Session Video
Notable logs from the chat during the session
• Spoofing • Tampering • Repudiation • Information disclosure • Denial of service • Elevation of privilege.
Didar Gelici : Adam Shostack - Threat Modeling
James Bore :https://agilestationery.co.uk/products/elevation-of-privilege-game
Session Contents
Threat modelling workshop applying various methodologies: STRIDE, LINDDUN, Attack Trees, and PnG, to a MSP organisation and its key system
This is the first section of a four-part exercise:
Part 1 - THIS SESSION Setting the scene to the further sessions. We will understand what is the company profile and the architecture of the company Threats and threat modeling of the company plus PNG (persona nan grata) profile
Part 2 - Incident Response Planning) - We will run through the scenario with a small group of people who will get the roles of key stakeholders at the actual incident response session (which will be the next part)
Part 3 - Incident Scenario Exercise - Actual exercise - 5 hours with breakout rooms for different groups of stakeholders. Run in sprints Information to be revealed throughout the exercise and groups work on their response
Part 4 - Post-mortem for the Part 3