Security Bootcamp

Your attack surface is everything on your machine that can be reached, exploited, or abused by an attacker. Vexifa Cyber Secure maps it into five categories:

• Open ports — services listening for network connections
• Network connections — active outbound and inbound data flows
• Running processes — code currently executing on your CPU
• Installed software — applications with potentially known vulnerabilities
• Credentials — saved passwords that may be weak or compromised

Every entry in each category is a potential entry point. The goal isn't to reduce every category to zero — it's to understand what's there, why it's there, and whether it's necessary.

The risk score (0–100) is a composite that weights findings across all five attack surface categories. It's designed to answer: "How much of a target am I right now?"

Score Ranges

• 0–30: Well-hardened. Only routine maintenance needed.
• 31–60: Average. Some open exposure worth addressing.
• 61–80: Elevated risk. Multiple unpatched CVEs or open high-risk ports likely present.
• 81–100: Critical. Active threats or critical-severity CVEs require immediate attention.

The score is recalculated after every scan. Run a scan before and after completing hardening actions to see the impact numerically.

A CVE (Common Vulnerabilities and Exposures) is a publicly disclosed security flaw in a specific piece of software. Vexifa Cyber Secure compares your installed applications against the NVD database to find CVEs you're currently exposed to.

CVSS Scores Explained

The CVSS score (0.0–10.0) rates severity. Focus on scores 7.0+ first:

• 9.0–10.0 Critical: Remote code execution or full system takeover is likely. Patch or uninstall immediately.
• 7.0–8.9 High: Significant risk. Address within days.
• 4.0–6.9 Medium: Real but limited risk. Address within weeks.
• 0–3.9 Low: Monitor but not urgent.

The Network Connections panel shows every active TCP/UDP connection your machine has established. The Open Ports panel shows services listening for incoming connections.

What to Look For in Connections

• Connections to unfamiliar foreign IPs, especially on unusual ports
• Processes you don't recognize making outbound connections
• Connections to known C2 infrastructure (Vexifa Cyber Secure flags these automatically)
• Unusual volumes of data flowing out during idle time

Port Risk Classification

Each open port is classified as Low / Medium / High / Critical based on the service type and whether it should be exposed. Common high-risk ports on personal machines: 3389 (RDP), 5985/5986 (WinRM), 445 (SMB).

The Process Tree shows every running process with its parent process, executable path, and memory footprint. Most malware tries to hide inside legitimate-looking process names — the tree reveals the lineage that gives it away.

Red Flags in Process Trees

• svchost.exe running from anywhere other than C:\Windows\System32\
• Browser processes spawning cmd.exe or powershell.exe as children
• Word or Excel spawning network-connected child processes
• Processes with no parent (orphaned) or a parent that has already exited
• Two processes with the same name but different executable paths

The Threat Log surfaces events from 7 detection sources. Not every alert is a real threat — effective triage means classifying each one correctly.

Triage Decision Framework

• Dismiss — you recognize and trust the source, and it's expected behavior
• Investigate — you don't recognize it; ask the AI or research the CVE/process
• Quarantine — it's clearly malicious or you can't identify it and need to contain it

False Positive Patterns

Common legitimate processes that trigger alerts on clean machines:

• VPN clients making unusual outbound connections (expected)
• Anti-cheat software in games with elevated privileges (expected)
• Developer tools like Docker opening high-numbered ports (expected)

Hardening is the process of reducing your attack surface by tightening Windows configuration. Vexifa Cyber Secure organizes hardening actions into categories and lets you apply each one with a single click.

High-Impact Hardening Actions

• Disable RDP if you don't use Remote Desktop — it's one of the most exploited entry points
• Enable Windows Firewall inbound rules to block unsolicited traffic on high-risk ports
• Disable SMBv1 — this legacy protocol is still exploited by ransomware like WannaCry
• Enable BitLocker on the system drive for data-at-rest encryption
• Disable AutoRun on all drives to prevent USB-based attacks

Aim for a hardening score of 75%+ for a well-protected baseline. 90%+ for high-value targets or sensitive environments.

The AI Advisor is context-aware — it reads your live threat log, CVE results, and attack surface data before answering. The better your questions, the more useful the answers.

High-Value Prompts

• "What's the single highest-priority action I should take right now based on my scan results?"
• "CVE-2024-XXXX is showing in my report — how likely am I to actually be exploited and what do I do?"
• "Port [X] is open on my machine — should it be and how do I close it if not?"
• "I see [process name] in my process tree — is this legitimate or suspicious?"
• "Walk me through what this behavioral threat alert means in plain English."

Security is not a one-time event. The threat landscape and your machine's state both change continuously. A sustainable hygiene routine:

Weekly

• Run a full attack surface scan
• Triage any new Threat Log entries
• Check the CVE panel for newly published vulnerabilities in your installed software

Monthly

• Review the list of installed applications and uninstall anything unused
• Check open ports and close any you no longer need
• Apply any remaining Medium-severity hardening actions
• Update the CVE database cache manually if auto-sync is disabled

After Any New Install

• Run a scan immediately after installing new software
• Check the CVE panel for vulnerabilities in the new application
• Review process tree additions from the new software