Local Attack Surface
Local Attack Surface shows what is reachable on this PC: open ports, services, drivers, and RPC endpoints compared to a hardened baseline.
What it shows
The Local Attack Surface window enumerates exactly what an attacker on your LAN (or with code-execution on this machine) could reach: listening TCP/UDP ports, exposed Windows services, third-party loaded drivers, RPC endpoints, and any non-baseline software listening for connections.
What you can do here
- See every listening port and the process bound to it
- Spot non-Microsoft drivers and services that widen the attack surface
- Compare against Stealth's hardened baseline and identify drift
- Jump to firewall rules to close ports that should not be open
How it relates to Device Posture
Attack Surface focuses on what is exposed. Device Posture focuses on whether the host hardening is correct (Defender, BitLocker, LSA, SMBv1, UAC, etc.). Together they form a complete security baseline.