Threat modeling is the process of getting to know your adversary, identifying information or attack vectors that your adversary might exploit or is capable of exploiting, and then finding a way to mitigate some of those exploits your adversary may use. When all this information is compiled together, it is called a threat model. Everyone has a different threat model and different ways of threat modeling.
First, you need to know 3 things: who your adversary is, what they are capable of, and what the adversary's goal is. If you know these 3 things, you are off to a great start. You should then begin thinking of what attacks the adversary may perform in order to achieve their goal, and then think of ways to defeat those attacks. A basic example is the FBI trying to deanonymize a Tor user. You know the FBI is capable of using NITs (drive-by downloads) to deanonymize Tor users. At this point, if you think of how you would defeat a NIT, you may opt to use Tails or Whonix instead of plain Tor Browser. This is just a very basic example; different adversaries have different capabilities and techniques, often times more than one, that you have to account for. Remember that security is a moving target and is always changing, so re-evaluate your adversary and adjust your threat model accordingly from time to time.
You may also opt to use a more structured threat modeling process. This is where other threat modeling techniques come in, such as STRIDE, the CIA Triad, and Attack Trees. These also give you a basic understanding of what your adversary may try to attack, but they all require that you know who or what your adversary is.
The STRIDE threat modeling process was developed by Microsoft and can be applied to almost everything. STRIDE stands for, Spoofing, Tampering, Repudiation, Information Disclosure, Denial of service, and Escalation of privileges. STRIDE is extremely thorough and effective when used correctly. STRIDE can be used as a question-and-answer process. For example the S stands for spoofing, you may ask, "Can my adversary spoof an identity?" If the answer is yes, then you may go through the process finding how your adversary would spoof an identity and how to prevent or detect identity spoofing by your adversary.
The CIA triad was not invented by the Central Intelligence Agency; it actually stands for Confidentiality, Integrity, and Availability. This threat modeling process highlights the three main things you want to protect from an adversary. Confidentiality of information to prevent your adversary from knowing what it is, integrity to prevent malicious modification of information or spoofing, and availability to prevent your adversary from making information unavailable to you. For instance, on a website with a login form, you want to keep the password database confidential. It also needs integrity, so someone unauthorized can't just change the password for a user, and it needs to stay available, so a user can always log in.
Attack trees are supposed to let you map out what attacks your adversary may attempt to achieve the adversary's goal and how to mitigate them effectively. You can also map out the steps required to execute an attack in order to help mitigate that attack. An example of an attack tree is provided below.
Attack trees are very flexible as you can change how you use them to fit your needs. Attack trees also help you keep track of a variety of attacks that may occur.