Threat Modeling: Spoofing In Depth
55mIntermediate2019-02-27
Authors

Adam Shostack
Consultant, Entrepreneur, Technologist, and Game Designer
Course details
Threat modeling is a framework for thinking about what goes wrong. Security pros and software developers should learn to threat model early in their careers, because it shapes every system they build and defend. Spoofing, pretending to be someone or something you're not, is one of the key threats to systems. This course teaches you many of the ways in which spoofing happens, including spoofing of people, machines, file systems, and processes. As instructor Adam Shostack explains, spoofing entails many factors: what you know, who you are, where you are, who you know, and more. There's spoofing of people and spoofing of roles, spoofing of processes or file spaces on a system, and spoofing of machine, IP, name, and TLS identities. Learning how and where these attacks take place will help you excel in your career and deliver more secure products and services.
Learning objectives
Authentication basics
Attacking different authentication factors
Spoofing a host
Spoofing people
Spoofing files
Learning objectives
Authentication basics
Attacking different authentication factors
Spoofing a host
Spoofing people
Spoofing files
Skills covered
Software Development SecurityNetwork SecurityCybersecurityDeep Dive (X:Y)
Concepts
0. Introduction
- 01 - Mitigate spoofing threats
- 02 - Four-question framework
- 03 - Spoofing as a part of STRIDE
1. Authentication Basics
- 04 - Account creation
- 05 - Authentication factors
2. Spoofing Authentication Factors
- 06 - Attacking what you know
- 07 - Attacking what you have
- 08 - Attacking what you are
- 09 - Attacking where you are
- 10 - Attacking who you know
- 11 - Attacking phone authentication
3. Spoofing Hosts
- 12 - Spoofing a host
- 13 - Advanced host spoofing
- 14 - Spoofing the OSI model
- 15 - What you know in host spoofing
- 16 - Spoofing TLS
4. Spoofing People
- 17 - Spoofing a specific person in email
- 18 - Spoofing a person on a website
- 19 - Spoofing a person in video and audio
5. Spoofing Files
- 20 - The nature of open and paths
- 21 - Libraries (LD PATH, Downloads )
- 22 - Defenses with extra fail
Conclusion
- 23 - Next steps
Related courses
- Learning Threat Modeling for Security Professionals
- Threat Modeling: Tampering in Depth
- Threat Modeling for AI/ML Systems
- Threat Modeling: Repudiation in Depth
- Threat Modeling: Information Disclosure in Depth
- Threat Modeling: Denial of Service and Expansion of Authority
- Advanced Threat Modeling and Risk Assessment in DevSecOps
- CompTIA CySA+ (CS0-002) Cert Prep: 1 Threat Management
Related learn paths
- Improve Your Threat Modeling Skills
- Become an IT Security Specialist
- Become an Ethical Hacker
- Prepare for the CompTIA Cybersecurity Analyst + (CySA+) (CS0-002) Certification Exam
- Leverage AI as a Cybersecurity Analyst
- Prepare for the CompTIA Security+ (SY0-701) Certification
- Prepare for the Microsoft Azure Security Technologies (AZ-500) Exam
- Building AI Products: Security Essentials Professional Certificate by LinkedIn Learning