Death Star Threat Modeling (Part I)
I had the opportunity to deliver a presentation to the employees of The Denim Group, one of my favorite Microsoft security partners, based in San Antonio, Texas. One of the consultants on staff is a really smart guy by the name of Kevin Williams (whose also happens to be a former USAF Information Warfare guru….he’s got cred). Kevin is currently finishing up his MS degree in Information Security. He wrote a very interesting graduate thesis “ Exploiting AutoRun: Threats, Vulnerabilities and Countermeasures of the AutoRun Functionality Associated with Portable Data Storage Devices ” which is a good read (and should prompt you to disable AutoRun on all of your systems.)
Kevin is a great speaker and delivered a great presentation at HOPE7 this year. The topic is on Threat Modeling which is a great topic, but also very hard to understand, if you’ve never done it before. Kevin uses the greatest movie of all time “Star Wars” to demonstrate the concepts of Threat Modeling. Purely Brilliant!
Death Star Threat Modeling (Part 1)
You should also check out the Microsoft Threat Analysis & Modeling tool as well! Really nice tool to help you do your TM thing!