Outline for this course
Module 01: Introduction to Threat Intelligence- 1.1 Intelligence
- 1.2 Cyber Threat Intelligence Concepts
- 1.3 Threat Intelligence Lifecycle and Frameworks
- 1.4 Threat Intelligence Platforms (TIPs)
- 1.5 Threat Intelligence in the Cloud Environment
- 1.6 Future Trends and Continuous Learning
Key topics covered: Cyber Threat Intelligence, Threat Intelligence vs. Threat Data, Threat Intelligence vs. Traditional Cybersecurity Approaches, Types of Threat Intelligence, Threat Intelligence Generation, Responsibilities of Cyber Threat Analysts, Threat Intelligence Lifecycle, Threat Intelligence Strategy,Threat Intelligence Maturity Model, Threat Intelligence Frameworks, Threat Intelligence Platforms (TIPs), Role of Threat Intelligence in Cloud Security, and Career Paths and Opportunities in Threat Intelligence Field
Module 02: Cyber Threats and Attack Frameworks- 2.1 Cyber Threats
- 2.2 Advanced Persistent Threats
- 2.3 Cyber Kill Chain
- 2.4 MITRE ATT&CK and Diamond Model
- 2.5 Indicators of Compromise
Key topics covered: Cyber Threats, Cyber Security Threat Categories, Threat Actors, Objectives of Cyber Security Attacks, Advanced Persistent Threats, Advanced Persistent Threat Lifecycle, Cyber Kill Chain Methodology, MITRE ATT&CK Framework, Diamond Model of Intrusion Analysis, Indicators of Compromise, Categories of Indicators of Compromise, and Pyramid of Pain
Module 03: Requirements, Planning, Direction, and Review- 3.1 Organization’s Current Threat Landscape
- 3.2 Requirements Analysis
- 3.3 Plan a Threat Intelligence Program
- 3.4 Establish Management Support
- 3.5 Build a Threat Intelligence Team
- 3.6 Threat Intelligence Sharing
- 3.7 Review Threat Intelligence Program
Key topics covered:
Identify Critical Threats to the Organization,
Threat Intelligence Requirements,
MoSCoW Method for Prioritizing Requirements,
Scope of Threat Intelligence Program, Rules of Engagement, Threat Intelligence Program Planning, Project Charter and Policy Preparation, Threat Intelligence Roles and Responsibilities, Build Intelligence Team, Threat Intelligence Sharing, Types of Sharing Partners, and Threat Intelligence-led Engagement Review
Module 04: Data Collection and Processing- 4.1 Threat Intelligence Data Collection
- 4.2 Threat Intelligence Collection Management
- 4.3 Threat Intelligence Feeds and Sources
- 4.4 Threat Intelligence Data Collection and Acquisition
- 4.5 Bulk Data Collection
- 4.6 Data Processing and Exploitation
- 4.7 Threat Data Collection and Enrichment in Cloud Environments
Labs - Data Collection through Search Engines, Web Services, Website Footprinting, Email Footprinting, DNS Interrogation, Automated OSINT Tools, Social Engineering Techniques, Cyber Counterintelligence (CCI) Techniques, Malware Analysis, and Python Scripting
- IoC Data Collection through External Sources and Internal Sources
- Structuring/Normalization of Collected Data
Key topics covered:
Threat Intelligence Data Collection, Data Collection Methods, Types of Data, Types of Threat Intelligence Data Collection, Threat Intelligence Collection Plan, Threat Intelligence Feeds, Threat Intelligence Sources, Threat Intelligence Data Collection and Acquisition, Data Collection through Python Scripting, Bulk Data Collection, Bulk Data Management, Data Processing and Exploitation, Structuring/Normalization of Collected Data, Data Sampling, and Threat Data Collection in Cloud Environments
Module 05: Data Analysis- 5.1 Data Analysis
- 5.2 Data Analysis Techniques
- 5.3 Threat Analysis
- 5.4 Threat Analysis Process
- 5.5 Fine-Tuning Threat Analysis
- 5.6 Threat Intelligence Evaluation
- 5.7 Create Runbooks and Knowledge Base
- 5.8 Threat Intelligence Tools
Labs: - Perform Threat Modeling and Data Analysis
- Perform Complete Threat Intelligence using Threat Intelligence Tools
Key topics covered:
Data Analysis, Types of Data Analysis, Statistical Data Analysis, Analysis of Competing Hypotheses (ACH), Structured Analysis of Competing Hypotheses (SACH), Threat Analysis, Types of Threat Intelligence Analysis, Threat Analysis Process, Threat Modeling Methodologies, Threat Analysis Process with Diamond Model Framework, Validating and Prioritizing Threat Indicators, Fine-Tuning Threat Analysis, Automate Threat Analysis Processes, Threat Intelligence Evaluation, Threat Attribution, Creating Runbooks, Threat Knowledge Base, and Threat Intelligence Tools
Module 06: Intelligence Reporting and Dissemination- 6.1 Threat Intelligence Reports
- 6.2 Dissemination
- 6.3 Participate in Sharing Relationships
- 6.4 Sharing Threat Intelligence
- 6.5 Delivery Mechanisms
- 6.6 Threat Intelligence Sharing Platforms
- 6.7 Intelligence Sharing Acts and Regulations
- 6.8 Threat Intelligence Integration
- 6.9 Threat Intelligence Sharing and Collaboration using Python Scripting
Labs: - Perform Threat Intelligence Reporting and Sharing
Key topics covered:
Threat Intelligence Reports, Types of Cyber Threat Intelligence Reports, Report Writing Tools, Dissemination, Threat Intelligence Sharing, Information Sharing Model, Information Exchange Types, Sharing Community, Sharing Intelligence using YARA Rules, Standards and Formats for Sharing Threat Intelligence, Information Sharing and Collaboration Platforms, Intelligence Sharing Acts and Regulations, Threat Intelligence Integration, Threat Intelligence Sharing using Python Scripting
Module 07: Threat Hunting and Detection- 7.1 Threat Hunting Concepts
- 7.2 Threat Hunting Automation
Labs: - Perform Targeted Threat Hunting using Python Scripts
- Perform Threat Hunting Automation using Threat Intelligence Tools
Key topics covered:
Threat Hunting, Types of Threat Hunting, Threat Hunting Process, Threat Hunting Maturity Model (HMM), Threat Hunter Skillset, Threat Hunting Loop, Targeted Hunting Integrating Threat Intelligence (TaHiTI), Threat Hunting Automation, and Threat Hunting Automation using Python Scripting
Module 08: Threat Intelligence in SOC Operations, Incident Response, and Risk Management- 8.1 Threat Intelligence in SOC Operations
- 8.2 Threat Intelligence in Risk Management
- 8.3 Threat Intelligence in Incident Response
Labs: - Perform Cyber Threat Intelligence using the SOC Threat Intelligence Platforms
Key topics covered:
Threat Intelligence in SOC Operations, Building SOC Threat Intelligence, Next-Gen Intelligent SOC, SOC Threat Intelligence Platforms (TIPs), Threat Intelligence in Risk Management Process, Integrating Threat Intelligence into Risk Management Processes, Threat Intelligence into the Incident Response Process, and Threat Intelligence in Incident Recovery and Resilience
