DCNTTM<p>DC's Next Top Threat Model is back for <span class="h-card" translate="no"><a href="https://defcon.social/@defcon" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>defcon</span></a></span> 33!! Visit <a href="https://threatmodel.us" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">threatmodel.us</span><span class="invisible"></span></a> for more details.</p><p><a href="https://defcon.social/tags/DEFCON" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DEFCON</span></a> <a href="https://defcon.social/tags/DEFCON33" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DEFCON33</span></a> <a href="https://defcon.social/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a> <a href="https://defcon.social/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a> <a href="https://defcon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
245active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#threatmodeling
0 posts · 0 participants · 0 posts today
Tanya Janca | SheHacksPurple :verified: :verified:<p>With 25+ presentations to choose from, I cover everything from <a href="https://infosec.exchange/tags/securecoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securecoding</span></a> and <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a> to AI risks and <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a>—always with humor, clarity, and actionable takeaways.</p><p>💡 These aren’t just talks—they’re lessons your team will remember.</p><p><a href="https://twp.ai/9PSP09" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">twp.ai/9PSP09</span><span class="invisible"></span></a></p><p>2/3</p>
Paco Hope #resist<p>I just saw <a href="https://docs.diniscruz.ai/2025/05/29/advancing-threat-modeling-with-semantic-knowledge-graphs.html" rel="nofollow noopener" target="_blank">this paper by Dinis Cruz</a> on <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> with <a href="https://infosec.exchange/tags/LLMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLMs</span></a>. I've been thinking along these lines for a while, but he's written it down completely and cogently. I agree with a lot of what I have read so far (Haven't finished it yet)</p><p>Edit: <span class="h-card" translate="no"><a href="https://fediscience.org/@WiseWoman" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>WiseWoman</span></a></span> called my attention to the fact that Dinis lists "ChatGPT Deep Research" as a co-author(?). Sigh. No wonder this text passed the sniff test. It's so full of chatbot output he gave the chatbot co-author credit.</p><p>Ah well. Some of it is right. But now the inconsistencies make sense.</p><p><a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Adam Shostack :donor: :rebelverified:<p>Nice list of things to listen for from <span class="h-card" translate="no"><a href="https://infosec.exchange/@kaoudis" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kaoudis</span></a></span> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a> but more broad. <a href="https://infosec.exchange/tags/tmcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tmcon</span></a></p>
OWASP Foundation<p>🔐 Get Ready for OWASP Global AppSec USA 2025! 🔐</p><p>This event is built for everyone in the CyberSec community, whether you want to expand your skills or discover new solutions, this is the event for you.</p><p>🎟️ Register now: <a href="https://owasp.glueup.com/event/131624/register/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.glueup.com/event/131624/</span><span class="invisible">register/</span></a></p><p><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/AppSecUSA2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSecUSA2025</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/ApplicationSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ApplicationSecurity</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/WashingtonDCEvents" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WashingtonDCEvents</span></a> <a href="https://infosec.exchange/tags/SecureByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecureByDesign</span></a></p>
BSides Boulder<p>⚡ Attackers are more regularly targeting industrial control systems (ICS) on Operational Technology (OT), which have led to devistating real world consequences 😵 </p><p>Trace attack paths in ICS with Gilberto "Gil" Garcia's <a href="https://infosec.exchange/tags/BSidesBoulder25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesBoulder25</span></a> talk "Attack Path Modeling for Securing ICS/OT Systems"! Attendees will learn how to visualize adversary movements, focus on crown jewels, and turn free tools and threat intel into actionable defense strategies through understanding attacker workflows. <br>Garcia's session will also delve into frameworks, modeling techniques, and the integration of intelligence-driven security measures to strengthen ICS/OT resilience - because in critical infrastructure, guesswork isn’t a good option! 🛠️🔌 <a href="https://infosec.exchange/tags/BSides" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSides</span></a> <a href="https://infosec.exchange/tags/BSidesBoulder" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesBoulder</span></a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/OTSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTSecurity</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a></p><p>Tickets are available for purchase for our 13 June event here: <a href="https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eventbrite.com/e/bsides-boulde</span><span class="invisible">r-2025-registration-1290129274389</span></a></p>
Adam Shostack :donor: :rebelverified:<p>My <a href="https://infosec.exchange/tags/Appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Appsec</span></a> roundup for April is live. No blow by blow masto post this time because i have to head to the airport soon for <a href="https://infosec.exchange/tags/rsac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rsac</span></a> </p><p>Lots of <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a>, important improvements to <a href="https://infosec.exchange/tags/llm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>llm</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> and more</p><p><a href="https://shostack.org/blog/appsec-roundup-april/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">shostack.org/blog/appsec-round</span><span class="invisible">up-april/</span></a></p>
Gary McGraw<p>Making automated Threat Modeling better with applied ML. A recorded webinar that I participate in yesterday.<br><a href="https://sigmoid.social/tags/MLsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MLsec</span></a> <a href="https://sigmoid.social/tags/ML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ML</span></a> <a href="https://sigmoid.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://sigmoid.social/tags/swsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swsec</span></a> <a href="https://sigmoid.social/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a> <a href="https://sigmoid.social/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a> </p><p><a href="https://www.youtube.com/playlist?list=PLpo8W6wt_WV-haEOL-nWyz5TKhJOJ5Gao" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/playlist?list=PLpo</span><span class="invisible">8W6wt_WV-haEOL-nWyz5TKhJOJ5Gao</span></a></p>
9x0rg<p>Hi <span class="h-card" translate="no"><a href="https://mastodon.social/@elizayer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>elizayer</span></a></span>,</p><p>Here's a good write-up about <a href="https://mamot.fr/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> by <span class="h-card" translate="no"><a href="https://mastodon.neat.computer/@privacyguides" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>privacyguides</span></a></span>: </p><p><a href="https://www.privacyguides.org/en/basics/threat-modeling/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">privacyguides.org/en/basics/th</span><span class="invisible">reat-modeling/</span></a></p><p>Also, these are the VPN they recommended - and why:</p><p>**VPN Services**<br><a href="https://www.privacyguides.org/en/vpn/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">privacyguides.org/en/vpn/</span><span class="invisible"></span></a></p><p>[Spoiler: NordVPN is **not** on the list, for good reasons]</p><p>Hope this helps.<br> <span class="h-card" translate="no"><a href="https://mastodon.publicinterest.town/@krusynth" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>krusynth</span></a></span></p>
Kelly Shortridge<p>so many <a href="https://hachyderm.io/tags/threat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threat</span></a> modeling workflows are uncivilized, creaky, positively antediluvian. </p><p><a href="https://hachyderm.io/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a> should be modern, configured as code, a creative, collaborative romp to reify a defensive strategy that outmaneuvers attackers.</p><p>thus, this yule, my deciduous.app co-conspirator <span class="h-card" translate="no"><a href="https://hachyderm.io/@rpetrich" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>rpetrich</span></a></span> and I bear a gift: Deciduous-VS, a <a href="https://hachyderm.io/tags/VSCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VSCode</span></a> extension to build and visualize decision trees within your IDE 🎄 (== local dev for classified/regulated envs, too)</p><p>learn more in my post: <a href="https://kellyshortridge.com/blog/posts/deciduous-for-vscode-local-decision-tree-editing/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">kellyshortridge.com/blog/posts</span><span class="invisible">/deciduous-for-vscode-local-decision-tree-editing/</span></a></p>
tuxwise<p>(14/N) Having familiarized ourselves with categories of adversaries, their main goals and their respective, overall "modus operandi", let's look at the types of threats posed by them.</p><p>Again, it pays to focus on <em>types</em> of threats: We don't want to become mainly alert-triggered, but proactive. There are several frameworks we can borrow ideas from, most notably the LINDDUN framework that is geared toward threats to privacy, and can be extended a bit to cover more ground.</p><p>First, our list of threat types:</p><ul><li><a href="https://mastodon.de/tags/Linking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linking</span></a> (spotting connections and relationships)</li><li><a href="https://mastodon.de/tags/Identifying" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Identifying</span></a> (mapping to identities)</li><li>Undesirable <a href="https://mastodon.de/tags/NonRepudiation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NonRepudiation</span></a> or <a href="https://mastodon.de/tags/repudiation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>repudiation</span></a></li><li><a href="https://mastodon.de/tags/Detecting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Detecting</span></a> (absence or presence of indicators)</li><li>Data <a href="https://mastodon.de/tags/disclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>disclosure</span></a> (to the unauthorized)</li><li>Manufacturing cooperation (disguised or imposed bad consequences)</li><li><a href="https://mastodon.de/tags/Obstructing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Obstructing</span></a> (access, information, resources)</li><li><a href="https://mastodon.de/tags/NonCompliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NonCompliance</span></a></li><li><a href="https://mastodon.de/tags/Interfering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Interfering</span></a> (with information, resources, processes, interactions)</li></ul><p>Our definitions of these, for our context:</p><p><strong>Linking</strong></p><p>An adversary can figure out connections and relationships between formerly isolated items of interest.</p><p><strong>Identifiying</strong></p><p>An adversary can link items of interest directly to a natural person.</p><p>(to be continued)</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p>LINDDUN:<br><a href="https://linddun.org/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">linddun.org/</span><span class="invisible"></span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>4D</span></a></p>
tuxwise<p>(13/N) The sixth, and last, category of adversaries:</p><p><strong>“They”</strong></p><p>“They” want to define boundaries and acceptable behavior for the masses, as well as monitor compliance on a large scale, and enforce it on an individual level.</p><p>As a consequence, permanent mass <a href="https://mastodon.de/tags/surveillance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>surveillance</span></a> of all types of assets is a means of monitoring the compliance of the majority, and of detecting deviant behavior. Legalizing more and more monitoring options becomes a goal, including international partnerships on information exchange. Depriving you of your assets, temporarily or permanently, is a means of enforcing your compliance or obedience. The mere threat of this can be sufficient to create a <a href="https://mastodon.de/tags/ChillingEffect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChillingEffect</span></a>.</p><p>State-sponsored actors (such as hacker groups) and nation-state threat actors (in the form of intelligence services, law enforcement, censorship offices, and other <a href="https://mastodon.de/tags/government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>government</span></a> agencies) fall into this category. It also includes <a href="https://mastodon.de/tags/companies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>companies</span></a> that have either a monopoly, or a significant share of an oligopolistic market, or portfolio of services specifically targeted at the public sector.</p><p>While the entities in this category may seem wildly heterogeneous at first, remember that there are <a href="https://mastodon.de/tags/RevolvingDoors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RevolvingDoors</span></a> between them, for swapping their respective “ex” members. Beyond lobbying, there is also a complex, ongoing collaboration between many of them, which has been described as “grey intelligence”, “grey policing”, “public-private partnership”, etc.</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>4D</span></a></p>
Jonathan Kamens 86 47<p>On a list I'm on, someone asks for advice protecting a small trans support org worried about e.g. keeping their membership list safe.<br>Several people respond, "Talk to company <x>, they help non-profits secure infra."<br>I look at <x>. Its flagship product automates managing security controls in apps like Google Workspace and Slack.<br>I'm like, this isn't going to help when the subpoenas start flying. Y'all need to change your threat model.<br><a href="https://federate.social/tags/smdh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smdh</span></a> <a href="https://federate.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://federate.social/tags/threatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatModeling</span></a> <a href="https://federate.social/tags/politics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>politics</span></a> <a href="https://federate.social/tags/USPol" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USPol</span></a></p>
tuxwise<p>(2/N) The "<a href="https://mastodon.de/tags/ThreatModelingManifesto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModelingManifesto</span></a>" is a great framework for businesses and organizations. Applying it to a more private context becomes easier for me when I make its key questions more personal:</p><ol><li>What are you working on?</li><li>What can go wrong?</li><li>What are you going to do about it?</li><li>Did you do a good enough job?</li></ol><p>Next two posts will cover my answers to 1).</p><p><a href="https://www.threatmodelingmanifesto.org/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">threatmodelingmanifesto.org/</span><span class="invisible"></span></a></p><p>Note: Essentially, the <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>4D</span></a>s are my answers to 3).</p><p><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>4D</span></a></p>
shellsharks<p>What methodology is your "go to” when conducting a <a href="https://shellsharks.social/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a> exercise? For infosec folks, do you or your team use a specific methodology for threat modeling systems at your respective org?</p>
Neil Madden<p>So, what tools are people using for <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a> ? I tend to just use OmniGraffle or some other vector editor for DFDs and then pair that with just a text file of notes. (Or, often, just do it on a whiteboard and take a photo, but that’s less good when evolving a model over time).</p><p>Things I’m aware of:</p><ul><li><p>OWASP Threat Dragon: kinda nice, but always seems hugely buggy whenever I try it and fairly poor UX IMO.</p></li><li><p>OWASP PyTM: looks pretty neat, but not played with it myself.</p></li><li><p>Threagile: I am deeply suspicious of security tooling that generates 100+ page PDFs off a small YAML file. Smells like a bullshit generator to me. Am I wrong?</p></li></ul><p><a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Sooraj Sathyanarayanan<p>📚 Just completed the 'Basics of Personal Threat Modeling' course by <span class="h-card" translate="no"><a href="https://mastodon.neat.computer/@privacyguides" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>privacyguides</span></a></span> 🛡️ </p><p>Threat modeling is crucial because it helps identify and prioritize the most probable security and privacy risks. It enables focused resource allocation, tailored defenses, and heightened awareness.</p><p>Check it out: <a href="https://learn.privacyguides.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">learn.privacyguides.org</span><span class="invisible"></span></a> </p><p><a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://mastodon.social/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.social/tags/cybersecurityawareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurityawareness</span></a> <a href="https://mastodon.social/tags/opsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opsec</span></a></p>
Dmitry Borodaenko<p>I recently saw a conversation between two people I respect that ended poorly. This being a social platform, shortage of mutual understanding is not surprising. Most of the time, I just back away slowly, but this time, the topic is important enough, and I think I can see a framing that can help make conversations about it less antagonistic.</p><p>The topic is <a href="https://mastodon.social/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> around <a href="https://mastodon.social/tags/TikTok" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TikTok</span></a>.</p><p>If you don't know what threat modeling is, start here: <a href="https://circle.lt/post/20190405-social-networks-hygiene/#threat-model" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">circle.lt/post/20190405-social</span><span class="invisible">-networks-hygiene/#threat-model</span></a> 1/</p>
Joakim Uddholm 🇸🇪🇩🇪<p>The threat modeling tool I've been posting about for the past year, is finally available as a public repo 🎉</p><p><a href="https://github.com/klarna-incubator/gram" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/klarna-incubator/gr</span><span class="invisible">am</span></a></p><p>It is currently in a beta state, which it will probably be for some time, but it has the essentials now to get started.</p><p><a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/threatmodelling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodelling</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a></p>
Chris Wysopal<p>Ready to strut your cybersecurity skills on the virtual runway? Let's see who can outsmart the defenses and sashay their way to the title of ultimate threat modeling superstar. Are you up for the challenge? Walk that firewall and show us your fiercest vulnerabilities!</p><p>Registration for DEFCON’s Next Top Threat Model @defcon is NOW OPEN! </p><p><a href="https://threatmodel.us/register/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">threatmodel.us/register/</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/DEFCON" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DEFCON</span></a> <a href="https://infosec.exchange/tags/DEFCON31" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DEFCON31</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/threat_modeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threat_modeling</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/DCNTTM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DCNTTM</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload