FOR578: Cyber Threat Intelligence
About This Course
Cyber threat intelligence represents a force multiplier for organizations looking to update their response and detection programs to deal with increasingly sophisticated advanced persistent threats. Malware is an adversary's tool but the real threat is the human one, and cyber threat intelligence focuses on countering those flexible and persistent human threats with empowered and trained human defenders. During a targeted attack, an organization needs a top-notch and cutting-edge threat hunting or incident response team armed with the threat intelligence necessary to understand how adversaries operate and to counter the threat. FOR578: Cyber Threat Intelligence will train you and your team in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to make security teams better, threat hunting more accurate, incident response more effective, and organizations more aware of the evolving threat landscape.
What You'll Learn
- Develop analysis skills to better comprehend, synthesize, and leverage complex scenarios
- Identify and create intelligence requirements through practices such as threat modeling
- Understand and develop skills in tactical, operational, and strategic-level threat intelligence
- Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
- Learn the different sources to collect adversary data and how to exploit and pivot off of those data
- Validate information received externally to minimize the costs of bad intelligence
- Create Indicators of Compromise (IOCs) in formats such as YARA and STIX/TAXII
- Understand and exploit adversary tactics, techniques, and procedures, and leverage frameworks such as the Kill Chain, Diamond Model, and MITRE ATT&CK
- Establish structured analytical techniques to be successful in any security role
Entry Requirements
FOR578 is a good course for anyone who has had security training or prior experience in the field. Students should be comfortable with using the command line in Linux for a few labs (though a walkthrough is provided) and be familiar with security terminology.
Courses that lead into FOR578 include:
SEC401 - Security Essentials Bootcamp Style
SEC511 - Continuous Monitoring and Security Operations
FOR508 - Advanced Digital Forensics, Incident Response & Threat Hunting
FOR572 - Advanced Network Forensics
FOR526 - Memory Forensics In-Depth
FOR610 - REM: Malware Analysis
ICS515 - ICS Active Defense and Incident Response
Students who have not taken any of the above courses but have real-world experience or have attended other security training will be comfortable in the course. There are no minimum entry requirements for years of experience in the domain, education level or age group; but participants should possess the relevant prerequisite skills mentioned above.