2. Who am i
• Mchatta Kharim
• CEO at HACK IT Consultancy
• Half a decade of experience in
cybersecurity and digital forensics
• My experience revolves around
various industries including financial
institutions, education institution,
government institutions, non-profit
organizations, telecommunication,
research institutes, publication
institutes etc
Kenya
• Public Speaking
• Training
• CTF Competition
• Mentor
Tanzania
• Public Speaking
• Training
• CTF Competition
• Digital Forensics
• Penetration Testing
• Curriculum Creation
• Public Speaking
Egypt
• Public Speaking
• Public Speaking
Morocco
Rwanda
• Public Speaking
Nigeria
• Penetration testing
Ghana
• Penetration testing
• Public speaking
South Africa
• Penetration testing
Benin
Uganda
• Public Speaking
Experience in Africa
3. Experience in USA & Europe
• Penetration Testing US Department
of Defense
United States of America
UK
• Author at eForensics
Magazine
• Author at PenTest
Magazine
• Penetration testing
( Research Institute)
Poland
Germany
• Subject Matter Expert
(DW Swahili)
4. CYBERSECURITY IN DIGITAL
TRANSFORMATION
Todays talk will be around:
What is threat Modelling
- Business Perspective (Blue teaming)
- Attackers Perspective (Red teaming)
Key takeaway of threat modelling
Reasons why we threat model
5. THREAT MODELLING
Definitions:
What is threat modelling
a. The business perspective (Blue teaming perspective)
b. The Attackers perspective (Red teaming perspective)
In threat modelling there are two perspective that people need to understand
depending on the occupation that you are in
9. THREAT MODELLING
(REALWORLD SCENARIO)
Application A Application B
Internal Web Server Third party Web Server
Milk company Tea company
From the two companies who is going to spend a lot of resources to secure their
application, and why?
10. THREAT MODELLING
(ATTACKER’S PERSPECTIVE)
Threat modelling from a business perspective is the process of
ASSETS ATTACKERS
Firewall
Server
Credentials
Admin Panel
Hidden Directories
Databases Hackers
11. THREAT MODELLING
(ATTACKER’S PERSPECTIVE)
Threat modelling helps attackers identify shortest route to the end goal
THREAT MODELLING
1. Understand your target - Understand your target business model and what are
their assets
2. What are your objective - identify what is your end goal, is it to see what less
privileged users can do in the system etc
3. List of tasks to do - You must have a checklist of things that you want must
do
4. Attack vectors to cover What attack vectors are going to be used is is
authentication, non authentication, Social Eng. etc
5. Hinderance of attack vector what is going to make your attacks not to be successful,
is it firewalls, filtering mechanisms, IDPS, scripting
disabled, enumeration disabled, changing of
administrative url etc
Mmmhh!!! I
guess this threat
modelling staff
isn’t bad after all
12. THREAT MODELLING
(ATTACKER’S PERSPECTIVE)
This is one of the ways on which an attacker would approach their target.
Rookie
Website
Access
Admin Panel
Credentials
Password guessing
Authentication Attacks
Check for technology used
Check if there is existence of WAF
Check for filtering mechanism
Hidden Directories
Look for misconfiguration
Backup files, Config files etc
Non - Authentication Attacks
13. THREAT MODELLING
(OUTCOME FROM BUSINESS)
a. Identifying assets owned by the company
b. What threats are the assets exposed to
c. Helps to identify which assets need more emphasis on security
d. Increase asset security
Business Outcome of threat modelling
14. THREAT MODELLING
(OUTCOME FROM BUSINESS)
Attackers Outcome of threat modelling
a. Find the shortest route to the target
b. Efficiency and precise in their attacks
c. Saves time for the attacker
15. “If you don’t invest in cybersecurity, you will be dead”
Stephen Kwame – MD of SIC Insurance
CYBERSECURITY IN DIGITAL
TRANSFORMATION