🌺
tryhackme notes
  • 🌺TryHackMe Profile Link
  • Learning Paths
    • 🌺CompTIA PenTest+
      • 🍡Intro to Offensive Security
      • 🍡Penetration Testing Tools
        • 🍡Nmap
          • 🍡Nmap Switches
          • 🍡Overview
          • 🍡TCP Connect Scans
          • 🍡SYN Scans
          • 🍡UDP Scans
          • 🍡NULL, FIN, Xmas Scans
          • 🍡Working with the NSE
          • 🍡Practical
        • 🍡Burp Suite
          • 🍡Introduction
          • 🍡Site Map and Issue Definitions
        • 🍡Metasploit
          • 🍡Introduction
          • 🍡Working with Modules
        • 🍡Nessus
          • 🍡Introduction
          • 🍡Scanning!
          • 🍡Scanning a Web Application!
        • 🍡Hydra
          • 🍡Introduction
          • 🍡Using Hydra
      • 🍡Application-based Vulnerabilites
        • 🍡OWASP Top 10
          • 🍡[Severity 1] Command Injection
          • 🍡[Severity 2] Broken Authentication
          • 🍡[Severity 3] Sensitive Data Exposure
          • 🍡[Severity 4] XML External Entity
          • 🍡[Severity 5] Broken Access Control
          • 🍡[Severity 6] Security Misconfiguration
        • 🍡Vulnversity
      • 🍡Local-host Vulnerabilities
      • 🍡Network-based Vulnerabilites
    • 🌺Web Fundamentals
      • 🌺Introduction to Web Hacking
        • 🍡Walking an Application
      • 🌺Pickle Rick
  • Modules
    • 🌺Linux Fundamentals
      • 🍡Linux Fundamentals Part 1
        • 🍡Searching for Files
      • 🍡Linux Fundamentals Part 3
        • 🍡Processes 101
    • 🌺Introduction to Penetration Testing
      • 🍡Pentesting Fundamentals
        • 🍡Penetration Testing Methodologies
          • 🍡Black Box, White Box, Grey Box Penetration Testing
      • 🍡Principals of Security
        • 🍡The CIA Triad
        • 🍡Principles of Privilege
        • 🍡Security Models Continued
        • 🍡Threat Modelling & Incident Response
    • 🌺Introduction to Cyber Security
    • 🌺Pre Security
    • 🌺John the Ripper
  • Rooms
    • 🍡Basic Pentesting
    • 🍡OhSINT
    • 🌸Sakura Room
    • 😼dogcat
Powered by GitBook
On this page
  1. Modules
  2. Introduction to Penetration Testing
  3. Principals of Security

Threat Modelling & Incident Response

Threat modelling is the process of reviewing, improving, and testing security protocols.

Very similar to risk assessment: Reviews > Identification > Preparation > Mitigations

STRIDE framework - Spoofing identity, tampering with data, repudiation threats, information disclosure, denial of service, elevation of privileges

STRIDE framework table

Principle
Description

Spoofing

a malicious party falsly identifying themselves, access keys (API), signatres via encryption aliviate this threat

Tampering

making sure the data stays integrible

Repudiation

logging system activity

Information Disclosure

applications that handle the information of multiple users need to be configured to only show some information

Denial of Service

applications and services use up system resources so they should have measures put into place that abuse of these applications wont bring the entire system down

Elevation of Privilege

worst case scenario with someone being able to escalate their privilege to that of an administrator

CSIRT framework - Computer Security Incident Response Team, prearranged group of employees with technical knowledge about the systems and the incident

CSIRT framework table

Action
Description

Preparation

making sure there are enough resources to deal with the incident

Identification

has the threat and the threat actor been correctly identified

Containment

cant the threat/incident be contained

Eradication

remove the active threat

Recovery

perform a full review of the impacted systems

Lessons Learned

what can be learned from the incident and steps moving forward

PreviousSecurity Models ContinuedNextIntroduction to Cyber Security

Last updated 1 year ago

🌺
🍡
🍡