Threat Modelling

• What is a weakness or flaw in a system, application, or process that can be exploited by a threat?

vulnerability

• Based on the provided high-level methodology, what is the process of developing diagrams to visualise the organisation's architecture and dependencies?

Asset Identification

• What diagram describes and analyses potential threats against a system or application?

attack tree

• What is the technique ID of "Exploit Public-Facing Application"?

T1190

• Under what tactic does this technique belong?

Initial Access

• How many MITRE ATT&CK techniques are attributed to APT33?

31

• Upon applying the IaaS platform filter, how many techniques are under the Discovery tactic?

13

• What DREAD component assesses the potential harm from successfully exploiting a vulnerability?

Damage

• What DREAD component evaluates how others can easily find and identify the vulnerability?

Discoverability

• Which DREAD component considers the number of impacted users when a vulnerability is exploited?

Affected Users

• What foundational information security concept does the STRIDE framework build upon?

CIA Triad

• What policy does Information Disclosure violate?

Confidentiality

• Which STRIDE component involves unauthorised modification or manipulation of data?

Tampering

• Which STRIDE component refers to the disruption of the system's availability?

Denial of Service

• Provide the flag for the simulated threat modelling exercise.

THM{m0d3ll1ng_w1th_STR1D3}

• In which step of the framework do you break down the system into its components?

Decompose the Application

• During which step of the PASTA framework do you simulate potential attack scenarios?

Analyse the Attacks

• In which step of the PASTA framework do you create an inventory of assets?

Define the Technical Scope

• Provide the flag for the simulated threat modelling exercise.

THM{c00k1ng_thr34ts_w_P4ST4}