Microsoft Attack Surface Analyzer (v2)

If you’re interested to understand what a third party application is doing (or planning to do) when installing on you Windows machine, you might have look here https://github.com/Microsoft/AttackSurfaceAnalyzer. Actually, since the v2 is build with .Net Core and Electron, you can use it on macOS and Linux as well.

Attack Surface Analyzer currently reports on changes to the following operating system components:

  • File system (static snapshot and live monitoring available)
  • User accounts
  • Services
  • Network Ports
  • Certificates
  • Registry (Windows only)

The future plans are also very interesting:

  • Code signing info
  • Drivers (partially covered presently via file system monitoring)
  • Firewall settings
  • Redistributable installations
  • Network traffic (live monitoring)
  • Registry (live monitoring)

Author: Liviu Nastasa

Passionate about software development, sociology, running...definitely a geek.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s