Features

  • Lync Support
  • Online Dictionary Attack
  • Presence Stealing
  • Contact List Stealing
  • Targeted IM Flood
  • Targeted Call Walk
  • Communicator DoS
  • Audio Call Spam
  • Report Generation
  • OCS 2007 & OCS 2007 R2

Authors

OAT - OCS Assessment Tool

OAT is an Open Source Security tool designed to check the password strength of Lync and Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place.

OAT has a user friendly tabbed interface that begins with a password strength test feature. Once the OAT user has successfully elicited the password, attack modules from subsequent tabs can be used for launching UC attacks against valid, registered Lync and OCS users.

Download OAT Now!

OAT News

April 2011:
OAT v3.0 Now Available for Download!

OAT v3.0 is now available! The following features are new in version 3.0:

  • Lync Support
  • Improved speed of the online dictionary attack
  • Fixed issues with play spam audio for call walking
  • Minor graphical enhancements
  • New Active Directory Options

September 2009:
OAT v2.0 presented and released at FRHACK 01!

Sipera VIPER Lab (Abhijeet Hatekar) has released and demonstrated OAT v2.0 in International IT Security Conference FRHACK 01 held at Besancon in September 2009!

OAT is the first security assessment tool for Office Communication Server R1/R2

VIPER Lab created OAT because OCS and other Microsoft products are frequently being used as part of a unified communications infrastructure in many enterprises. Our mission is to help IT manager and security practitioners evaluate the security architecture of their deployments and ensure that their mission-critical communications and systems are protected.

OAT Modes

Internal Network Attack Mode

Internal network is a deployment scenario where OCS users have unfiltered network connectivity to the OCS server and domain controller.

In this typical network scenario, OAT allows to launch attacks like:

  • Online Dictionary Attack
  • Domain User Enumeration
  • Presence Stealing
  • Contact List Stealing
  • Domain IM Flood
  • Communicator Call DoS
  • Domain Call Walk

External Network Attack Mode

External Network Attack Mode simulates the real world attack scenario in which an attacker is outside of the corporate IP network. An attacker sourced from outside of the firewall can not directly query the DC unless they know its hostname.

Once the Dictionary attack is successful against target user, OAT functions like a legitimate OCS client, registering itself with Office Communication Server. Once registered, OAT queries for the contact list of target user and uses this information to create a victim target list. This information is useful for the next attack phase.

In this typical network scenario, OAT allows to launch attacks like:

  • Online Dictionary Attack
  • Domain User Enumeration
  • Presence Stealing
  • Contact List Stealing
  • Domain IM Flood
  • Communicator Call DoS
  • Domain Call Walk

The main difference between Internal and External Deployments usage is that OAT can attack all available UC users when used from Internal network while it gets limited to users from contact list when otherwise used from an External network.