Code:CNT1203

Introduction

This course aims to provide participants with the knowledge and techniques to understand and counter cyber security threats and attacks effectively. Furthermore, this course allows participants to understand the critical cognitive processes that govern investigatory tasks, the technologies and the platforms, to perform cyber threat intelligence.

Course content

  • Introduction to cyber threat
    • Cyber threats critical review
    • Cyber threat Intelligence
    • Indicators and their life cycle
    • Threat profiling through their TTP



  • Collecting evidence, share and produce intelligence
    • The investigation process and principles
    • Rate sources and collect observables
    • The STIX and TAXII models

 

  • Cyber threat platform
    • How to use a cyber-threat intelligence platform
    • Best practice for cyber-threat platform in intelligence
    • Use of Open CTI (gathering and feeding)

 

  • Reasoning behind successful investigations
    • Make inferences and reasoning modes
    • Avoid cognitive biases

 

  • Cyber threat intelligence in action
    • Report findings and reporting
    • Relate geopolitical context with cyber security events
    • Use indicators for network detection
    • Match malware samples with YARA

Learning outcomes

  • Understand the definition and usage of cyber threat intelligence
  • Understand the differences between threat data and threat intelligence
  • Design a cyber-threat intelligence platform
  • Create structured analytical techniques, perform detection, respond and defeat targeted threats
  • Validate information received to minimize the costs of bad intelligence

Prerequisites

  • Foundational knowledge of IP network and TCP/IP protocols
  • Foundational knowledge of Windows operating systems
  • Foundational knowledge of UNIX/Linux operating systems
  • Foundational knowledge of security Information and Event Management (SIEM) Systems
  • Foundational knowledge of forensics incident response and digital concepts
  • Foundational knowledge of incident response and digital reverse engineering
  • Further to the above knowledge, recommended pre-requisites are to attend the (CNT1201) SIEM implementation & deployment and the (CNT1202) IDS/IPS deployment and operations courses before this course

Duration

  • 4 Days
DOWNLOAD COURSE