Threat Modeling - O365 SaaS Provider

When (day):
1st - Monday
At:
15:00 - 16:00
Watch
Zoom link will be available very soon



Session Video

Notable logs from the chat during the session

• Spoofing • Tampering • Repudiation • Information disclosure • Denial of service • Elevation of privilege.
Didar Gelici : Adam Shostack - Threat Modeling James Bore :https://agilestationery.co.uk/products/elevation-of-privilege-game

Session Contents

Threat modelling workshop applying various methodologies: STRIDE, LINDDUN, Attack Trees, and PnG, to a MSP organisation and its key system

This is the first section of a four-part exercise:

  • Part 1 - THIS SESSION Setting the scene to the further sessions. We will understand what is the company profile and the architecture of the company Threats and threat modeling of the company plus PNG (persona nan grata) profile

  • Part 2 - Incident Response Planning) - We will run through the scenario with a small group of people who will get the roles of key stakeholders at the actual incident response session (which will be the next part)

  • Part 3 - Incident Scenario Exercise - Actual exercise - 5 hours with breakout rooms for different groups of stakeholders. Run in sprints Information to be revealed throughout the exercise and groups work on their response

  • Part 4 - Post-mortem for the Part 3

Session Materials

Session Contents