http://www.ilovefreesoftware.com/23/pro ... lyzer.html
I thought this might interest some on this forum. It sounds like it might be useful.
Microsoft Attack Surface Analyzer
Re: Microsoft Attack Surface Analyzer
Interesting, thanks.
Re: Microsoft Attack Surface Analyzer
I got a TechNet email announcing version 2.0.
https://www.microsoft.com/security/blog ... er&MC=Open
Open source and available at GitHub --->
https://github.com/Microsoft/AttackSurfaceAnalyzer
From the GitHub site-->
https://www.microsoft.com/security/blog ... er&MC=Open
Open source and available at GitHub --->
https://github.com/Microsoft/AttackSurfaceAnalyzer
From the GitHub site-->
I kinda wonder how this stacks up against the other programs you guys use to check installers, although much of it is beyond me.Installation
Attack Surface Analyzer runs on Windows, Linux, and MacOS, and is built using .NET Core. It has both a command-line interface and ElectronNET GUI option available. Neither version currently has an installer.
Re: Microsoft Attack Surface Analyzer
Most of what we do is try to either circumvent or avoid installers altogether so I didn't think this would be particularly valuable. However, reading through some of the functions aligns a great deal with some of the testing we do and honestly I've been slipping on. For example, some of the dedicated testers before me were more thorough about analysis of admin requirements, stealth, and if the software phones home. This program appears to do that and more.
Good suggestion, thanks.