Threat Modelling

This guide contains the answer and steps necessary to get to them for the Threat Modelling room.

Table of contents

• Threat Modelling Overview
• Modelling with MITRE ATT&CK
• Mapping with ATT&CK Navigator
• DREAD Framework
• STRIDE Framework
• PASTA Framework

Threat Modelling Overview

1. What is a weakness or flaw in a system, application, or process that can be exploited by a threat?

   The answer can be found in the text.

   Click for answer

   Vulnerability

2. Based on the provided high-level methodology, what is the process of developing diagrams to visualise the organisation's architecture and dependencies?

   The answer can be found in the text.

   Click for answer

   Asset identification

3. What diagram describes and analyses potential threats against a system or application?

   The answer can be found in the text.

   Click for answer

   Attack tree

Modelling with MITRE ATT&CK

1. What is the technique ID of "Exploit Public-Facing Application"?

   After opening the link to the "Exploit Public Facing Applications" technique, we can see the number in the details pane.

   

   Click for answer

   T1190

2. Under what tactic does this technique belong?

   On the same page, we can find which tactis this technique belongs to.

   Click for answer

   Initial Access

Mapping with ATT&CK Navigator

1. How many MITRE ATT&CK techniques are attributed to APT33?

   After creating a new enterprise layer, use the search function to search for APT33. Then select all techniques associated with them. You can also click view to go the the MITRE page about this group. However, new techinques may have been added which gives a wrong total. Instead look at the amount of selected techniques in the top bar.

   

   Click for answer

   31

2. Upon applying the IaaS platform filter, how many techniques are under the Discovery tactic?

   Close the search field and open the filter field. Here deselect everything except for IaaS. Now we can see how many techniques are left under the Discovery Technique.

   

   Click for answer

   13

DREAD Framework

1. What DREAD component assesses the potential harm from successfully exploiting a vulnerability?

   The answer can be found in the text.

   Click for answer

   Damage

2. What DREAD component evaluates how others can easily find and identify the vulnerability?

   The answer can be found in the text.

   Click for answer

   Discoverability

3. Which DREAD component considers the number of impacted users when a vulnerability is exploited?

   The answer can be found in the text.

   Click for answer

   Affected Users

STRIDE Framework

1. What foundational information security concept does the STRIDE framework build upon?

   The answer can be found in the text.

   Click for answer

   CIA Triad

2. What policy does Information Disclosure violate?

   The answer can be found in the text.

   Click for answer

   Confidentiality

3. Which STRIDE component involves unauthorised modification or manipulation of data?

   The answer can be found in the text.

   Click for answer

   Tampering

4. Which STRIDE component refers to the disruption of the system's availability?

   The answer can be found in the text.

   Click for answer

   Denial of Service

5. Provide the flag for the simulated threat modelling exercise.

   After opening the site, we click on the door to begin.

   

   After going through all required departments (skipping the CEO room and cafeteria), we need to answer some questions for the report.

   Most of the answers can be found in the text above.

   

   

   

   

   If we answered everything correctly, we are given the flag!

   

   Click for answer

   THM{m0d3ll1ng_w1th_STR1D3}

PASTA Framework

1. In which step of the framework do you break down the system into its components?

   The answer can be found in the text.

   Click for answer

   Decompose the application

2. During which step of thePASTAframework do you simulate potential attack scenarios?

   The answer can be found in the text.

   Click for answer

   Analyse the attacks

3. In which step of thePASTAframework do you create an inventory of assets?

   The answer can be found in the text.

   Click for answer

   Define the Technical Scope

4. Provide the flag for the simulated threat modelling exercise.

   After opening the site we are given a task.

   

   For this we need to head to the Strategic Planning room.

   

   For this we need to head to the System Architecture room.

   

   For this we need to head to the Software Development room.

   

   For this we need to head to the Information Security room.

   

   For this we need to head to the Strategic Planning room.

   After going through all required departments (skipping the CEO room and cafeteria), we need to answer some questions for the report.

   Pay close attention to what has been said by the departments.

   

   

   

   

   

   

   

   If we answered everything correctly, we are given the flag!

   

   Click for answer

   THM{c00k1ng_thr34ts_w_P4ST4}