Welcome to the
CyberIQs Knowledge Centre

Forums
Cyber Topics
Cyber Operations - ...
Learning threat mod...
 
Notifications
Clear all

Learning threat modelling

 
Cyber Operations - Defensive & Offensive
Last Post by cyberguruz 2 years ago
5 Posts
4 Users
0 Likes
682 Views
RSS
RyanW
 RyanW
(@ryanw)
New Member
Joined: 2 years ago
Posts: 3
Topic starter 13/09/2021 11:41 am  

Hi everyone, I just landed in this site looking for resources about threat modelling.

I have been a few years in the industry working as a pen tester and a few months ago I changed roles.My new role is in red teaming and my boss is obsessed with threat modelling.

I am hoping you can help me with two questions I have. I do not have a software dev background is this really important for threat modelling and why is my boss so into TM? The second questions is about where or what resources I can use for threat modelling.Most of the resources I find in internet are related to software and not intrusions which is what I do in my current role. 

Please, can someone help me here?


   
Quote
Topic Tags
threat modelling red team penetration testing
Gulam_rab
 Gulam_rab
(@gulam_rab)
New Member
Joined: 2 years ago
Posts: 4
15/09/2021 7:02 am  

Hi Ryan, 

I will try to answer your questions in the same order.

1. You do not need a software dev background for the threat modelling, but it helps. For example if you are modelling threats to internet exposed application in contrast to a corporate intrusion. Keep in mind that a corporate intrusion may also include the exploitation of internally exposed applications in the inner network so it may help. Why does your boss is so obsessed with threat modelling? Have you asked him?

2. There are many resources available for threat modelling. Have a look at the following for resources.

https://github.com › hysnsec › awes...
Web results
hysnsec/awesome-threat-modelling - GitHub

 

 


   
ReplyQuote
the_eagle
 the_eagle
(@the_eagle)
Eminent Member
Joined: 2 years ago
Posts: 28
15/09/2021 2:19 pm  

Hey Ryan,

I suspect your boss is interested in showing customers the threat model and TTPs used in your intrusion emulation assuming as you said that your work as a red teamer. Based on my experience customers many times are not able to understand how you managed to get them compromised.Many of them are still looking at vulnerabilities in systems but do not understand the full intrusion cycle and where the gaps are beyond the vulnerable system. As you know an intrusion always involved much more than a vulnerability.

The sort of threat modelling I recommend you is operational threat modelling, if you look in Google you can find specific resources suck as the kill chain concept and Mitre ATT&CK

 

Do you need software dev experience? No, if its operational threat modelling and yes if it is application design.


   
ReplyQuote
cyberguruz
 cyberguruz
(@cyberguruz)
New Member
Joined: 2 years ago
Posts: 3
16/09/2021 1:49 pm  

The cyber security agency of Singapore recently released a guide to cyber threat modelling that aligns very well with your role and your request.

https://www.csa.gov.sg/-/media/csa/documents/legislation_supplementary_references/guide-to-cyber-threat-modelling.pdf

STRIDE-LM and Mitre ATT&CK 😉

Good luck!

This post was modified 2 years ago by ali16

   
ReplyQuote
cyberguruz
 cyberguruz
(@cyberguruz)
New Member
Joined: 2 years ago
Posts: 3
16/09/2021 2:10 pm  

Somehow the link above does not seem to work.

I attached a copy to this message.


   
ReplyQuote
Forum Jump:
  Previous Topic
Topic Tags:  threat modelling (1) , red team (1) , penetration testing (1) ,
Share: