Skip to main content

Thread Modelling Cheatsheet: Know Your Weaknesses Before Attackers Do!


Threat Modelling Part - 1

What is Threat Modelling?

    Threat modelling is the process of identifying, assessing, and mitigating potential security threats before they happen. It helps teams anticipate how systems can be attacked and build defences proactively, not reactively.

Key Concepts
Threat: Something (like a hacker or malware) that could exploit a weakness.
Vulnerability: A flaw in your system that can be exploited.
Risk: The chance that a threat will exploit a vulnerability to cause damage.

Analogy:

  • Threat = Burglar

  • Vulnerability = Unlocked door

  • Risk = Getting robbed because the door is open in a bad neighborhood

 Threat Modelling Process (High-Level)

  1. Define the Scope – What systems/apps are you evaluating?

  2. Identify Assets – What needs protection? (e.g. data, services)

  3. Identify Threats – Think like an attacker. What could go wrong?

  4. Analyze Vulnerabilities – What weaknesses exist?

  5. Prioritize Risks – What's most likely and damaging?

  6. Design Countermeasures – Apply fixes and mitigations

  7. Monitor & Improve – Track effectiveness, adjust over time

 Who's Involved?

  • Security Team: Leads threat modelling

  • Developers: Build secure code from day one

  • IT/Infra Team: Understands systems and networks

  • GRC: Aligns with policies & compliance

  • Business Stakeholders: Provide asset value/risk appetite

  • End Users: Offer real-world usage insight

 Bonus: Attack Trees

An attack tree visually maps how an attacker can reach a goal (like accessing sensitive data).
Each path is a step-by-step plan they could follow. Think of it as a "hacker's to-do list"!





Enhance with MITRE ATT&CK

Map your identified threats to real-world attacker behaviors using MITRE ATT&CK.
It helps in:

  • Visualizing attack paths

  • Prioritizing fixes

  • Understanding threat actors

  • Improving detection & defense

Summary

Threat modelling = Proactive security. Know your assets, threats, and weaknesses. Then fix them before they’re exploited.

 Stay tuned for upcoming posts on MITRE,STRIDE, DREAD, and more threat modelling frameworks!


Comments

Post a Comment

Popular posts from this blog

MSRPC (Microsoft Remote Procedure Call) Pentesting - Port 135

  It is also known as a function call or a subroutine call. Default ports are 135, 593. Enumeration nmap --script msrpc-enum -p 135 <target-ip> RPC Endpoints To enumerate RPC endpoints, use impacket-rpcdump. impacket-rpcdump -port 135 <target-ip> | grep -E 'MS-EFSRPC|MS-RPRN|MS-PAR' MS-EFSRPC: It might be vulnerable to PetitPotam. MS-RPRN, MS-PAR: It might be vulnerable to PrintNightmare. Metasploit msfconsole msf> use auxiliary/scanner/dcerpc/endpoint_mapper msf> use auxiliary/scanner/dcerpc/hidden msf> use auxiliary/scanner/dcerpc/management msf> use auxiliary/scanner/dcerpc/tcp_dcerpc_auditor Connect # Anonymous logon rpcclient -N -U "" <target-ip> rpcclient -N -U "" -p 593 <target-ip> rpcclient -N -U "" dc.example.local # Specify username # -W: Workgroup # -N: No password rpcclient -U username <target-ip> rpcclient -W WORKGROUP -U username <target-ip> rpcclient -U username -N <target-ip...
Post a Comment
Read more

SMTP (Simple Mail Transfer Protocol) Pentesting - Port 25

 SMTP (Simple Mail Transfer Protocol) is a communication protocol for electronic mail transmission.it is used for sending e-mail. POP3 or IMAP are used for receiving e-mail. Default ports are 25 (SMTP), 465 (SMTPS), 587 (SMTPS)   Connect We can use Telnet to connect to the remote server. Here is a command using Telnet: telnet example.com 25 Enumeration Identifying a SMTP Server You can use Nmap to check if there's an Telnet server on a target host like this: nmap -p25,465,587 -sV -Pn target.com Additional Nmap commands for enumeration nmap --script smtp-brute -p 25,465,587 "target-ip" nmap --script smtp-commands -p 25,465,587 "target-ip" nmap --script smtp-enum-users -p 25,465,587 "target-ip" nmap --script smtp-ntlm-info --script-args smtp-ntlm-info.domain=example.com -p 25,465,587 "target-ip" nmap --script smtp-vuln-cve2011-1764 -p 25,465,587 "target-ip" nmap --script smtp-* -p 25,465,587 "target-ip" Enumer...
Post a Comment
Read more