CTI for Security Operations: From Malware Analysis to Intelligence-Driven Defense
Master Proactive Defense: Transform Data into Actionable Cyber Threat Insights
About This Course
Cyber Threat Intelligence (CTI) is the discipline of gathering information about adversaries’ capabilities, intentions, and tactics to inform defensive decision-making. This workshop combines theory with hands-on labs to teach you how to source open-source and closed-source data, leverage automated intelligence platforms, map findings to frameworks like MITRE ATT&CK, and integrate threat feeds into your SOC workflows
Aim
To equip security professionals with the methodologies, tools, and best practices needed to collect, analyze, and operationalize threat intelligence—enabling organizations to anticipate, detect, and mitigate cyber threats before they materialize.
Workshop Objectives
- Understand the full CTI lifecycle and its role in proactive defense
- Demonstrate proficiency with key OSINT and CTI automation tools
- Apply data enrichment and correlation techniques to raw threat data
- Map intelligence findings to frameworks such as MITRE ATT&CK
- Deliver clear, concise intelligence products for varied stakeholders
- Execute a tabletop exercise to practice threat-informed decision-making
Workshop Structure
Day 1: Fundamentals of CTI and Threat Actors
Objective: Understand the fundamentals of CTI, its lifecycle, and its role in cybersecurity.
Topics Covered:
- Introduction to Cyber Threat Intelligence (CTI)
- Definition and importance
- Types of intelligence: Strategic, Operational, Tactical, Technical
- Threat Intelligence Lifecycle
- Stages from direction to dissemination
- Threat Actors and Motivations
- Nation-states, cybercriminals, hacktivists, insider threats
- Common attack vectors: phishing, malware, ransomware, APTs
- Open-Source Intelligence (OSINT) Basics
- Tools: WHOIS, Shodan, Maltego, Google Dorks
- Hands-on: Gathering threat data from public sources
Lab Activity:
- Use OSINT tools to investigate a simulated threat actor.
Day 2: Collection and Processing of Threat Data
Objective: Learn how to collect and process threat data for analysis.
Topics Covered:
- Threat Intelligence Sources
- Open-source: Feeds, forums, paste sites
- Closed-source: Commercial feeds, dark web monitoring
- Internal sources: SIEM, logs, EDR
- Data Collection Techniques
- Passive vs. active collection
- Legal and ethical considerations
- Processing & Normalization
- Structuring data: STIX/TAXII, JSON, CSV
- Tools: MISP, ThreatConnect, Recorded Future
- Indicators of Compromise (IOCs)
- IPs, domains, hashes, behavioral patterns
Lab Activity:
- Use MISP to ingest and analyze IOCs from a threat feed.
Day 3: Threat Analysis and Attribution
Objective: Develop skills in analyzing threats and attributing attacks.
Topics Covered:
- Threat Analysis Techniques
- Pattern recognition, anomaly detection, correlation
- Tactics, Techniques, Procedures (TTPs)
- Malware Analysis for CTI
- Static vs. dynamic analysis
- Tools: Sandboxing with Hybrid Analysis, ANY.RUN
- Threat Attribution
- Challenges in attribution
- Case studies: APT29, Lazarus Group, others
- Threat Intelligence Reports
- Writing actionable intelligence
- Report structure: Executive Summary, Technical Details, Recommendations
Lab Activity:
- Analyze a malware sample and draft a threat report.
Day 4: Operational Integration and Capstone Project
Objective: Learn how to share intelligence and integrate CTI into security operations.
Topics Covered:
- Threat Intelligence Sharing
- ISACs (Information Sharing and Analysis Centers)
- Standards: STIX/TAXII, OpenIOC
- Integrating CTI into Security Operations
- SIEM integration (Splunk, IBM QRadar)
- Automating threat detection with SOAR platforms
- Threat Hunting with CTI
- Proactive methodologies
- Using YARA rules for detection
- Emerging Trends in CTI
- AI/ML applications in CTI
- Threat intelligence for cloud environments
- Final Exercise (Capstone Project)
- Simulated cyber incident scenario:
- Collect relevant threat intelligence
- Analyze the attack using TTPs
- Produce a threat intelligence report
- Recommend defensive actions
- Simulated cyber incident scenario:
Lab Activity:
- Configure a SIEM to ingest threat feeds and generate alerts.
Who Should Enrol?
-
- Security analysts, SOC engineers, incident responders
- Network/security administrators transitioning to CTI roles
- Risk and compliance officers seeking deeper threat visibility
Important Dates
Registration Ends
08/17/2025
IST 8 PM
Workshop Dates
08/17/2025 – 08/22/2025
IST 9 PM ( Indian Standerd Time )
Workshop Outcomes
By the end of this workshop, participants will be able to:
- Design and implement a CTI program aligned with organizational goals
- Collect intelligence from multiple sources and validate data quality
- Analyze threat data to identify adversary patterns and TTPs
- Produce actionable intelligence reports tailored for technical and executive audiences
- Integrate CTI outputs into SIEM/SOAR platforms for automated alerting
Meet Your Mentor(s)
Fee Structure
Student Fee
₹1999 | $50
Ph.D. Scholar / Researcher Fee
₹2999 | $60
Academician / Faculty Fee
₹3999 | $70
Industry Professional Fee
₹5999 | $90
What You’ll Gain
- Live & recorded sessions
- e-Certificate upon completion
- Post-workshop query support
- Hands-on learning experience
Join Our Hall of Fame!
Take your research to the next level with NanoSchool.
Publication Opportunity
Get published in a prestigious open-access journal.
Centre of Excellence
Become part of an elite research community.
Networking & Learning
Connect with global researchers and mentors.
Global Recognition
Worth ₹20,000 / $1,000 in academic value.
View All Feedbacks →