Analyzing System Security with Attack Surface Analyzer (ASA)

When installing or running new software, your operating system’s security configuration can change behind the scenes — new services, registry keys, ports, or even accounts might get added. Tracking all of that manually is nearly impossible.

That’s where Attack Surface Analyzer (ASA) comes in. It’s a Microsoft tool that helps you capture and compare snapshots of your system’s state so you can see what changed before and after an installation. Super handy if you want to harden your system or just understand what software is really doing.

-------------------------------------------------------------------------------------------------------------

Installing Attack Surface Analyzer

Since ASA is built on .NET Core, we first need the .NET SDK:

dotnet --version

If you don’t have it, grab it from the .NET SDK download page.

Step 1 – Install ASA via .NET CLI

Once you’ve got .NET, open your terminal/command prompt and run:

dotnet tool install -g Microsoft.CST.AttackSurfaceAnalyzer.CLI

Step 2 – Verify Installation

After installing, check that ASA works by typing:

asa.exe --help

This will list all available commands.

-------------------------------------------------------------------------------------------------------------

Fixing Installation Issues

When I first tried, I hit an error because NuGet wasn’t set up properly. If the dotnet tool install command doesn’t work for you, here’s the fix:

dotnet nuget add source https://api.nuget.org/v3/index.json --name nuget.org

Then re-run:

dotnet tool install -g Microsoft.CST.AttackSurfaceAnalyzer.CLI

Still stuck? You can always download the binaries directly from the ASA GitHub releases page.

👉 Once installed, the tool gets placed under this folder:

C:\Users\<YourUsername>\.dotnet\tools

So if asa isn’t recognized, just navigate there and run the commands directly.

-------------------------------------------------------------------------------------------------------------

Using ASA – CLI Mode

The core idea is simple: take a snapshot, install or change something, then take another snapshot and compare.

1. Collect a Snapshot

To capture the current system state (baseline):

asa collect -a

This collects info about files, services, users, ports, etc.

2. Compare Snapshots

After making changes (e.g., installing an app), run another collection. Then export and compare:

asa export-collect

3. Explore Options

If you’re curious about all the available commands:

asa.exe --help

-------------------------------------------------------------------------------------------------------------

Using ASA with GUI

If you don’t love CLI, ASA also provides a web-based interface. To launch it:

asa gui

Then open your browser and go to:

http://localhost:5000

You’ll see a dashboard where you can visualize results, compare data, and interact with snapshots more easily.

-------------------------------------------------------------------------------------------------------------

Features Worth Highlighting

• Tracks file system changes

• Monitors services, ports, and firewall rules

• Keeps an eye on user accounts and permissions

• Works across Windows, Linux, and Docker

• Offers both CLI and GUI options

• Supports rule authoring for custom checks

-------------------------------------------------------------------------------------------------------------

Wrapping Up

Attack Surface Analyzer makes it way easier to see what’s going on under the hood of your OS. Whether you’re testing new software, checking for unwanted changes, or just geeking out about system internals, ASA gives you a clear before/after picture.

--------------------------------------------Dean--------------------------------------------------------