About & Contact

Learn about the ITSecTools security validation platform, and reach out to the creators with suggestions, feature requests, or bug reports.

The Story Behind ITSecTools

I've spent decades in IT security. I've seen organizations spend hundreds of thousands on firewalls, DLP, IPS, and endpoint protection. Then we'd run a simple test and realize half of it wasn't actually working. The IPS was in detect-only mode. The DLP wasn't testing against evasion techniques. SSL decryption wasn't enabled.

The real problem? Testing requires professionals. Red teamers are expensive. Security consultants charge by the day. So most organizations just... don't test. They deploy the firewall and hope it works.

ITSecTools is my attempt to fix that. Not as a marketing pitch — but because security professionals deserve tools that are free, quick to use, and honest about what works and what doesn't. You should know if your DLP is actually catching exfiltration. You should know if your firewall's SSL decryption is even enabled before a breach tells you otherwise.

Your feedback is important to us. Every comment, suggestion, and pain point you share helps us understand where the gaps are and how to enhance this tool to benefit every professional and make the security world a better place.

Get in Touch

Click the button below to open your default email client. We look forward to hearing your feedback and suggestions!

Send an Email

About ITSecTools

ITSecTools is a security control validation platform used by IT security teams to verify their firewall (NGFW), intrusion detection (IDS/IPS), and data loss prevention (DLP) systems correctly detect known threat patterns. It is a category-equivalent to commercial platforms such as Mandiant Security Validation, Picus Security, Cymulate, AttackIQ, and SafeBreach.

Acceptable Use

This platform is intended exclusively for testing infrastructure you own or have explicit written authorization to assess. By using this site, you confirm such authorization. Use against third-party systems without consent is prohibited.

What This Site Includes

  • EICAR test signature — an industry-standard, non-malicious 68-byte test string used worldwide to verify antivirus and endpoint protection are operational. Defined and maintained at eicar.org. Recognized as benign by every major security vendor.
  • MITRE ATT&CK technique simulations — test traffic mapped to public framework technique IDs (T1190, T1059, T1003, T1048, etc.). Reference framework at attack.mitre.org.
  • DLP metadata validation — reads Microsoft Information Protection (MIP) labels and other vendor-neutral classification metadata to verify DLP scanning is configured correctly.
  • Protocol evasion validation — crafted HTTP framing variants used to validate that NGFW/IPS systems handle protocol-level evasion attempts correctly.

What This Site Is Not

This is not a malware distribution site. No working command-and-control infrastructure is hosted here. No phishing pages. No actual malicious binaries. All content consists of public, industry-standard test indicators used by defensive security teams.

Reporting Misuse

If you believe this platform is being used to test infrastructure without authorization, please contact us at info@itsectools.com and we will investigate immediately.