Jump to content
Sign in to follow this  
The AchieVer

Microsoft releases new version of Attack Surface Analyzer utility

Recommended Posts

The AchieVer

Microsoft releases new version of Attack Surface Analyzer utility

New Attack Surface Analyzer 2.0 works on Windows, but also Mac and Linux.

 

Seven years after releasing version 1.0, Microsoft has published version 2.0 of its Attack Surface Analyzer utility, a tool that logs the changes made to a Windows OS during the installation of third-party applications.

 

Released at the end of April, Attack Surface Analyzer 2.0 marks the end of a long development cycle during which Microsoft engineers rewrote the utility using .NET Core and Electron, two cross-platform technologies; meaning the tool now also runs on macOS and Linux, besides Windows.

 

Over the last seven years, the tool has had an essential role in the daily work of system administrators and malware hunters. Its ability to track changes made to an operating system's configuration helped many professionals identify potential security risks and flag suspicious apps before they got any chance of doing serious damage.

 

Furthermore, the tool was also popular with app developers, especially in the testing phase, helping many app makers identify and patch buggy code that could have ended up in crashing end-users systems.

WHERE TO DOWNLOAD

The new Attack Surface Analyzer 2.0 is now available on GitHub, where Microsoft has open-sourced the code and opened the development process to any contributors.

 

Fans of the old Attack Surface Analyzer 1.0 release can still get the older version -- now known as the "classic" version -- from Microsoft's main download center.

HOW TO USE THE NEW TOOL

 

The new Attack Surface Analyzer 2.0 is pretty straightforward to use. The entire tool is just two sections -- one for scanning a system, and one for displaying the results.

 

The scan section supports two types of scans, a static scan, and a live monitoring mode.

 

Static scans can be used to detect changes made between a before and after state. Users are supposed to scan a system before installing an app, and after the app's installation. This will produce a report showing the changes between the two states.

 

The second scan mode is called Live Monitoring, and as the name suggests, records changes made to a Windows OS in real time.

Attack Surface Analyzer 2.0 Scan tab

Attack Surface Analyzer 2.0 Scan tab

Image: Microsoft

The Results section lists changes made to various key areas of a Windows OS, such as:

  • File System
  • Network Ports (listeners)
  • System Services
  • System Certificate Stores
  • Windows Registry
  • User Accounts
Attack Surface Analyzer 2.0 Results tab

Attack Surface Analyzer 2.0 Results tab

Image: Microsoft

Besides the Electron-based GUI app, Microsoft engineers have also released an improved CLI tool that can be used as part of automated toolchains.

 

Attack Surface Analyzer 2.0 CLI

Attack Surface Analyzer 2.0 CLI

 

 

 

 

Source

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...