About The Training

This three-day hands-on training is designed to equip cybersecurity professionals with the skills to collect, analyze, automate, and operationalize Cyber Threat Intelligence (CTI). The course progresses from foundational concepts to advanced threat hunting and intelligence integration, ensuring attendees gain a deep understanding of CTI frameworks, adversary tactics, OSINT techniques, automation, and various intelligence sources like malware and darknet.

By the end of this training, attendees will gain a comprehensive understanding of Cyber Threat Intelligence (CTI), including the intelligence lifecycle, different types of CTI, and industry frameworks like MITRE ATT&CK and the Cyber Kill Chain. They will explore threat actor motivations and emerging cybercrime trends.

Participants will learn how to collect OSINT data from public sources such as domain records, social media, and breach databases. They will also work with IOCs and structured threat data formats (STIX, TAXII, JSON, CSV) for analysis and correlation.

A key focus will be automating threat intelligence with Python, where attendees will develop scripts to collect, process, and enrich threat feeds while implementing automation pipelines for better intelligence processing.

The training will also cover fundamentals of malware and darknet intelligence, including static and dynamic malware analysis, file classification, and understanding various types of threat actors from darknet marketplaces and cybercrime forums.

Attendees will also dive into threat hunting and proactive defense, leveraging YARA rules, Sigma rules, and PCAP analysis to detect and respond to threats effectively.

Finally, they will learn how to operationalize CTI in organizations by integrating it into SIEMs, EDRs, and SOC workflows, understanding stakeholder engagement, intelligence-sharing best practices, and CTI program development to scale intelligence operations successfully.

This training blends theory, hands-on labs, Python-based automation, and real-world case studies/datasets to prepare attendees for real-world CTI operations. Participants will leave with practical skills to enhance their organization’s security posture, proactively track threats, and automate intelligence gathering for effective decision-making.

Basic - Intermediate 

Day 1: Introduction to Cyber Threat Intelligence

Module 1: Fundamentals of Threat Intelligence (3 hours)

• What is Cyber Threat Intelligence (CTI)?
• The intelligence lifecycle
• Strategic, operational, tactical, and technical intelligence
• Cyber Kill Chain, MITRE ATT&CK Framework, and Diamond Model
• Types of threat actors and their motivations
  How CTI supports various Cybersecurity functions
• Case studies on real-world cyber threats

Module 2: Python Refresher (1 hour)

• Data Types
• Conditionals & Loops
• Functions
• File Handling
• Virtual Environment, Modules & Package
• Parsing and Structuring Data (JSON, XML, CSV, STIX/TAXII)

Module 3: OSINT for Threat Intelligence (2.5 hours)

• Introduction to Open-Source Intelligence (OSINT)
• Tools and techniques for gathering OSINT data
• Understanding indicators of compromise (IOCs)
• Hands-on: Analyzing OSINT Reporting
• Extracting intelligence from social media, domain records, and breach data
• Using threat intelligence feeds (STIX/TAXII, VirusTotal, etc.)
• Hands-on: Using OSINT to Pivot & Correlate

Day 2: Automating Threat Intelligence & Threat Analysis

Module 4: Threat Intelligence Automation (3.5 hours)

• Hands-on: Automating OSINT collection with Python
• Parsing threat feeds with Python
• Data enrichment and correlation
• Hands-on: Writing scripts to collect, process, and analyze threat data
• Introduction to MISP
• Alerting & Notification Automation
• Hands-on: Setting up TAXII feeds for intelligence sharing
• Honeypots for CTI Collection

Module 5: Adversary and Malware Analysis (3.5 hours)

• Gathering malware intelligence from public sources.
• Static and dynamic malware analysis basics
• File Classification and Working with Hashes
• Extracting and Analyzing Data from Binary File Formats.
• Hands-on: Extracting IOCs from malware samples
• Darknet Sources & Threat Actors (Cybercrime Enablers)
• Operational Security (OPSEC)
• Hands-on: Adversary Analysis from Leaked Chats

Day 3: Operationalizing Threat Intelligence

Module 6: Threat Hunting Basics (2 hours)

• Introduction to threat hunting
• Using TI for proactive defense
• Analyzing & Parsing PCAPs
• Integrating & Contextualizing Internal Threat Data/Logs with External Sources
• Hands-on: YARA rules for malware detection
• Hands-on: Using Sigma rules for threat detection
• Using CTI for Proactive Threat Hunting

Module 7: Operationalize CTI (2 hours)

• Intelligence Requirement Gathering
• Tracking Emerging Threats
• Hands-on: Keeping up with the Emerging Threats
• Hands-on: Mapping TTPs to MITRE ATT&CK Framework
• Showcase Your Findings
• Scaling Operations

Module 8: Building a CTI Program (3 hours)

• Threat intelligence in SIEMs, EDRs, and SOC workflows
• Understanding Business Needs
• Stakeholders Engagement
• Intelligence Sharing & Collaboration
• Key metrics for evaluating CTI programs
• Hands-on: Building a strategy for your organization

To get the most out of this training, attendees should bring:

• A laptop (Windows, macOS, or Linux) with at least 8GB of RAM and 50GB of free storage
• A virtualization platform (VMware Workstation/Player or VirtualBox)
• Admin/root access to install tools
• Pre-installed Python 3.x and Jupyter Notebook

While beginners are welcome, having the following knowledge will help:

• Basic understanding of cybersecurity concepts (e.g., threat actors, malware, IOCs, TTPs)
• Familiarity with Python scripting (loops, conditionals, file handling)
• Basic knowledge of network security (e.g., IP addresses, ports, logs, firewalls)
• Familiarity with the Linux command line

If you're completely new to Python, the Python refresher session on Day 1 will help you catch up!

• Security Analysts & SOC Teams looking to integrate threat intelligence into SOC workflows, improve incident response, and automate data collection.
• Threat Intelligence Analysts looking to enhance their OSINT collection, malware analysis, and darknet intelligence skills.
• Incident Responders who can utilize CTI for quicker incident correlation, IOCs extraction, and response automation.
• Any security professional looking to implement and operationalize CTI practices.

• Fundamentals of Cyber Threat Intelligence (CTI)
• Intensive, hands-on training with real-world threat datasets in every module.
• Hands-on automation exercises are designed to put concepts into practice.
• Insights into the process of building & operationalizing CTI capabilities from scratch.
• Fundamentals of extracting intelligence from malware samples and threat hunting.

The attendees will receive slide decks and resources related to the course.

• The course is not a theoretical lecture series – it's hands-on training.
• This is not a beginner’s programming course (Basic Python knowledge is highly recommended)
• The training does not focus on offensive security or penetration testing
• We will not cover reverse engineering in-depth (only basic malware analysis)