Positive Technologies — Information Security, Compliance Management, Consulting. MaxPatrol Compliance and Vulnerability Management System.

Home

Contacts

Russian

General Information

Key Features

Overview

Vulnerability Management

Compliance Management

Inventory and Change Management

Security Measurement

System Architecture

Scalability

Security

Why Positive Technologies?

Penetration testing

PCI DSS Pentest

Web application security assessment

Wireless network security assessment

ERP and DBMS security assessment

Technical standards development

Downloads

All software in this section is published on the conditions "as is". Positive Technologies does not support these software products and shall have no guarantees about their work. Nevertheless, it is quite useful and well-tested tools that are no doubt useful for some users.

Network utility to check entries in DNS and WINS name servers.

The utility detects potentially dangerous entries in databases of DNS and WINS services. It also scans local network to detect hosts with dangerous NetBIOS names. If system administrators and security administrators regularly use the utility, this allows them to control potentially dangerous entries in name servers and hosts with dangerous NetBIOS names in the local network.

Detailed information could be found in the article by Sergey Rublev and at SecurityLab.

Download.

Tool to detect vulnerabilities described in MS08-065, MS08-067 and MS09-001 security bulletins.

The tool allows system administrators quickly and easily detect vulnerable systems and install appropriate updates to protect agains network worms such as Kido/Conficker/Downadup. The utility does not need administration privileges and works in penetration testing mode.

Detailed information.

Download here.

Wep0ff fake access point tool.

Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients. It uses combination of fragmentation and evil twin attacks to generate traffic which can be used for KoreK-style WEP-key recovery. This tool can be used to mount fake access point attack against WEP-based wireless clients.

Download here.

PTmsHORP

Utility for protecting application from "Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass" threat.

Detailed information.

Download here.

Pentest tools

Set of old tools to detect vulnerable systems:

Utility for testing host for Microsoft® WINS vulnerability (04-045).

Utility for testing host for Microsoft® WebDAV XML DoS vulnerability (04-030).

Utility for checking critical vulnerability in Microsoft® RPCSS Service (MS03-039).

Utility for checking important vulnerability in Microsoft® IIS 5.0/5.1 (DoS attack via WebDAV, MS03-018).

Utility for checking critical vulnerability in Microsoft® Windows® ntdll.dll (MS03-007).

Download here.