Threat modelling for hackers: a hands-on workshop

Presented at May Contain Hackers (MCH2022), July 24, 2022, 10 a.m. (90 minutes)

Systems created by humans may – no *will* – contain flaws. In order to shine a light on these flaws, you can use a technique called threat modelling. We will take a look at different threat modelling methods that empower hackers (and others) to study the architecture of a system. There are hundreds if not thousands of different threat modelling methods that can be used to tease apart the structure of a system in the search for security issues. In this workshop, we will cover the key principles behind these methods and we will provide prototypical worked examples. In order to give you hands-on experience with threat modelling, we will go through an archetypical threat modelling exercise together. We will close the workshop by having you apply these methods to one of your own systems. You will be provided with relevant background material to allow you to integrate threat modelling into your daily activities going forward.

Presenters:

• Arne Padmos
  Arne's travels in the field of information security have crossed areas ranging from usable security to side-channel analysis. He has also taught the various branches that make up security engineering. Currently, Arne's main interest is how the application of risk management and threat modelling can lead to the design, development, and deployment of more secure systems.

Links:

• https://program.mch2022.org/mch2021-2020/talk/P7GM9K/

Similar Presentations:

• DeepSec 2020 „The Masquerade“ / Threat Modeling: The Ultimate "Shift Left" (closed)
• DeepSec 2020 „The Masquerade“ / Old Pareto had a Chart: How to achieve 80% of Threat Modelling Benefits with 20% of the Efforts
• Kawaiicon 2 (2022) Rescheduled / Making threat modelling easy and scalable using STRIDE