Introduction to steps¶

Experiment with adversary behaviour, attack paths, and operational risks.

Why these exercises matter¶

Threats are easier to understand when you see them in action. These exercises help teams connect adversary actions to real-world impact, turning abstract risks into concrete insights that guide planning and mitigation.

How to use this set¶

1. Work through the exercises in order: Adversary personas → mapping moves → attack paths → operational impact → bringing it together → crafting scenarios → building your model.

2. Focus on practical outputs, not theory.

3. Collaborate and discuss: different perspectives reveal hidden risks.

4. Keep it simple—use one sheet, one card, or one diagram per exercise.

Outcome¶

By the end of this series, you will have:

• Clear adversary personas

• Mapped attack paths

• Operational impact insights

• Realistic scenarios

• A lightweight, actionable threat model

This is a toolkit for hands-on exploration, not a manual. Iterate, adapt, and learn from what unfolds.

Examples¶

• Digital threat modelling for partner abuse | Power On → Who’s causing the harm?, What’s worth protecting?, How do they get in?, What do these look like in real life?, What kind of harm can this cause?, plus Mapping impacts to responses.

• The garden layout: Threat model - Green team → Adversaries, Assets, Attack vectors, Attacks, Assistive technologies, Threats, Impacts—provides the garden-ecosystem lens and data-reconstruction examples to fold into vectors and harms.