Overview
Explore the advanced Stage IV of PASTA, the world's only risk-centric threat modeling methodology, in this 49-minute LASCON conference talk. Discover how threat intelligence and threat data play a crucial role in building highly contextualized threat models for applications. Learn the process of incorporating threat data (such as firewall alerts, WAF alerts, and EDR alerts) and threat intelligence (including threat advisories on embedded libraries, active threat campaigns, and exploits in the wild reports) to substantiate attack patterns and threat objectives. Understand how organizational incidents can shape the development of a robust threat library in threat modeling. Gain insights into creating a credible threat library and leveraging it to develop a tactical blueprint for effective exploit testing and penetration testing.
Syllabus
Tony UV - PASTA Threat Modeling & Leveraging IR, Threat Intelligence as Means for Tactical Pen Test
Taught by
LASCON