Team 2 β YODA: Your Optimal Defense Architects
Threat Modeling Hackathon 2025
Hello from Team 2 β a.k.a. YODA (Your Optimal Defense Architects)!
Weβre proud returning champions from the TMC Hackathon 2024 , and this year we were thrilled to receive a Special Mention during the 2025 awards!
Meet the Team:
- Arron (@A_J) β Our fearless Team Lead
- Fraser Scott (@FraserScott) β Our Jedi Mentor
- Jan Andersen (@hr.janandersen) β The Detail Defender
- Alicia (@alicia) β Documentation Ninja & Confluence Commander
- Jetzable β Sensor Whisperer
- Ivan Smetskoy β The Detail Defender
- Prasanna (@Prasanna) β Master of Visuals
How We Approached It
This image captures our journey through the galaxy of cyber risk during Threat Modeling Hackathon 2025.
We focused on the TMC-Drive, a futuristic Level 5 autonomous EV, and built our threat model with structure, curiosity, and a sprinkle of humor.
We kicked things off by defining a clear scope: the Autonomous Driving Stack β arguably the brain of the vehicle, and definitely the riskiest if compromised.
We dive into several threat modeling methods, and we chose PASTA (Process for Attack Simulation and Threat Analysis). Big shoutout to Tony, the creator of PASTA, for generously sharing insights and guiding us through ForkTM (forktm.com) to address Business centric risks.
But wait, thereβs more β we explored:
- IriusRisk Community Edition for structured modeling
- RTMP (Rapid Threat Model Prototyping), guided by the ever-awesome Geoffrey Hill
(GitHub Docs) - **OpenThreat Model format referred but unfortunately we did not had time to play our hands on, but enjoyed the guidance by our awesome Mentor Fraser Scott.
Alongside that, we deepened our understanding of:
- TARA Threat Analysis and Risk Assessment
- Autonomous Driving Systems & ADAS
- Software-Defined Vehicles
- Limitations of Hardware and security on Autonomous industries
- And of course, the role of AI in modern mobility
Our Stack:
- Threat Modeling Methodology, Framework &Tools: STRIDE, IriusRisk (community edition), LINDUNN, Plot4AI, (PASTA) ForkTM, and RTMP
- Collaboration: Zoom, Slack, Trello, Confluence
- Research Sources: Auto-ISAC, MITRE, OWASP, and way too many late-night blog posts
The Outcomes:
Our Final Submission & Artifacts
Weβd Love to Hear From You!
Have questions, ideas, feedback, or memes?
Weβre all ears (and sensors) β letβs make threat modeling fun and fearless together.
Until next time β
Stay strong/safe, Threat Model hard, and May the Security Be With You.
β Team 2 YODA