Keep Up With Attacks!

Original post by @BrookShoenfield

In order to model well, we have to understand how attacks get started and how they proceed. Otherwise, how do we figure out “What can go wrong?”

For many new to the sport of threat models, compiling a reasonably comprehensive set of potential attacks can be daunting, at best, overwhelming for many.

Personally, I spend a fair amount of time just keeping up, even though I’ve been modelling for more than two decades.

Well, the following article I picked up out of my TL;DR cyber newsletter might help:

Let’s Talk About SaaS Attack Techniques (11 minute read)

An article from Push providing an overview of modern SaaS attacks. The attacks are broken down into a MITRE ATT&CK style matrix. The article concludes with a discussion on the observability of these attacks.

Original post by @joshdub

What I like about this article you shared is that the list of potential attacks is not large. For whatever reason, it’s of a manageable size. Due to the seemingly infinite amount of cyber attacks to consider when threat modeling, I’ve always wondered how to find the ones to truly consider.

John Taylor and I have talked ad nauseam about a way to use interesting MITRE ATT&CK Groups that are active in a specific industry and use their TTPs as a source for narrowing down the scope.

I agree with your first statement, but I understand the struggle to sift through the endless potential attacks to consider.

Do you have any thoughts or insight to this?