CTI for Security Operations: From Malware Analysis to Intelligence-Driven Defense
Master Proactive Defense: Transform Data into Actionable Cyber Threat Insights
Skills you will gain:
About Program:
Cyber Threat Intelligence (CTI) is the discipline of gathering information about adversaries’ capabilities, intentions, and tactics to inform defensive decision-making. This workshop combines theory with hands-on labs to teach you how to source open-source and closed-source data, leverage automated intelligence platforms, map findings to frameworks like MITRE ATT&CK, and integrate threat feeds into your SOC workflows
Aim: To equip security professionals with the methodologies, tools, and best practices needed to collect, analyze, and operationalize threat intelligence—enabling organizations to anticipate, detect, and mitigate cyber threats before they materialize.
Program Objectives:
- Understand the full CTI lifecycle and its role in proactive defense
- Demonstrate proficiency with key OSINT and CTI automation tools
- Apply data enrichment and correlation techniques to raw threat data
- Map intelligence findings to frameworks such as MITRE ATT&CK
- Deliver clear, concise intelligence products for varied stakeholders
- Execute a tabletop exercise to practice threat-informed decision-making
What you will learn?
Day 1: Fundamentals of CTI and Threat Actors
Objective: Understand the fundamentals of CTI, its lifecycle, and its role in cybersecurity.
Topics Covered:
- Introduction to Cyber Threat Intelligence (CTI)
- Definition and importance
- Types of intelligence: Strategic, Operational, Tactical, Technical
- Threat Intelligence Lifecycle
- Stages from direction to dissemination
- Threat Actors and Motivations
- Nation-states, cybercriminals, hacktivists, insider threats
- Common attack vectors: phishing, malware, ransomware, APTs
- Open-Source Intelligence (OSINT) Basics
- Tools: WHOIS, Shodan, Maltego, Google Dorks
- Hands-on: Gathering threat data from public sources
Lab Activity:
- Use OSINT tools to investigate a simulated threat actor.
Day 2: Collection and Processing of Threat Data
Objective: Learn how to collect and process threat data for analysis.
Topics Covered:
- Threat Intelligence Sources
- Open-source: Feeds, forums, paste sites
- Closed-source: Commercial feeds, dark web monitoring
- Internal sources: SIEM, logs, EDR
- Data Collection Techniques
- Passive vs. active collection
- Legal and ethical considerations
- Processing & Normalization
- Structuring data: STIX/TAXII, JSON, CSV
- Tools: MISP, ThreatConnect, Recorded Future
- Indicators of Compromise (IOCs)
- IPs, domains, hashes, behavioral patterns
Lab Activity:
- Use MISP to ingest and analyze IOCs from a threat feed.
Day 3: Threat Analysis and Attribution
Objective: Develop skills in analyzing threats and attributing attacks.
Topics Covered:
- Threat Analysis Techniques
- Pattern recognition, anomaly detection, correlation
- Tactics, Techniques, Procedures (TTPs)
- Malware Analysis for CTI
- Static vs. dynamic analysis
- Tools: Sandboxing with Hybrid Analysis, ANY.RUN
- Threat Attribution
- Challenges in attribution
- Case studies: APT29, Lazarus Group, others
- Threat Intelligence Reports
- Writing actionable intelligence
- Report structure: Executive Summary, Technical Details, Recommendations
Lab Activity:
- Analyze a malware sample and draft a threat report.
Day 4: Operational Integration and Capstone Project
Objective: Learn how to share intelligence and integrate CTI into security operations.
Topics Covered:
- Threat Intelligence Sharing
- ISACs (Information Sharing and Analysis Centers)
- Standards: STIX/TAXII, OpenIOC
- Integrating CTI into Security Operations
- SIEM integration (Splunk, IBM QRadar)
- Automating threat detection with SOAR platforms
- Threat Hunting with CTI
- Proactive methodologies
- Using YARA rules for detection
- Emerging Trends in CTI
- AI/ML applications in CTI
- Threat intelligence for cloud environments
- Final Exercise (Capstone Project)
- Simulated cyber incident scenario:
- Collect relevant threat intelligence
- Analyze the attack using TTPs
- Produce a threat intelligence report
- Recommend defensive actions
- Simulated cyber incident scenario:
Lab Activity:
- Configure a SIEM to ingest threat feeds and generate alerts.
Mentor Profile
Fee Plan
Get an e-Certificate of Participation!
Intended For :
-
- Security analysts, SOC engineers, incident responders
- Network/security administrators transitioning to CTI roles
- Risk and compliance officers seeking deeper threat visibility
Career Supporting Skills
Program Outcomes
By the end of this workshop, participants will be able to:
- Design and implement a CTI program aligned with organizational goals
- Collect intelligence from multiple sources and validate data quality
- Analyze threat data to identify adversary patterns and TTPs
- Produce actionable intelligence reports tailored for technical and executive audiences
- Integrate CTI outputs into SIEM/SOAR platforms for automated alerting