This page is the primary resource for MSI's free tools for the security community. Here you can download our free software and find out more information about our ongoing and historic research projects. MSI is committed to giving back to the infosec community that has supported and trusted us for more than 2 decades. We love you guys, and it shows in the work we do!
MSI Simple Phish - a new, free tool that provides a simple, safe and effective mechanism for security teams and administrators to run their own phishing tests inside their organization. They simply install the application on a server or workstation and create a url email/sms/etc. campaign to entice users to visit the site. They can encode the URLs, mask them, or shorten them. To access this tool, fill out the form on this page. Enter your details, email address and "Simple Phish Request" in the request box and a download link will be provided.
The DREAD Calculator - Have you ever wanted a quick and easy way to calculate the risk of a vulnerability or threat condition? Are you a user of Microsoft's DREAD process? Do you want a reliable, mathematical process for determining a score for a given vulnerability but lack the patience to do a full CVSS score?
If any or all of these are true, then check out this new free calculator tool for doing DREAD scores on the fly.
HoneyPoint Security Server Community License - If you are a security team member or researcher and you want to work with HoneyPoint in your lab or at home, we proudly offer a 1 year, Not for Commercial Use license of the full HoneyPoint platform. You can play with Agent, Wasp, Web and the rest of the tools for your own use. If you want to learn, hands on, about HoneyPoint, this is the way to make it happen. Send us an email and we will get the process started and get you enrolled, pro bono, in one of our regularly scheduled training classes. Once you complete the training, we will cut your license key and get you supported through install and configuration. Community licenses can be renewed for additional years at no charge.
The 80/20 Rule for Information Security - MicroSolved has developed the 80/20 Rule for Information Security that proposes the concept that 80% of an organizations' real information security comes from only 20% of the assets and effort put into the program. These key high level security projects will give your organization the most effective information security coverage for the least expenditure of time and resources. You can learn more about the 80/20 rule through the links below:
The Stolen Data Impact Model (SDIM) Project - MSI sponsored and led the SDIM project, ultimately releasing the work under a Creative Commons license. This project is focused on building a methodology and mechanisms to allow organizations to quickly identify the impacts of a loss of confidentially on their data. It provides an easy to use toolset for quickly analyzing, describing and socializing the impacts to the performance and bottom line of the company when data is compromised. You can find more information on the SDIM project page by clicking here.
Monique - MSI has built a cloud-based service for helping security teams and researchers perform quick strings analysis on malware. This community aggregated service can be used to process strings from a piece of unknown code, which are then flagged as unique, known to be associated with good known good software and those known to be associated with malware. The service is FREE to users and is ad supported. The service was developed by MSI and coded by Bill Sempf (@sempf). Monique can be accessed here.