Welcome to the
CyberIQs Knowledge Centre

Learning threat mod...
 
Notifications
Clear all

Learning threat modelling


RyanW
(@ryanw)
New Member
Joined: 6 months ago
Posts: 3
Topic starter  

Hi everyone, I just landed in this site looking for resources about threat modelling.

I have been a few years in the industry working as a pen tester and a few months ago I changed roles.My new role is in red teaming and my boss is obsessed with threat modelling.

I am hoping you can help me with two questions I have. I do not have a software dev background is this really important for threat modelling and why is my boss so into TM? The second questions is about where or what resources I can use for threat modelling.Most of the resources I find in internet are related to software and not intrusions which is what I do in my current role. 

Please, can someone help me here?


Quote
Gulam_rab
(@gulam_rab)
New Member
Joined: 10 months ago
Posts: 4
 

Hi Ryan, 

I will try to answer your questions in the same order.

1. You do not need a software dev background for the threat modelling, but it helps. For example if you are modelling threats to internet exposed application in contrast to a corporate intrusion. Keep in mind that a corporate intrusion may also include the exploitation of internally exposed applications in the inner network so it may help. Why does your boss is so obsessed with threat modelling? Have you asked him?

2. There are many resources available for threat modelling. Have a look at the following for resources.

https://github.com › hysnsec › awes...
Web results
hysnsec/awesome-threat-modelling - GitHub

 

 


ReplyQuote
the_eagle
(@the_eagle)
Eminent Member
Joined: 10 months ago
Posts: 28
 

Hey Ryan,

I suspect your boss is interested in showing customers the threat model and TTPs used in your intrusion emulation assuming as you said that your work as a red teamer. Based on my experience customers many times are not able to understand how you managed to get them compromised.Many of them are still looking at vulnerabilities in systems but do not understand the full intrusion cycle and where the gaps are beyond the vulnerable system. As you know an intrusion always involved much more than a vulnerability.

The sort of threat modelling I recommend you is operational threat modelling, if you look in Google you can find specific resources suck as the kill chain concept and Mitre ATT&CK

 

Do you need software dev experience? No, if its operational threat modelling and yes if it is application design.


ReplyQuote
cyberguruz
(@cyberguruz)
New Member
Joined: 9 months ago
Posts: 3
 

The cyber security agency of Singapore recently released a guide to cyber threat modelling that aligns very well with your role and your request.

https://www.csa.gov.sg/-/media/csa/documents/legislation_supplementary_references/guide-to-cyber-threat-modelling.pdf

STRIDE-LM and Mitre ATT&CK 😉

Good luck!

This post was modified 1 month ago by ali16

ReplyQuote
cyberguruz
(@cyberguruz)
New Member
Joined: 9 months ago
Posts: 3
 

Somehow the link above does not seem to work.

I attached a copy to this message.


ReplyQuote
Share: