Let's Go Threat Modelling Activity Diagram

Hi all, especially those who’ve just attended TestBash X Bucks or TestBash UK.

A few people asked about whether they could get a copy of the diagram used in the activity… so here it is!

I’d be interested to hear what attacks you can think of. I’ve got one to get you started. I’ll play The Glutton and do a denial of service attack on the system by trying to log in over and over as the windows account used by the services so that it gets locked and the services can no longer run.

(this is a different diagram to the one used in the 99 minute workshop)


That’s fantastic. A much simpler model to use for a workshop. :clap::+1:


I’d play The Fisherman and phish a bunch of session tokens so I can spam the app from thousands of different users in regards to my discontent with a particular airline about being bumped from my last flight.