In order to model well, we have to understand how attacks get started and how they proceed. Otherwise, how do we figure out “What can go wrong?”
For many new to the sport of threat models, compiling a reasonably comprehensive set of potential attacks can be daunting, at best, overwhelming for many.
Personally, I spend a fair amount of time just keeping up, even though I’ve been modelling for more than two decades.
Well, the following article I picked up out of my TL;DR cyber newsletter might help:
Let’s Talk About SaaS Attack Techniques (11 minute read)
An article from Push providing an overview of modern SaaS attacks. The attacks are broken down into a MITRE ATT&CK style matrix. The article concludes with a discussion on the observability of these attacks.