#threatmodelling

Privacy Guides

@privacyguides.mastodon.neat.computer.ap.brid.gy

1 day ago

Everyone have different needs and face different dangers when their personal data gets exposed. To give actionable privacy advice, it's essential to consider each person's unique situation.

👤 Learn more on how to evaluate each person's threat model.

🧰 Check our Privacy Activist Toolbox tip to […]

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

2 weeks ago

A couple of interesting links on SD-WAN security:

* https://www.mplify.net/wp-content/uploads/MEF_88.pdf - securing application flows in SD-WAN solutions (vendor neutral)
* https://arxiv.org/pdf/1811.04583 - focusses on orchestration, management and control (iterates through all the various […]

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

1 month ago

Another day, another threat model. Credit card company wants to know what they should be on the lookout for by way of discovery, lateral movement and c2 and exfiltration from their micro-segmentation solution as easy wins..

#threatmodelling

ReconBee

@reconbee.bsky.social

1 month ago

LINDDUN Framework Explained: A Simple Guide to Privacy Threat Modeling YouTube video by ReconBee

In this video, we explain how LINDDUN works, its privacy threat categories, and how it helps organizations safeguard sensitive data and comply with regulations.

watch now: youtu.be/kBWga9f5ev8?...

#LINDDUN #LINDDUNframework #framework #cybersecurity #threatmodelling

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

2 months ago

Cisco Launches Global Threat Modeling Security Assessment Service for Threat-Informed Defense In an era of increasingly sophisticated cyber-attacks, organizations are under pressure to align their security postures with real-world adversary behavior. To meet this growing demand, Cisco has launched a globally available Threat Modeling Security Assessment service, delivered through Customer Experience’s professional services arm. Designed for security-conscious customers seeking a more structured and threat-informed approach to cyber security, the service offers a practical way to understand, priorities, and defend against the threats that matter most to them. ## Threat Modeling, Reimagined for the Real World Cisco’s service is grounded in industry-accepted threat-centric frameworks, including STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) and MITRE ATT&CK’s TTPs (Tactics, Techniques and Procedures), giving customers a structured and evidence-based lens through which to assess risk. Originally built to support threat-led penetration testing frameworks such as the UK’s CBEST program which takes a threat-led approach to financial resiliency, the service has matured into a comprehensive approach that enables organizations and their security teams to map adversary behavior directly to the systems that impact confidentiality, integrity and availability and which in turn, have the biggest impact on revenue generation and cost management. Whether you are operating critical telecoms infrastructure, managing banking and other financial data, or running transport and industrial services, the assessment identifies how threat actors would target those assets – so you can plan accordingly. **How Threat-Informed Frameworks Are Affecting Critical Sectors Today** ## Threat-Led, Data-Driven, and Expert-Informed One of the core differentiators of Cisco’s offering is how it analyses the threat landscape through both geographic and industry-specific lenses, powered by the MITRE ATT&CK framework. This ensures assessments are relevant, rather than theoretical, considering the common threats seen across similar types of organization and regions. The service also includes custom analytics to predict each asset’s “place in the kill chain”. This analysis is based on a combination of factors including: * The asset’s location within your network * The type of technology and its configuration * Known vulnerabilities (CVE, KEV etc.) and other weaknesses that have historically affected the asset * How the asset is used and administered in your organization By understanding where an asset sits in an attacker’s kill chain and what it protects, processes or stores, organizations can better prioritize defenses and anticipate likely attack paths. ## Consider How the Global Threat Landscape Can Affect Your Organization Perhaps most importantly, customers get access to Cisco experts with deep experience in ATT&CK’s TTPs and vulnerability research. This expertise ensures that the analysis is not only comprehensive but also operationally realistic, supporting meaningful and defensible security decisions. ## From Theory to Practice: Real-World Use Cases Threat modeling is not just an academic exercise – it is a foundational capability that every organization should be using, to inform the decisions they make so as better prepare for the threat landscape they inhabit. Cisco’s Threat Modeling Security Assessment helps organizations turn intelligence into action. Common use cases include: * Defining Threat Intelligence requirements for a service provider: Instead of drowning in data, organizations can define specific intelligence priorities based on adversaries most likely to target their organization. * Enabling defensive practices for a bank: By understanding which techniques adversaries use to exploit software flaws, development and engineering teams can build with specific attack paths in mind – bringing security to the start of the project lifecycle. * Aligning Architectural Reviews to control needs for a retailer: Security architecture reviews are often generic. With threat modeling, reviews become contextual, aligned to the tactics, techniques, and procedures (TTPs) that are most relevant. * Improving Detection Engineering for an airport: By mapping threats to assets and identifying attack paths, detection engineers can create more targeted and effective rules and playbooks. This service acts as a bridging function. Taking abstract vertical-specific components that your organization relies upon and translating them into software and hardware artifacts and associated data that threat actors might seek to target. ## Designed for Resilience, Driven by Organizational Requirements Cisco’s Threat Modeling Security Assessment is more than a technical exercise – it is a strategic capability for organizations that want to align cyber security efforts with organizational objectives and operational resilience needs. Whether you are regulated, security-mature, or just beginning to formalize your threat-informed defense, this service provides the insight and structure to make every part of your security program more effective. In today’s threat landscape, resilience depends on understanding how your adversaries operate as well as understanding your own environment. Cisco’s new service offers that clarity – reducing the gap between intelligence, architecture, and operations. For organizations serious about defending what matters most, Cisco’s Threat Modeling Security Assessment is a powerful step towards a more threat-informed future.

Occasionally, I get to do interesting, impactful things. Here's where I built a service and took it GA at Cisco-scale:

blogs.cisco.com/customerexperience/cisco...

#threatmodelling

CyberTaters

@potato.software

2 months ago

baby's first (and second and third) potatosecurity webinar #threatmodelling www.youtube.com/playlist?lis...

katalyst

@katalyst.bsky.social

2 months ago

CRAcademy - YouTube

baby's first (and second and third) cybersecurity webinar #threatmodelling www.youtube.com/playlist?lis...

ReconBee

@reconbee.bsky.social

3 months ago

LINDDUN Framework Explained: A Simple Guide to Privacy Threat Modeling YouTube video by ReconBee

In this video, we explain how LINDDUN works, its privacy threat categories, and how it helps organizations safeguard sensitive data and comply with regulations.

watch now: youtu.be/kBWga9f5ev8?...

#linddun #lindunnframework #Framework #threatmodelling #cybersecurity

Maikel Mardjan

@nocomplexity.bsky.social

3 months ago

#Threatmodelling is identifying and analysing potential security threats and vulnerabilities in a system, application, or network.

To mitigate potential security risks with a balanced budget, security threat modelling is critical.
Use the (free) SAST for #Python nocomplexity.com/codeaudit/

#owasp

ReconBee

@reconbee.bsky.social

4 months ago

STRIDE Threat Modeling Framework - A Complete Guide the STRIDE Threat Modeling Framework - A Complete Guide provides a robust, systematic approach for identifying, analyzing, and addressing

In this article, we will explore the STRIDE methodology, going through each component and its advantages

read more: reconbee.com/stride-threa...

#STRIDE #stridemethodology #strideframework #threatmodelling #framework #CyberSecurity

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

4 months ago

GitHub - timb-machine/attack-ti: Vertical and geographic extracts from MITRE ATT&CK Vertical and geographic extracts from MITRE ATT&CK; - timb-machine/attack-ti

Running threat-crank to update https://github.com/timb-machine/attack-ti with v18 data.

#threatmodelling

Bill

@sempf.infosec.exchange.ap.brid.gy

5 months ago

Bruce Schneier has a few words about Digital Threat Modeling Under Authoritarianism.

www.schneier.com/blog/archives/2025/09/di...

#threatmodelling #uspol

Agile Testing Days | Nov. 24 - 27, 2025

@agiletdzone.bsky.social

8 months ago

banner promoting the Agile Testing Days Workshop by Giancarlo Cordero Ortiz, showing his picture and the title: "Threat Modelling Workshop for QA heroes".

QA folks: you already have the tools to shine in Threat Modelling.
Giancarlo’s workshop will help you connect quality & security where it matters most.

Real cases. Real outcomes. Real fun. 🛡️
tinyurl.com/bdh2uh5a ◀️

#QA #ThreatModelling #AgileTestingDays

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

10 months ago

GitHub - timb-machine/attack-ti: Vertical and geographic extracts from MITRE ATT&CK Vertical and geographic extracts from MITRE ATT&CK; - timb-machine/attack-ti

Running threat-crank to update https://github.com/timb-machine/attack-ti with v16 and v17 data.

#threatmodelling

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

11 months ago

Someone asked me to compare and contrast ATT&CK and FiGHT matrices...

> It's probably wise to consider their respective scopes. ATT&CK describes threats that affect typical enterprise networks whereas FiGHT is dedicated to the equipment that can be found in a typical mobile carrier. This […]

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

1 year ago

Car thought: Isn't AD a browse up architecture? Also, does the team even make real sense given that both the client and server can be both victim and attacker in most scenarios...

#threatmodelling

Claus Cramon Houmann

@claushoumann.mastodon.social.ap.brid.gy

1 year ago

So @trailofbits released a new threat modelling framework. I really like that, as all of the old existing 'reference' frameworks are so hard to apply in a way that brings any or much value to the process. Or I'm too dumb to do it :P.

Very exciting […]

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

1 year ago

I think this is the 4th time I've typed something into a generative AI bot intentionally, but our jobs are still safe...

The generative AI links a AV:N, PR:N vulnerability to file and directory discovery, rather than any of the more obvious techniques under reconnaissance or initial access […]

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

1 year ago

A threat model that includes only PROTECT (apply a secure SDLC, patch regularly, harden etc) is incomplete. More needs to be done by way of DETECT, RESPOND and RECOVER functionality because bugs are going to bug, password2025 is still a thing etc.

#threatmodelling

The DefendOps Diaries

@defendopsdiaries.bsky.social

1 year ago

How to Use Secure Coding Practices in Agile Development | The DefendOps Diaries Integrate secure coding in Agile to protect apps from vulnerabilities while maintaining development speed and efficiency.

How to Use Secure Coding Practices in Agile Development

thedefendopsdiaries.com/how-to-use-s...

#securecoding
#agiledevelopment
#cybersecurity
#devsecops
#softwaresecurity
#agilemethodology
#securitypractices
#codingstandards
#securityautomation
#threatmodelling

Alec Muffett

@alecmuffett.bsky.social

1 year ago

Tony Blair calls for roll out of digital ID | “…put all your eggs in one basket, it makes it easier to lose them all and for the government to surveil you…” Imagine that all your health information was in one place: easy, with your permission, for anyone anywhere in the health service to see. That your passport, driving licence, anything you need to pr…

Tony Blair calls for roll out of digital ID | “…put all your eggs in one basket, it makes it easier to lose them all and for the government to surveil you…”
https://alecmuffett.com/article/110762
#IdCards #ThreatModelling #TonyBlair

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

1 year ago

Today's awkward question: "So that key management server is for the mainframe backups, where is *it* backed up?", "Well..."

#threatmodelling, #ransomwareondemand

Chris (stof) Langton

@0x73746f66.bsky.social

1 year ago

If your #vulnerability scanners keep finding the same issues in different places, you're treating symptoms instead of causes

Modern #AppSec requires systemic fixes, not endless patching

Evolve product security with #ThreatModelling and report on outcomes rather than #vulns

#VEX #DevSecOps #SecOps

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

1 year ago

Today's achievement: Completed threat model and attack graph for software defined network.

Scope: Management plane, network fabric, wireless infrastructure and endpoints.

#threatmodelling

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

1 year ago

Mapping my threat model onto the SIEM logs. Which ones are directly useful, which ones can be used for correlation?

You can hazard a good guess from the source types and index names. Next job is to validate assumptions with SOC.

#threatmodelling, #detectionengineering

Tim (Wadhwa-)Brown :donor:

@timb-machine.infosec.exchange.ap.brid.gy

1 year ago

This link from '22 gives some ideas on how different threat catalogues/dictionaries can work together:

x.com/timb_machine/status/1565...

#threatmodelling