Login
Get Started

Threat Modelling

“Know thy self, know thy enemy. A thousand battles, a thousand victories.” – Sun Tzu “Prevention is better than cure.” In essence, these two quotes summarise threat modelling. Threat modelling allows us to understand how threat actors can attack our systems, and how we can pre-empt said threat actors whilst a system is still in the midst of the design phase. In this first course on threat modelling, we begin with an introduction to threat modelling principles, as well as well-known methodologies such as STRIDE-LM, MITRE ATT&CK Framework and PASTA. We will have hands-on sessions using a threat modelling tool like the OWASP Threat Dragon, and multiple group exercises on both on-premise and cloud environments. For differentiated learning, the course is packaged in a two-track fashion. There will be a base set of exercises and chapters that will be covered in in-class time. For the faster students, “Extra Mile” exercises will be provided for them to stretch themselves outside class time. We will also discuss more advanced topics such as attack tree analysis, threat models in LLMs, and the choice of other threat models to be covered in class can be flexible, e.g. LINDDUN, and more modern hybrid threat models such as hTMM.

1. Learn threat modelling principles

Threat modelling principles include the Threat Modelling Manifesto, understanding how to build teams to perform threat modelling exercises, and think from multiple perspectives how systems can go wrong, and how said systems can be set right.

2. Translate systems into data flow diagrams (DFDs)

Often, in threat modelling exercises, different stakeholders present different views of an architectural diagram. But what matters to cybersecurity practitioners is where said crown jewels are (data in the IT space, process in the OT space). The course describes how to quickly identify crown jewels, and transform various diagrams into DFDs for threat modelling.

3. Threat model using various methodologies (at a minimum, STRIDE-LM, MITRE ATT&CK, PASTA)

There are multiple methods for threat modelling methodologies. One of the most common is STRIDE-LM, coupled with MITRE ATT&CK to describe the threats an attacker would try to execute to compromise security objectives. But there are other methods such as PASTA, LINDDUN and in 2018, hTMM. We will go through some methodologies in class with multiple interactive exercises.

4. Propose risk mitigations and come up with risk registers.

After enumerating threats, it is possible to treat said threats with a variety of risk mitigation methods. We will look at these from a security control perspective, introducing concepts such as MITRE D3FEND and best practices from standards such as NIST to treat risks, before documenting them in a risk register.

5. Understand how attack trees work, and build attack trees contextualised to industry

A threat alone does not necessarily lead to a compromise of the crown jewels. Often, an attacker needs to laterally move and complete enough objectives in a chain to be able to reach crown jewels. Attack tree analysis allows for a visual representation of the threats that need to be mitigated with priority due to them being part of the critical path of attack. This course introduces you to attack trees and encourages you to think like an attacker to construct attack trees relevant to your industry.

6. Be exposed to modern technologies and threat models for said technologies (e.g. LLMs)

Many applications incorporate technologies such as WebSockets, and LLM chatbots. There are specific threats to be identified with such modern technologies, such as OWASP's Top 10 Guide to LLMs. This class will go through a brief introduction on some modern technologies and how threat models can be created for said technologies and refine how these technologies can be implemented securely.

30 years of technical experience to give you better results.

Contact Us

Copyrights © 2024 All Rights Reserved by LeetProtect

Chat Icon