Penetration Testing mailing list archives
Re: MS OCS Security Assessment
From: Jason Ostrom <justiceguy () pobox com>
Date: Thu, 28 Oct 2010 08:51:59 -0500
Hi,Actually OAT is still being maintained by the company in question. All we need from you is information on how to duplicate / verify the problem, and we will fix any potential bugs.
OAT is still an important, valid security tool. Just because the original author left the company, doesn't signify that the tool will no longer be supported by the company, even if it's an open source security tool. Help us help you :-)
Jason O. Francois Yang wrote:
I'm wondering if anyone know of any tools that I can use to do a security assessment for a MS OCS 2007 system using SIP TLS. I've found the tool OAT (OCS Assessment Tool), but I'm getting some errors and the project is not being maintained anymore and the author doesn't work for that company anymore. http://voat.sourceforge.net/ I'm basically looking for some kind of tool that will show management that OCS should not be allowed from the outside in and what kind of damages can be done when it is allowed. anything that would show that once inside someone can download contacts, send spam, dos, etc.... OAT would of done a great job if it worked. Thanks. Frank
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- MS OCS Security Assessment Francois Yang (Oct 26)
- Re: MS OCS Security Assessment Jason Ostrom (Oct 31)