Microsoft Attack Surface Analyzer 2.0

Attack Surface Analyzer 2.0  

Microsoft Attack Surface Analyzer (ASA) detects system configuration changes resulting from software installations*  

ASA 2.0 is a rewrite Of the original tool available since 2012 that has helped IT professionals for years  

Now available on Windows 10 with cross platform support for Linux and macOS and released in April 2019  

Distributed as Open Source on Github  

 

 

What Are the Risks?  

With Elevated Privileges for Installations - Anything isPossible  

File System	malicious or inadvertent changes can corrupt system files that make up key  functions Of your system or grant access to private data
User Accounts	persistent rogue elevated accounts can grant access to hiJack your system
System Services	background processes may be introduced that perform rogue operations  like capturing sensitive data and even shut down existing key security modules
Network Ports	can expose your system to unknown remote entities
Digital Certificates	determine what remote domains and package signatures are trusted
Registry (Windows only)	controls system startup actions, device drivers, services, and more

이러한 중요한 변화를 관리자가 수동으로 찾기는 어렵다 

 

 

 

<사용방법> 

1. 해당 툴 설치 후 Initial Scan 

2. 개발프로그램 혹은 변경범위를 확인하고 싶은 프로그램 설치 

3. After install  Tool  Scan 

4. 결과확인(Base run, Product run 각각 선택 후 Analysis클릭) 

 

 

테스트 시 files, 레지스트리는 제외 (시간 오래걸림) 

 

 

 

향후 추가될 항목 

드라이버, 방화벽, 네트워크 트래픽(live monitor) 등등 

 

 

https://Github.com/Microsoft/AttackSurfaceAnalyzer  

 

https://github.com/microsoft/AttackSurfaceAnalyzer/releases/tag/v2.0.153%2Bf0d1852d63 

 

2.0 버전에 보면 gui 버전이 있음. 이후 cli버전