targeted Call Walk
  • Communicator DoS
  • Audio Call Spam
  • Report Generation

Authors

NEWS: OAT v2.0 presented and released in FRHACK 01!

img Sipera VIPER Lab has released and demonstrated OAT v2.0 in Internal Hacking Conference FRHACK 01 held at Besancon in September 2009!

OAT is the first security assessment tool for Office Communication Server R1/R2




VIPER Lab created OAT because OCS and other Microsoft products are frequently being used as part of a unified communications infrastructure in many enterprises. Our mission is to help IT manager and security practitioners evaluate the security architecture of their deployments and ensure that their mission-critical communications and systems are protected.



OAT Modes

  • Internal Network Attack Mode

    • Internal network is a deployment scenario where OCS users have unfiltered network connectivity to the OCS server and domain controller.

    In this typical network scenario, OAT allows to launch attacks like

  • Online Dictionary Attack
  • Domain User Enumeration
  • Presence Stealing
  • Contact List Stealing
  • Domain IM Flood
  • Communicator Call DoS
  • Domain Call Walk


  • External Network Attack Mode

    • External Network Attack Mode simulates the real world attack scenario in which an attacker is outside of the corporate IP network. An attacker sourced from outside of the firewall can not directly query the DC unless they know its hostname.

    Once the Dictionary attack is successful against target user, OAT functions like a legitimate OCS client, registering itself with Office Communication Server. Once registered, OAT queries for the contact list of target user and uses this information to create a victim target list. This information is useful for the next attack phase.

    In this typical network scenario, OAT allows to launch attacks like

  • Online Dictionary Attack
  • Domain User Enumeration
  • Presence Stealing
  • Contact List Stealing
  • Domain IM Flood
  • Communicator Call DoS
  • Domain Call Walk

    • The main difference between Internal and External Deployments usage is that OAT can attack all available UC users when used from Internal network while it gets limited to users from contact list when otherwise used from an External network.