Microsoft Attack Surface Analyzer

Discuss anything related to portable freeware here.
Post Reply
Message
Author
undine
Posts: 4
Joined: Tue Jun 30, 2009 4:33 pm

Microsoft Attack Surface Analyzer

#1 Post by undine »

http://www.ilovefreesoftware.com/23/pro ... lyzer.html

I thought this might interest some on this forum. It sounds like it might be useful.

User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:

Re: Microsoft Attack Surface Analyzer

#2 Post by m^(2) »

Interesting, thanks.

thepiney
Posts: 161
Joined: Wed Aug 31, 2011 11:57 am

Re: Microsoft Attack Surface Analyzer

#3 Post by thepiney »

I got a TechNet email announcing version 2.0.

https://www.microsoft.com/security/blog ... er&MC=Open

Open source and available at GitHub --->

https://github.com/Microsoft/AttackSurfaceAnalyzer

From the GitHub site-->
Installation

Attack Surface Analyzer runs on Windows, Linux, and MacOS, and is built using .NET Core. It has both a command-line interface and ElectronNET GUI option available. Neither version currently has an installer.
I kinda wonder how this stacks up against the other programs you guys use to check installers, although much of it is beyond me.

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Microsoft Attack Surface Analyzer

#4 Post by webfork »

thepiney wrote: Thu May 23, 2019 1:10 pm I kinda wonder how this stacks up against the other programs you guys use to check installers, although much of it is beyond me.
Most of what we do is try to either circumvent or avoid installers altogether so I didn't think this would be particularly valuable. However, reading through some of the functions aligns a great deal with some of the testing we do and honestly I've been slipping on. For example, some of the dedicated testers before me were more thorough about analysis of admin requirements, stealth, and if the software phones home. This program appears to do that and more.

Good suggestion, thanks.

Post Reply