Course Content

Module 1: Introduction

07:50
1.1 Course Introduction
07:09
1.2 Introduction to the Intelligence Lifecycle

Module 2: Collection

04:11
2.1 Introduction to Data Collection
06:38
2.2 Internal Data Acquisition
07:07
2.3 External Data Sources
08:38
2.4 Private Data Sources Part 1
03:43
2.5 Private Data Sources Part 2
10:48
2.6 Community Data Sources
08:00
2.7 Public Data Sources Part 1
03:12
2.8 Public Data Sources Part 2
09:23
2.9 Leveraging OSINT Part 1
06:51
2.10 Leveraging OSINT Part 2

Module 3: Data Management and Processing

06:14
3.1 Introduction to Data Processing
08:01
3.2 Common CTI Standards Part 1
04:01
3.3 Common CTI Standards Part 2
02:25
3.4 Storage and Integration
09:12
3.5 Threat Intelligence Platforms

Module 4: Analysis

04:50
4.1 Introduction to Analysis
07:32
4.2 Analysis of Competing Hypothesis
10:46
4.3 Cyber Kill Chain and Diamond Model
09:11
4.4 Cyber Kill Chain and Courses of Action Matrix

Module 5: Campaign Analysis

04:58
5.1 Introduction to Campaigns
06:03
5.2 Heatmap Analysis
06:16
5.3 Visual Analysis
07:29
5.4 MITRE ATT&CK and the MITRE Threat Groups Track
07:22
5.5 Threat Intelligence Naming Conventions

Module 6: Attribution

08:03
6.1 Introduction to Attribution
06:10
6.2 Cognitive Biases
06:32
6.3 Logical Fallacies
05:20
6.4 How to Manage Biases
07:53
6.5 Nation-State Attribution Part 1
04:35
6.6 Nation-State Attribution Part 2

Module 7: Dissemination and Sharing

07:12
7.1 Introduction to Dissemination
07:28
7.2 Tactical Intelligence
05:36
7.3 Operational Intelligence
09:21
7.4 Strategic Intelligence

Module 8: Summary

06:29
8.1 Summary

Course Description

Cyber threats keep getting more complex and sophisticated and security teams cannot continue playing whack-a-mole. Basic methods and tools are no longer efficient against these emerging threats. This is why moving towards more data driven security is a necessity and of course all of this requires specific skills that you will be learning through this course. This course, Advanced Cyber Threat Intelligence, is built with the intelligence cycle in mind to create a consistent image and a logical sequence of how to build and leverage a Threat Intelligence program.

So, you will be interested to enroll in the course if you already have some basic knowledge about cyber threat intelligence and you are looking for a course to enhance your existing skills, or perhaps you are building a new Cyber Threat Intelligence program for your organization.

The advanced Cyber Threat Intelligence course will benefit security practitioners and individuals interested in preventing cyber threats. In this course, we will discuss how Threat Intelligence can help you leverage your existing data sources to extract useful information and how to find complementary information and intelligence from external sources. We will also explain how to get actionable data through the process of vetting and the importance of this task to reduce efforts on false positives investigations.

The next part will be dealing with analysis of intrusion and campaigns. It can help you structure your analysis using models and techniques like the Analysis of Competing Hypotheses, the Cyber Kill Chain and MITRE ATT&CK. A full part will be dedicated to campaign investigation and its sophisticated analysis methods such as Visual analysis and Heatmap analysis. Another interesting part of the analysis is attribution. Working on complex investigations can often lead to create confusion or even push analysts to use shortcuts to come up with conclusions especially related to attribution. At some point, it becomes a handicap to think properly but if the analysts are unable to identify these issues, they won’t be able to defeat them. For this reason, one of the modules will discuss biases and logical errors identification and giving advice on how to manage them.

And finally, one of the key concepts of Cyber Threat Intelligence is dissemination. Therefore, it is essential to choose the right format of intelligence to share based on your targeted audience (tactical, operational, strategic).

Prerequisites

  • Familiar with networking essentials
  • Familiar with security terminology (Firewall, SIEM, IPS, …)
  • Complete the “Intro to Cyber Threat Intelligence” course
  • Basic OSINT knowledge
  • Basic understanding of the Cyber Kill Chain
  • Basic understanding of data analysis

Course Goals

By the end of this course, students should be able to:

  • Run a threat intelligence program for an organization
  • Collect and select relevant intelligence to enhance detection and response
  • Analyze a campaign using ACH
  • Understand the mindset of modern attackers and adapt detection & response strategies based on Cyber Threat Intelligence analysis
  • Challenge and manage biases in intrusion analysis
  • Provide actionable advice about emerging threats
  • Build and disseminate threat intelligence reports based on the intended audience