Uploaded byKharimMchatta
42 views

Threat Modelling in Penetration Testing | 2021

The document discusses threat modeling in penetration testing from both business and attackers' perspectives, emphasizing the importance of identifying and mitigating potential threats to systems and assets. It provides insights into creating attacker profiles, threat catalogs, and determining where to focus security efforts. The author, Kharim Mchatta, shares personal experiences and methods used in threat modeling within the cybersecurity field.

Embed presentation

THREAT MODELLING IN PENETRATION TESTING
Whoami? ❖ Kharim Mchatta ❖ CEO of HACK IT CONSULTANCY ❖ Cybersecurity professional (Pen tester & Digital Forensics expert) ❖ Founder of H4K-IT (Cybersec community inTZ) ❖ CTF player ❖ Blogger ❖ Author at eForensics and Pentets Magazine ❖ DW Swahili Subject matter expert (cybersecurity)
What is Threat Modelling
Threat Modelling From Business Perspective
Threat Modelling From Business Perspective Hackers PC Servers Applications Firewall Organization PROTECTING Threats Threat Modelling from a business perspective is the process of People Assets Virus/worms
BRUCE WAYNE/BATMAN THREAT MODEL BATMAN’S ASSETS ATTACKERS Batman Cave Alfred Email Cell Phone Police Joker Journalist VECTOR’S Low Risk Med Risk High Risk
BRUCE WAYNE/BATMAN THREAT MODEL BATMAN’S ASSETS ATTACKERS Batman Cave Alfred Email Cell Phone Police Joker Journalist CONTROLS
Threat Modelling From Attackers Perspective
ASSETS ATTACKERS ATTACKERS PERSPECTIVE Hackers Firewall Server Credentials Admin Panel Hidden Directories Databases
Mmmhh!!! I guess this threat modelling staff isn’t bad after all
PERSONAL EXPERIENCE IN THREAT MODELLING AS A NEWBIE Kharim Credentials Internet Firewall WordPress Website Admin Panel Backend Access Request goes through If not malicious access If malicious Access denied Successfully Authenticated
PERSONAL EXPERIENCE IN THREAT MODELLING AS AN EXPERIENCED NEWBIE Kharim Internet Firewall WordPress Website Access Access Check the technologies Used by the application Check for existence Of anyWAF Perform Manual Enumeration Admin Panel If Present Attacker may use Tools for enumeration Enumeration for Credentials If not Present
IMPORTANCE OF THREAT MODELLING Determine where most effort should be applied on the system and assets Internet Banking Bank Website VS
Threat-modelling methods uses include. • To create an abstraction of the system • To create profiles of potential attackers, including their goals and methods • To create a catalogue of potential threats that may arise
THAT’S ALL FOLKS
Author: Kharim Mchatta Contacts Kharimhmchatta@gmail.com kharim.h mchatta KMchatta

More Related Content

PDF
Threat Modelling | 2023
byKharimMchatta
 
PDF
Web app security essentials | 2022
byKharimMchatta
 
PDF
Application penetration testing | 2021
byKharimMchatta
 
PPTX
Threat modeling (Hacker Stories) workshop
byTy Sbano
 
PDF
secure_software_engineering_threat_model.pdf
byAnuragReddy74
 
PDF
Developing a Threat Modeling Mindset
byRobert Hurlbut
 
PDF
Synopsys Security Event Israel Presentation: Value Driven Threat Modeling
bySynopsys Software Integrity Group
 
PDF
Why Is Threat Intelligence the Key to Effective Pentesting and Red Teaming
bySOCRadar
 
Threat Modelling | 2023
byKharimMchatta
 
Web app security essentials | 2022
byKharimMchatta
 
Application penetration testing | 2021
byKharimMchatta
 
Threat modeling (Hacker Stories) workshop
byTy Sbano
 
secure_software_engineering_threat_model.pdf
byAnuragReddy74
 
Developing a Threat Modeling Mindset
byRobert Hurlbut
 
Synopsys Security Event Israel Presentation: Value Driven Threat Modeling
bySynopsys Software Integrity Group
 
Why Is Threat Intelligence the Key to Effective Pentesting and Red Teaming
bySOCRadar
 

Similar to Threat Modelling in Penetration Testing | 2021

PPTX
InOffensive Security_cybersecurity2.pptx
bywihib17507
 
PDF
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
byDevSecCon
 
PDF
Threat Modeling workshop by Robert Hurlbut
byDevSecCon
 
PDF
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
byChris Gates
 
PDF
ch_2_Threat_Modeling_Risk_assessment.pdf
bygajendra903637
 
PPTX
Threat modeling the security of the enterprise
byRafal Los
 
PPTX
The security mindset securing social media integrations and social learning...
byfranco_bb
 
PPTX
Threat Modeling - Locking the Door to Vulnerabilities
bySecurity Innovation
 
PPTX
Threat modelling(system + enterprise)
byabhimanyubhogwan
 
PPTX
Hacking and Penetration Testing - a beginners guide
byPankaj Dubey
 
PDF
Penetration testing must die
bySecurity BSides London
 
PDF
Oredev: An Exploratory Tester's Lessons on Security Threat Modeling
byMaaret Pyhäjärvi
 
PDF
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
byShah Sheikh
 
PDF
Robert Hurlbut - Threat Modeling for Secure Software Design
bycentralohioissa
 
PDF
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
byClubHack
 
PDF
Threat Modeling to Reduce Software Security Risk
bySecurity Innovation
 
InOffensive Security_cybersecurity2.pptx
bywihib17507
 
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
byDevSecCon
 
Threat Modeling workshop by Robert Hurlbut
byDevSecCon
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
byChris Gates
 
ch_2_Threat_Modeling_Risk_assessment.pdf
bygajendra903637
 
Threat modeling the security of the enterprise
byRafal Los
 
The security mindset securing social media integrations and social learning...
byfranco_bb
 
Threat Modeling - Locking the Door to Vulnerabilities
bySecurity Innovation
 
Threat modelling(system + enterprise)
byabhimanyubhogwan
 
Hacking and Penetration Testing - a beginners guide
byPankaj Dubey
 
Penetration testing must die
bySecurity BSides London
 
Oredev: An Exploratory Tester's Lessons on Security Threat Modeling
byMaaret Pyhäjärvi
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
byShah Sheikh
 
Robert Hurlbut - Threat Modeling for Secure Software Design
bycentralohioissa
 
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
byClubHack
 
Threat Modeling to Reduce Software Security Risk
bySecurity Innovation
 

More from KharimMchatta

PDF
Cyber threat in Africa | 2023
byKharimMchatta
 
PDF
AI in Cybersecurity | 2023
byKharimMchatta
 
PDF
Cybersecurity for Beginners | 2021
byKharimMchatta
 
PDF
Importance of cybersecurity in digital transformation | 2023
byKharimMchatta
 
PDF
Cybersecurity in the blue economy | 2022
byKharimMchatta
 
PDF
Commonwealth of Learning cybersecurity training for teachers | 2022
byKharimMchatta
 
PDF
Landing a job in cybersecurity | 2022
byKharimMchatta
 
PDF
Cybersecurity and Digital Forensics | 2022
byKharimMchatta
 
PDF
Enhancing Cyber threat hunting for your team | 2021
byKharimMchatta
 
PDF
Cybercrime's accelerated by covid 19 | 2021
byKharimMchatta
 
PDF
Careers in cybersecurity | 2021
byKharimMchatta
 
Cyber threat in Africa | 2023
byKharimMchatta
 
AI in Cybersecurity | 2023
byKharimMchatta
 
Cybersecurity for Beginners | 2021
byKharimMchatta
 
Importance of cybersecurity in digital transformation | 2023
byKharimMchatta
 
Cybersecurity in the blue economy | 2022
byKharimMchatta
 
Commonwealth of Learning cybersecurity training for teachers | 2022
byKharimMchatta
 
Landing a job in cybersecurity | 2022
byKharimMchatta
 
Cybersecurity and Digital Forensics | 2022
byKharimMchatta
 
Enhancing Cyber threat hunting for your team | 2021
byKharimMchatta
 
Cybercrime's accelerated by covid 19 | 2021
byKharimMchatta
 
Careers in cybersecurity | 2021
byKharimMchatta
 

Recently uploaded

PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PDF
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
PDF
Talaria: A Sound-Driven Music Search Engine for Discovery Beyond Metadata
byShuen-Huei Guan
 
PDF
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
PPT
connectives-linking words in English.ppt
byAmrMohammed82
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
PPTX
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PPTX
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
PPTX
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PPTX
Migrating-Hadoop-to-Databricks-Ebook-FINAL.pptx
byssuserf37fc8
 
PPTX
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
PPTX
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
Talaria: A Sound-Driven Music Search Engine for Discovery Beyond Metadata
byShuen-Huei Guan
 
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
connectives-linking words in English.ppt
byAmrMohammed82
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
Migrating-Hadoop-to-Databricks-Ebook-FINAL.pptx
byssuserf37fc8
 
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 

Threat Modelling in Penetration Testing | 2021