pie__ has quit [Remote host closed the connection]
pie__ has joined #nixos-security
justan0theruser has quit [Ping timeout: 248 seconds]
justanotheruser has joined #nixos-security
mighty_vee has quit [Ping timeout: 258 seconds]
Synthetica has joined #nixos-security
hmpffff has joined #nixos-security
hmpffff has quit [Quit: nchrrrr…]
mighty_vee has joined #nixos-security
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
hmpffff has joined #nixos-security
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
hmpffff has quit [Client Quit]
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
mighty_vee has quit [Max SendQ exceeded]
mighty_vee has joined #nixos-security
hmpffff has joined #nixos-security
hmpffff has quit [Quit: nchrrrr…]
<pie__>
idea: using threat modelling "just" means going from some approximate upper bound on attacker capabilities to a concrete attacker capability model
<pie__>
so on a whim i googled automated threat modelling, apparently stuff like https://www.youtube.com/watch?v=10Xu8XAjL3c actually exists (first product i found that looks reasonable)
<gchristensen>
I don't think threat modeling is really automatable?
<pie__>
obviously there's work involved in maintaining a model of a network...but what if you manage your network with nix /O/
<pie__>
gchristensen, i was just trying to find keywords that would actually bring up programmatic results, thread modeling already has modeling in the name and usually involves software (or something like that) so its going to be noisy results when trying to search for programmagic stuff
<pie__>
:(
<pie__>
what im really interested in is algorithmic model analysis
<pie__>
and the ontologies for this stuff (building the model)
mighty_vee has quit [Remote host closed the connection]
mighty_vee has joined #nixos-security
<pie__>
asked a friend and he said you cant really model this stuff because "I'm Dave from Marketing and he's got fuck all access anywhere, now what" "can I just snort user backups from a backup server? if so I probably now have domain admin"
<gchristensen>
exactly
<gchristensen>
"the cleaning crew left a door unlocked and now $adversary has climed through the ceiling tiles to get in to the network rack"
<gchristensen>
"somebody kidnapped the CEO's entire family"