gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
ris has quit [Ping timeout: 272 seconds]
Synthetica has quit [Quit: Connection closed for inactivity]
justanotheruser has quit [Ping timeout: 272 seconds]
justanotheruser has joined #nixos-security
justan0theruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 244 seconds]
aanderse has quit [Quit: ZNC 1.7.2 - https://znc.in]
aanderse has joined #nixos-security
pie__ has quit [Remote host closed the connection]
pie__ has joined #nixos-security
justan0theruser has quit [Ping timeout: 248 seconds]
justanotheruser has joined #nixos-security
mighty_vee has quit [Ping timeout: 258 seconds]
Synthetica has joined #nixos-security
hmpffff has joined #nixos-security
hmpffff has quit [Quit: nchrrrr…]
mighty_vee has joined #nixos-security
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
hmpffff has joined #nixos-security
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
hmpffff has quit [Client Quit]
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
hmpffff has joined #nixos-security
hmpffff has quit [Quit: nchrrrr…]
<pie__> idea: using threat modelling "just" means going from some approximate upper bound on attacker capabilities to a concrete attacker capability model
<pie__> so on a whim i googled automated threat modelling, apparently stuff like https://www.youtube.com/watch?v=10Xu8XAjL3c actually exists (first product i found that looks reasonable)
<gchristensen> I don't think threat modeling is really automatable?
<pie__> obviously there's work involved in maintaining a model of a network...but what if you manage your network with nix /O/
<pie__> gchristensen, i was just trying to find keywords that would actually bring up programmatic results, thread modeling already has modeling in the name and usually involves software (or something like that) so its going to be noisy results when trying to search for programmagic stuff
<pie__> :(
<pie__> what im really interested in is algorithmic model analysis
<pie__> and the ontologies for this stuff (building the model)
mighty_vee has quit [Remote host closed the connection]
mighty_vee has joined #nixos-security
<pie__> asked a friend and he said you cant really model this stuff because "I'm Dave from Marketing and he's got fuck all access anywhere, now what" "can I just snort user backups from a backup server? if so I probably now have domain admin"
<gchristensen> exactly
<gchristensen> "the cleaning crew left a door unlocked and now $adversary has climed through the ceiling tiles to get in to the network rack"
<gchristensen> "somebody kidnapped the CEO's entire family"
<pie__> man ceiling tiles are so american :p
<pie__> jk i dunno
<gchristensen> pie__: https://twitter.com/badthingsdaily here is some inspiration for your threat modeling
<pie__> i wish i had ppl to tabletop with
<pie__> ive seen those before and they all rustle my jimmies
<gchristensen> well that is easy to solve
hmpffff has joined #nixos-security
copumpkin has quit [Read error: Connection reset by peer]
copumpkin has joined #nixos-security
hmpffff has quit [Quit: nchrrrr…]
hmpffff has joined #nixos-security
tilpner has quit [Quit: WeeChat 2.4]
tilpner has joined #nixos-security
hmpffff has quit [Quit: nchrrrr…]