Adversarial Thinking
Systematic identification and mitigation of potential threats through structured modeling. "Think like the enemy to defeat the enemy."
STRIDE Methodology
Spoofing
Impersonating something or someone else.
Mitigation: Authentication
Tampering
Modifying data or code.
Mitigation: Integrity Checks
Repudiation
Claiming to have not performed an action.
Mitigation: Non-Repudiation logs
Information Disclosure
Exposing information to unauthorized users.
Mitigation: Confidentiality / Encryption
Denial of Service
Denying or degrading service to users.
Mitigation: Availability / Redundancy
Elevation of Privilege
Gaining capabilities without authorization.
Mitigation: Authorization
DREAD Scoring
Damage Potential
How bad would an attack be?
Reproducibility
How easy is it to reproduce the attack?
Exploitability
How much work is it to launch the attack?
Affected Users
How many people will be impacted?
Discoverability
How easy is the vulnerability to find?
SCORE = (D + R + E + A + D) / 5
Advanced Frameworks
PASTA
Process for Attack Simulation and Threat Analysis
Risk-centric threat modeling framework that aligns technical requirements with business objectives.
Attack Trees
Tree-based Analysis
Hierarchical diagrams showing how an asset can be attacked.
Kill Chain
Cyber Kill Chain®
Mapping the stages of a cyber attack from reconnaissance to actions on objectives.