From Threat Model to Attack Plan: Library Packs and TM-BOMs for Pentest Planning

Vikramaditya Narayan

Creator @ Precogly

LinkedInView Profile
Vikramaditya Narayan

Arsenal Overview

Pentesters waste time reconstructing scope and attack paths. The threat model already contains this intelligence, but it is rarely usable.

This talk shows how structured library packs and TM-BOM exports turn threat models into ranked, ATT&CK-mapped attack plans. Using Precogly, I build a model from AWS components, export it, and generate a pentest plan: prioritized targets, mapped CAPEC patterns, CWE weaknesses, and concrete test cases.

I demonstrate how the same data is consumed three ways: selecting threats during modeling, planning offensive engagements, and generating attack plans via LLMs without hallucinated techniques.

The result is a repeatable workflow where threat models directly drive pentest engagements.

About the Speaker

Vikramaditya Narayan

Vikramaditya Narayan

Creator @ Precogly

Vikramaditya Narayan is the creator of Precogly, an open-source threat modeling platform. Previously, he designed the prototype for a YC-funded AI governance platform.

He leads the Bangalore chapter of Threat Modeling Connect and has spoken at ThreatModCon DC on emergent risks in multi-agentic systems, as well as at the OWASP 25th Anniversary Virtual event on the risks of using LLMs in threat modeling. He is also scheduled to speak at OWASP Vienna in June 2026 on AI and the Threat Modeling Manifesto.

Vikramaditya holds an MS from Carnegie Mellon and is a Certified Threat Modeling Professional.

LinkedInView Profile