Through international regulations (most prominently the latest UNECE regulation) and standards, the already widely perceived higher need for cybersecurity in automotive systems has been recognized and will mandate higher efforts for cybersecurity engineering. The UNECE also demands the effectiveness of these engineering to be verified and validated through testing. This requires both a significantly higher rate and more comprehensiveness of cybersecurity testing that is not effectively to cope with using current, predominantly manual, automotive cybersecurity testing techniques. To allow for comprehensive and efficient testing at all stages of the automotive life cycle, including supply chain parts not at hand, and to facilitate efficient third party testing, as well as to test under real-world conditions, also methodologies for testing the cybersecurity of vehicular systems as a black box are necessary. This paper therefore presents a model and attack tree-based approach to (semi-)automate automotive cybersecurity testing, as well as considerations for automatically black box-deriving models for the use in attack modeling.