Brussels - Cyber Intelligence Tradecraft - Certified Threat Intelligence Analyst

Anonymity and Passive Persona setup
Collection Methods and Techniques
Collection Planning, IRs/PIRs/EEIs/Indicators/SIRs
Collection Process Flow
Collection (OSINT) Tools and Targeting
Threat Intelligence
Most likely Threat Actors
Access to ThreatStream during the class
Use of Maltego – overview
OPSEC – VPNs, Buscador, Authentic8 Silo
OSINT Browser – Oryon C Portable
Proxy Access – the DarkNet
Demonstration – Recorded Future / Intel471
Burn phone set up and use (US Only)
Open Source Intelligence OSINT
Production Methods
Structured Analytic Techniques – Their use
Adversary Denial and Deception
Source Credibility and Relevance
Source Validation
Denial and Deception
Confidence Levels
Types of evidence
Production Management
Critical and Creative Thinking
Cognitive Bias
Glossary and Taxonomy
What Intelligence Can and Cannot Do
Use of Mitre ATT&CK in Analysis
ATT&CK in examining patterns and trends
ATT&CK in Adversary tendencies
Estimation and Forecasting
Campaign analysis
Types and Methods of Analysis
Synthesis and Fusion
Analysis of Competing Hypothesis
Inductive/Abductive/Deductive Reasoning
Stakeholder Identification, and Analysis
Analytic Writing, BLUF, AIMS
Forecasting in your writing
Indicators of Change
Argument Mapping
Types of Reports
Product Line Mapping
Report Serialization, and Dissemination
Live Case Studies – Class briefs

We also have a different module that can be included depending on the audience. This module is geared towards IR and SOC staff:

  • Intro to Cyber Intelligence
    • What does intelligence mean to the SOC?
    • What does intelligence mean to Incident Response?
  • A day in the life of an intelligence analyst
  • Intelligence Lifecycle
    • Define what your group does
    • Define how your group uses intelligence
    • Define how your group produces intelligence
  • Mitre ATT&CK
    • Tactics
    • Techniques
    • Tools
    • ATT&CK Navigator
    • ATT&CK Examples
  • Chronology and Timelines
    • ATT&CK Chronology
    • Comparing past and present
    • Comparing and contrasting different threat groups
  • Estimative ATT&CK
  • Adversary Targeting – Threat Profiling - Threat Matrices
    • Primary Threats
      • Nation-state
      • Foreign intelligence services
      • Military cyber units
      • Threat groups and proxies
      • Cybercriminals
      • Others
    • Adversary skills
    • Adversary maliciousness
    • Interest in your organization
    • Motivation – objective – conditions
      • Opportunity
      • Triggers
      • Course(s) of action
      • Capabilities
    • Level of automation
    • Potential impact
  • Threat Hunting
    • Purpose and Scope
    • Hunt level maturity
    • Threat Hunting Lifecycle
      • Lifecycle and Maturity Level matrix
    • Patrolling
    • Stalking
    • Searching, clustering, grouping, stack counting
    • Process flow
      • Entry point
      • Plan the hunt
      • Execute the hunt
      • Malicious or not?
      • Document the performed steps
      • Document the findings
      • Prepare the report
      • Hunt Key Metrics
    • Establish priorities Iterative Approaches and Feedback Loop
    • RACIs – who does what
    • Tactical Intelligence Risk
    • Situational Awareness
      • Emerging threats
      • Coordination with other groups
      • Likely adversary courses of action
    • Intake Forms
      • Request for Information (RFI)
      • Responding to RFIs
    • Incident Intelligence
      • Interfacing with the Cyber Threat Intelligence (CTI) teams
      • What do we need from CTI?
      • What can CTI do and what can they not do
    • Indicators Cyber DECIDE, DETECT, DELIVER and ASSESS (D3A) framework
    • Specific information requirements Cyber FIND, FIX, FINISH, EXPLOIT, ANALYZE and DISSEMINATE (F3EAD) methodology
    • Crown jewel information
      • Checklist questions
      • Possible intelligence requirements (non-prioritized)

Event Properties

Event Date 10-18-2021 1:00 am
Event End Date 10-22-2021 1:00 am
Capacity 15
Cut off date 10-15-2021
Individual Price $3,700.00
Location Brussels

We are no longer accepting registration for this event