Threat Modelling
Building cyber resiliency and emulation capabilities through threat modelling.
Threat Modelling Overview
Threat modelling is a systematic approach to identifying, prioritizing, and addressing potential security threats across the organization. By simulating possible attack scenarios and assessing the existing vulnerabilities of the organization’s interconnected systems and applications, threat modelling enables organizations to develop proactive security measures and make informed decisions about resource allocation.
Questions:
What is a weakness or flaw in a system, application, or process that can be exploited by a threat?
vulnerability
Based on the provided high-level methodology, what is the process of developing diagrams to visualize the organization’s architecture and dependencies?
Asset Identification
What diagram describes and analyses potential threats against a system or application?
attack tree
Modelling with MITRE ATT&CK
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a comprehensive, globally accessible knowledge base of cyber adversary behavior and tactics. Developed by the MITRE Corporation, it is a valuable resource for organizations to understand the different stages of cyber attacks and develop effective defenses.
Questions:
What is the technique ID of “Exploit Public-Facing Application”?
T1190
Under what tactic does this technique belong?
Initial Access
Mapping with ATT&CK Navigator
The MITRE ATT&CK Navigator is an open-source, web-based tool that helps visualize and navigate the complex landscape of the MITRE ATT&CK Framework. It allows security teams to create custom matrices by selecting relevant tactics and techniques that apply to their specific environment or threat scenario.
Questions:
How many MITRE ATT&CK techniques are attributed to APT33?
31
Upon applying the IaaS platform filter, how many techniques are under the Discovery tactic?
13
DREAD Framework
The DREAD framework is a risk assessment model developed by Microsoft to evaluate and prioritize security threats and vulnerabilities.
Questions:
What DREAD component assesses the potential harm from successfully exploiting a vulnerability?
Damage
What DREAD component evaluates how others can easily find and identify the vulnerability?
Discoverability
Which DREAD component considers the number of impacted users when a vulnerability is exploited?
Affected Users
STRIDE Framework
The STRIDE framework is a threat modelling methodology also developed by Microsoft, which helps identify and categorize potential security threats in software development and system design.
Questions:
What foundational information security concept does the STRIDE framework build upon?
CIA Triad
What policy does Information Disclosure violate?
Confidentiality
Which STRIDE component involves unauthorized modification or manipulation of data?
Tampering
Which STRIDE component refers to the disruption of the system’s availability?
Denial of Service
Provide the flag for the simulated threat modelling exercise.
THM{m0d3ll1ng_w1th_STR1D3}
PASTA Framework
PASTA, or Process for Attack Simulation and Threat Analysis, is a structured, risk-centric threat modelling framework designed to help organizations identify and evaluate security threats and vulnerabilities within their systems, applications, or infrastructure. PASTA provides a systematic, seven-step process that enables security teams to understand potential attack scenarios better, assess the likelihood and impact of threats, and prioritize remediation efforts accordingly.
Questions:
In which step of the framework do you break down the system into its components?
Decompose the Application
During which step of the PASTA framework do you simulate potential attack scenarios?
Analyse the Attacks
In which step of the PASTA framework do you create an inventory of assets?
Define the Technical Scope
Provide the flag for the simulated threat modelling exercise.
THM{c00k1ng_thr34ts_w_P4ST4}
