Cyber Threat Intelligence 101 2 Day Version with Wade Wells

Syllabus

1. 1. Introduction to Threat Intelligence

      • • Defining Threat Intelligence: Understanding the nuances of threat intelligence and its application across various industries.
      • • Applications Across Sectors: Explore the unique applications of threat intelligence in different sectors such as finance, healthcare, and government.
      • • Data to Intelligence: Learn methodologies to transform raw data into actionable intelligence.
      • • Intelligence Types: Detailed discussion on Tactical, Strategic, Operational, and Technical intelligence.

1. 1. Intelligence Frameworks and Protocols

      • • Traffic Light Protocol: Guidelines for data sharing sensitivity.
      • • Cyber Kill Chain and Diamond Model: Understanding attacker engagement sequences and the facets of an intrusion.
      • • Pyramid of Pain and MITRE ATT&CK: Tactical approaches to understanding attacker behaviors and methodologies.

1. 1. Structured Analytic Techniques

      • • Identification and Mitigation: Learn to identify common cognitive biases and strategies to mitigate their impact on intelligence analysis.

1. 1. Intelligence Life Cycle

      • • Comprehensive Overview: From direction-setting to feedback integration, each phase of the intelligence lifecycle is explored, along with relevant tools and techniques for enhancement.

1. 1. Inventory and Asset Management

      • • Internal Assessment: Techniques to inventory critical organizational assets and understand the attack surface.
      • • Attack Surface Management Tools: Explore tools and techniques for effective management and threat assessment.

1. 1. Threat Modeling, Landscaping, and Profiling

      • • Threat Modeling Techniques: Introduction to STRIDE, PASTA, and decision trees.
      • • Threat Landscaping and Actor Profiling: Learn to define the threat landscape and profile potential threat actors based on intent and capabilities.

1. 1. Priority Intelligence Requirements (PIRs)

      • • Development and Communication: Crafting effective PIRs and strategies for cross-departmental communication.

1. 1. AI and CTI

      • • Language model usage for clustering, report generation
      • • Threats from AI-assisted phishing, deepfakes

1. 1. Threat Intelligence Sharing Models

      • • ISACs,
      • • TLP application in trust groups
      • • Barriers to sharing and building information exchange networks

1. 1. Open Source Intelligence (OSINT)

      • • Intro to passive OSINT for infrastructure discovery
      • • Tools: Spiderfoot, Maltego, Shodan, FOFA
      • • Ethical/legal boundaries in collection

1. 1. Operational Security-

      • • Understand the principles and importance of OPSEC in CTI work.
      • • Recognize situations where poor OPSEC can lead to attribution, compromise, or adversary adaptation.
      • • Apply safe practices when collecting, researching, or interacting with threat actor infrastructure or forums.

1. 1. Dark Web

      • • Understand the structure and purpose of the dark web and deep web
      • • Identify common platforms, marketplaces, and forums used by threat actors.
      • • Learn safe, ethical, and legal methods for dark web monitoring.
      • • Recognize the value of dark web intelligence in threat profiling, credential monitoring, and early breach detection.

1. 1. Advanced Intelligence Dissemination and Tools

      • • Choosing Intelligence Vendors and Platforms: Criteria and best practices for selecting threat intelligence vendors and platforms.
      • • Tools and Techniques: Exploration of dark web analysis tools, deception technology, note-taking methodologies, visualization tools, and domain intelligence.