TIA-810 Advanced Cyber Threat Intelligence

Taught by the "Godfather of Threat Intelligence," students at all levels learn how to produce, consume, use, and evaluate threat intelligence across all cybersecurity operations roles like analysts, pen testers, incident responders.

Purchase Free Preview

About This Course

The "Godfather of Threat Intelligence" delivers the definitive course on Cyber Threat Intelligence. Ready for the equivalent of a Masters Degree in Threat Intelligence?

The course uses real-world "war stories" from hunting, analyzing, and disrupting the world's worst cyber threats. With guided reading across various of domains including military, psychology, history, communication, and technology, this course will impart wisdom and lessons learned from a career in the trenches.

This multi-month 800-level course requires deep and comprehensive examination of the questions, challenges, and opportunities in Cyber Threat Intelligence. This course will not only create an experienced intelligence practitioner but those ready to lead and build threat intelligence practices themselves.

This course is for those wanting to become a principal-level analyst and leader in cyber threat intelligence. As described by course students, it would be best to consider this course a "Masters Degree in Threat Intelligence."

This course is currently under development and new material is released when it is ready. The price provides students a discount based on this fact. After completion the course price will increase.

Who Should Take This Course?

Cybersecurity practitioners or students who want to learn how to apply Threat Intelligence to their domain
Existing Threat Intelligence professionals who want to dive deeper into tradecraft and practice
Anyone who wants to start or expand their career into Threat Intelligence and intrusion analysis.

Learning Objectives

Find, evaluate, and integrate threat intelligence sources which measurably improve defense
Produce world-class threat intelligence from public and private data sources
Use wisdom and lessons from both modern and ancient case studies to apply elements of intelligence across cybersecurity
Disseminate threat intelligence and threat findings so decision-makers pay attention and take action
Apply traditional and modern models including the Diamond Model, Cyber Kill Chain, F3EAD, the Intelligence Cycle, OODA, MITRE ATT&CK and others
Hunt for previously unknown threats
Logically assess and criticize threat intelligence from any source and improve your own
Associate and attribute cyber threats to adversaries and other groups

Time Commitment

This course will require likely 6+ months of investment including readings, research, exercises, lecture, and exams. It is taught in a traditional graduate-school style using readings and lectures to bring the student along in the knowledge journey. This course is not a "40 hour firehose" but instead designed to instill lifelong knowledge and understanding.

Outcome

The course concludes with a rigorous final exam requiring a 70% or better passing grade. A passing grade will result in certifying the student in Threat Intelligence and an associated certificate.

The course material and exam is available to students for 1 year from course enrollment.

Ready to Try for Free?

Enroll in a free trial of TIA-810 Advanced Cyber Threat Intelligence and receive free lessons

Start Free Trial

Instructor

Lead Instructor Sergio Caltagirone

Sergio Caltagirone has been called the "Godfather of Threat Intelligence" having built over a dozen threat intelligence teams in both public and private sector and leading the development of threat intelligence worldwide with hundreds of publications and presentations. He co-created the Diamond Model of Intrusion Analysis, helping thousands of others bring more pain to adversaries by strengthening hunters and analysts. He spent 9 years at the US National Security Agency as their lead threat intelligence analyst hunting and tracking the world's most sophisticated threats. He left NSA to build Microsoft's threat intelligence capability and practice protecting over 1 billion customers from cyber threats. Later, Sergio built and led the world's only dedicated industrial control system threat intelligence team at Dragos protecting electric power grids, water systems, oil and gas plants, and manufacturing worldwide. He furthers several humanitarian goals through membership on the International Committee of the Red Cross cybersecurity experts committee and serving as Technical Director for the Global Emancipation Network combating human trafficking on the internet globally.

Course curriculum

1. Welcome to the Threat Intelligence Academy
  FREE PREVIEW
2. Welcome, From Your Instructor
  FREE PREVIEW
3. Necessary Resources
  FREE PREVIEW
4. About This Course
  FREE PREVIEW
5. CTI Initial Student Survey
1. Overview
  FREE PREVIEW
2. Traditional Intelligence
3. Optional: Read pages 541-581 and of the Arthashastra
4. Optional: Read "The Intelligence Dimension of Kautilyan Statecraft and Its Implications for the Present" by Dany Shoham and Michael Liebig
5. READ: "Art of War XIII: The Use of Spies" by Sun Tzu
6. Optional: Read Kim by Rudyard Kipling
7. Read: "The Craft of Intelligence" by Allen Dulles pages 1-47 (Introduction and History
8. Read: "The Origins of Modern Intelligence, Surveillance, and Reconnaissance" by Finnegan 2009
9. Optional: Read Tinker, Tailor, Soldier, Spy by John le Carré
10. Intelligence Tradecraft
11. Optional: "Intelligence in War It Can Be Decisive" by Gregory Elder 2006
12. READ: "Successful Leaders Employ Strategic Intelligence" by Maccoby 2001
13. Intelligence Uses
14. Optional: Read "Clausewitz's Contempt for Intelligence" by Rosello 1991
15. Optional: Read "The Joint Intelligence Process" pp. I-5 through I-22 in Joint Publication 2-0 "Joint Intelligence"
16. READ "Intelligence Concepts — The Intelligence Cycle" by Scott Roberts
17. READ: Intelligence-Driven Incident Response pp. 17-22 "Intelligence Cycle"
18. The Intelligence Cycle
19. READ: Source and Information Reliability
20. READ: Intelligence-Driven Incident Response "Sources and Methods" pp 11-13
21. READ: ELINT
22. READ: FM 2-22.3 Appendix B Pages 285-286 "Source and Information Reliability Matrix"
23. Intelligence Sources
24. Intelligence Coordination
25. Defining Cyber Threat Intelligence
26. History of Cyber Threat Intelligence
27. OPTIONAL: Read "Computer Security Threat Monitoring and Surveillance" by James Anderson 1980
28. WATCH: The World's First Cyber Crime: The Morris Worm
29. WATCH: The KGB, the Computer and Me
30. READ: "An Evening with Berferd" by Bill Cheswick 1991
31. WATCH: Tsutomu Shimomura Interview
32. WATCH: Back to the Future - Moonlight Maze
33. READ: "The Invasion of the Chinese Cyberspies" by Nathan Thornburgh via Time Magazine 2005
34. WATCH: Cracking Stuxnet, a 21st-century Cyber Weapon by Ralph Langer via TED
35. READ: Mandiant's APT1 Report
36. WATCH: Mandiant APT1 China Hackers Report with Richard Bejtlich 2013
37. Analyzing the Historic Mandiant APT1 Report
38. CTI Introduction Quiz
1. READ: Intelligence-Driven Incident Response Chapters 1-5
2. Threat Naming Intro
3. Cyber Threat Actors
4. READ: Private Threat Actors for Hire
5. Cyber Threat Actor Motivations Part 1
6. Read: Florentine Banker Group
7. WATCH: The World's First Cyber Crime The Morris Worm
8. Watch: John Draper Explain the Captain Crunch Whistle Phreaking
9. Cyber Threat Motivations Part 2
10. READ: Double Dragon APT41, a dual espionage and cyber crime operation
11. Watch: Syrian Electronic Army Their Methods and Your Responses
12. False Flags, Covert and Clandestine Cyber Operations
13. READ: Russian Hacker False Flags Work—Even After They're Exposed by Andy Greenberg via Wired
14. Insider Threats
15. Read: The Insider Threat - An introduction to detecting and deterring an insider spy
16. Read: Ten Tales of Betrayal The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations
17. Read: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
18. Diamond Model of Intrusion Analysis Overview
19. Diamond Model Details
20. Read: Diamond Model of Intrusion Analysis Paper
21. Cyber Kill Chain
22. Read: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains
23. Watch: Using An Expanded Cyber Kill Chain Model to Increase Attack Resiliency
24. MITRE ATT&CK
25. Read: MITRE ATT&CK Design and Philosophy
26. Watch: Putting MITRE ATT&CK™ into Action with What You Have, Where You Are presented by Katie Nickels
27. Preparation
28. Read: RECONNAISSANCE A Walkthrough of the “APT” Intelligence Gathering Process by Rotem Kerner
29. Initial Phases Part 1
30. Initial Phases Part 2
31. READ: Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results by Ned Moran and Steven Adair 2018.
32. Read: BREAKING TRUST Shades of Crisis Across an Insecure Software Supply Chain
33. Read: Reflection on Trusting Trust by Ken Thompson
34. READ: Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record
35. Operational Phases
36. WATCH: Attack Tutorial Pass-the-Hash Attack Using Mimikatz
37. READ: Hiding in Plain Sight - Fireeye and Microsoft Expose Obfuscation Tactic
38. Watch: TEMPEST BBC report on Van Eck Phreaking
39. Action Phases
40. Watch: Ransomware
41. Exercise: Analyzing an Enterprise Cyber Incident
42. Industrial Control System (ICS) Attacks
43. Industrial Control System (ICS) Attacks Part 2
44. Watch: The Stuxnet Story: What really happened at Natanz
45. WATCH: Mike Assante - Analysis of the Attack on the Ukrainian Power Grid
46. WATCH: Hackers Manipulate Controls at Electric Distribution Substation in Ukraine 2015
47. CTI Chapter 3 Quiz
1. Threat Intelligence Customers
2. Mission and Risk Analysis for Intelligence Analysts
3. READ: ISO31000:2018 Risk Management
4. READ ISO 31010:2019 Risk Assessment Techniques
5. Requirements Gathering
6. Read: A Fresh Look at Intelligence Requirements by Clyde R. Heffter (1995)
7. Turning Requirements into Hypotheses
8. Exercise: Turning Requirements into Hypotheses
9. Customer Cohesion
10. Read "Getting to Know the President" [3rd ed] Intelligence Briefings of Presidential Candidates 1952-2012 (About the PDB Process)
11. CTI Live! Managing Customer Requests for Information (RFI)
12. CTI Customers, Requirements, and Direction Quiz
1. Read: "The Craft of Intelligence" by Allen Dulles pages 47-83 (Requirements, Collection)
2. Threat Intelligence Data
3. Fourth Party Collection Resources
4. OSINT Part 1
5. What is TOR, Onion Routing, and the Dark Web?
6. Dark Web Introduction
7. Dark Web Demonstration
8. Exercise: Visiting the Dark web for Ransomware
9. OSINT Part 2
10. RecordedFuture Demonstration
11. WATCH: Cognitive Bias and Critical Thinking in Open Source Intelligence (OSINT)
12. How to Use Shodan
13. Ransomware Criminal Data Leak Sites
14. Google Dorking
15. Honeypots and Deception
16. Recommended: Intrusion Detection Honeypots by Chris Sanders
17. Internal Collection
18. WATCH: Guide to key Windows 10 event logs you need to monitor
19. WATCH: Event Viewer & Windows Logs
20. WATCH: Windows Forensics - Event Trace Logs
21. Additional Windows Host Security Resources
22. Optional: Read Detecting and Analyzing Network Threats With NetFlow by Cisco
23. WATCH: Anti-Forensics for Fun and Privacy by Alissa Gilbert
24. Exercise: Read and Respond, Using Incident Response Reports in Threat Intelligence Collection
25. Metadata for Improved Forensics
26. Malicious Capability (Malware) Collection
27. Watch: Basic Static Malware Analysis
28. Watch: Dynamic Malware Analysis
29. Optional: Advanced Virus Total Tutorial
30. Recommended Malware Analysis Resources
31. Internet Infrastructure Collection
32. Watch: Threat Hunting with Netflow by Austin Whisnant
33. READ: Chapter 1 pages 1-16 of "Network Traffic Analysis with SiLK" by CMU-SEI
34. Read: Investigating Infrastructure Links with Passive DNS and Whois Data by Citizen Lab
35. Watch: A Case Study in Pivoting Using Passive DNS and Full PCAP
36. Watch: Dropping Docs on Darknets: How People Got Caught by Adrian Crenshaw
37. Download Resource: Collection Resources
38. Exercise: Finding Badness Online
39. Building a Collection Strategy
40. Data Storage and Processing
41. Challenges and Issues in Collection and Processing
42. READ: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection by Ptacek and Newsham
43. CTI Collection and Processing Quiz
44. CTI Live! Threat Intelligence During a Major Event: Solar Winds Case Study
1. Introduction
  FREE PREVIEW
2. Read: "What if Sherman Kent was Wrong" by Zachery Tyson Brown
  FREE PREVIEW
3. Kent Introduction
  FREE PREVIEW
4. Read: Prologue and Chapter 1 of Strategic Analysis for American World Policy by Sherman Kent (Annotated)
  FREE PREVIEW
5. Video Lesson: Strategic Intelligence Preface
  FREE PREVIEW
6. Video Lesson: Strategic Intelligence Chapter 1
7. Read: Chapters 2-4 of Strategic Analysis for American World Policy by Sherman Kent (Annotated)
8. Video Lesson: Strategic Intelligence Chapters 2-4
9. Read: Chapter 5 of Strategic Analysis for American World Policy by Sherman Kent (Annotated)
10. Video Lesson: Strategic Intelligence Chapter 5
11. Read: Chapter 6 of Strategic Analysis for American World Policy by Sherman Kent (Annotated)
12. Video Lesson: Strategic Intelligence Chapter 6
13. Read: Chapter 7 of Strategic Analysis for American World Policy by Sherman Kent (Annotated)
14. Video Lesson: Strategic Intelligence Chapter 7
15. Read: Chapter 8 of Strategic Analysis for American World Policy by Sherman Kent (Annotated)
16. Video Lesson: Strategic Intelligence Chapter 8
17. Read: Chapter 9 of Strategic Analysis for American World Policy by Sherman Kent (Annotated)
18. Video Lesson: Strategic Intelligence Chapter 9
19. Read: Chapter 10 Strategic Analysis for American World Policy by Sherman Kent (Annotated)
20. Video Lesson: Strategic Intelligence Chapter 10
21. Read: Chapter 11 of Strategic Analysis for American World Policy by Sherman Kent (Annotated)
22. Video Lesson: Strategic Intelligence Chapter 11
23. Read: "The Function of Intelligence" by Willmore Kendall (Annotated)
24. Kent vs. Kendall
25. Read: "The Kent-Kendall Debate of 1949" by Jack Davis
26. Optional: A Policymaker's Perspective on Intelligence Analysis by Jack Davis
27. Conclusion: Applying Kent and Kendall to Modern Cyber Threat Intelligence
1. Read: "The Craft of Intelligence by Allen Dulles" pages 83-218
  FREE PREVIEW
1. Read: "The Psychology of Intelligence Analysis" by Richards Heuer
  FREE PREVIEW
1. Introduction to Analysis
2. Optional: The Myth of Cassandra
3. Logic for Intelligence Analysis: Deduction
4. CTI Analysis:Deduction Quiz
5. Exercise: Identifying and Evaluation Deductive Threat Intel Arguments
6. Logic for Intelligence Analysts: Induction Part 1
7. Logic for Intelligence Analysts: Induction Part 2 "Anomalies, Bayesian Analysis, and Falsifiability"
8. Optional: Read Karl Popper's Conjectures and Refutations Chapter 10 "THE GROWTH OF KNOWLEDGE: THEORIES AND PROBLEMS"
9. Logic for Intelligence Analysis: Induction Part 3 "Necessary/Sufficient and Induction Arguments"
10. Optional: Watch "Necessary and Sufficient" from CUNY
11. Logic for Intelligence Analysis: Induction Part 4 "Causation and Mill's Methods"
12. Optional: Watch "Mills Methods" from CUNY
13. Optional: Read John Stuart Mill's System of Logic
14. CTI Analysis:Induction Quiz
15. WATCH: Can you HEAR Stuxnet damaging centrifuges at Natanz? By Langer Group
16. Logic for Intelligence Analysis: Abduction
17. Abduction Quiz
18. Using and Combining Different Reasoning Approaches in Threat Intelligence
19. Quick Guide: Using Reasoning in Intelligence
20. Introducing Problems in Analytic Thinking
21. Bias
22. READ: Tale of Two Cybers, How Threat Reporting by Cybersecurity Firms Systematically Underrepresents Threats to Civil Society
  FREE PREVIEW
23. Read: Why Malware Numbers Don't Matter and Security Accounting
24. Case Study: PIPEDREAM
25. Case Study: Popping Eagle
26. Case Study: Operation Pawn Storm
27. Cognitive Biases
28. Read: Framing Effect in Cybersecurity Choices
29. Additional External Bias Resources
30. Logical Fallacies
31. Quiz: Intelligence Fallacies
32. Additional Logical Fallacy Resources
33. Quiz: Find the Fallacy
34. READ: CART - 4 Qualities of Good Threat Intelligence
35. Introduction to Threat Intelligence Quality
36. Read: Analysis, War, and Decision Why Intelligence Failures are Inevitable by Richard Betts 1979
37. READ: Evaluating the Quality of Intelligence Analysis by Marrin 2012
38. Threat Intelligence Quality: Part 2 - Betts and Intelligence Failures
39. READ: Judgment under Uncertainty: Heuristics and Biases by Amos Tversky; Daniel Kahneman 1974
40. Read: Risk, Ambiguity, and the Savage Axioms by Daniel Ellsberg 1961
41. Words of Estimative Probability by Sherman Kent unclassified and released by CIA in 1993
42. READ: ICD 203 Analytic Standards for the US Intelligence Community
43. Threat Intelligence Quality: Part 3 - Marrin
44. Threat Intelligence Confidence
45. Hypothesis-Driven Analysis
46. OPTIONAL Re-Read Diamond Model of Intrusion Analysis
47. Integrating Diamond Model, Kill Chain, and MITRE ATT&CK to Generate and Test Analytic Hypotheses
48. CTI Mapping
49. CTI Mapping How-to Handout
50. Exercise: Map Attack and Generate Hypotheses
51. CTI Analysis Quiz
1. Thinking Fast and Slow by Daniel Kahneman
2. Optional: Prospect Theory An Analysis of Decision Under Risk
3. Optional: Choices, Values, and Frames
4. Thinking, Fast, and Slow: A CIA Review
5. Chapters 1-4
6. Chapters 5-11
7. Chapters 12-21
8. Chapters 22-28
9. Chapters 29-35
10. Chapters 36-End
1. READ: The Digital Forensics Cyber Exchange Principle 2013-04-22 by Ken Zatyko and Dr. John Bay
2. READ: What to Include in a Malware Analysis Report by Lenny Zeltzer
3. WATCH: Who Maed Dis - A Beginners Guide to Malware Provenance Based on Compiler Type by Lucien Brule
4. Optional: Hashing vs Encryption
5. Optional: Various Malware Hash Types Compared
6. Exercise: Find and Gather Some Malware Reports
7. Exercise: Comparing Malware Reports on the Same Malware
1. Recommended Books on Structured Analytic Techniques
2. Read: A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis by CIA
3. Read: Assessing the Value of Structured Analytic Techniques in the U.S. Intelligence Community
4. Structured Analysis Techniques: Introduction
5. SAT: Clustered Brainstorming and Key Assumptions Checks
6. Read: Psychology of Intelligence Analysis Chapter 8 (ACH) by Richards Heuer
7. SAT: Alternative Competing Hypotheses
8. ACH Tools and Capabilities
9. Read: Midway Revisited: Detecting Deception by Analysis of Competing Hypothesis by Frank J. Stech and Christopher Elsässer
10. Read: The “Analysis of Competing Hypotheses” in Intelligence Analysis by Mandeep K. Dhami, Ian K. Belton, David R. Mandel
11. Read: Wannacry, An Analysis of Competing Hypotheses
12. Denial and Deception
13. Read: Strategic Deception and Counter-deception: A Cognitive Process Approach by Richards J. Heuer
14. Read: Russian Hacker False Flags Work - Even After They're Exposed by Andy Greenberg at WIRED
15. Read: Toward a Counter-deception Tradecraft by Michael Bennett and Edward Waltz
16. Optional: Counter-deception Principles and Applications for National Security by Michael Bennett and Edward Waltz
17. Read: Deception Detection by Laura Zimmerman
18. Read: The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History by Andy Greenberg via WIRED
19. Reframing Techniques
20. Read: Integrating Methodologists into Teams of Substantive Experts - New Lessons by Rob Johnston
21. Read: Performing a Project Premortem by Klein, Harvard Business Review
22. Tool: Atlassian Team Pre-Mortem Playbook
23. Read: Inside the CIA Red Cell
24. Forecasting the Future: Foresight, Predictions, Indications and Warnings
25. Optional: Read "The Paradox of Human Expertise: Why Experts Get It Wrong" by Itiel E. Dror
26. Optional: Read Developing Expert Political Judgment: The Impact of Training and Practice on Judgmental Accuracy in Geopolitical Forecasting Tournaments
27. Read: Superforecasting - The Art and Science of Prediction by Phillip E. Tetlock
28. Read: Beyond Attribution Seeking Responsibility for Cyber Attacks by Jason Healey
29. Read: Attribution is not Transitive by Robert M Lee
30. Read: The Purposes of U.S. Government Public Cyber Attribution by Jon Bateman
31. Read: Conceptualizing a Continuum of Cyber Threat Attribution by Joe Slowik
32. Introduction to Attribution
33. Reasons to Attribute Cyber Threats
34. Read: Attributing Cyber Attacks by Thomas Rid and Ben Buchanan 2015
35. Watch: Attributing Active Measures by Thomas Rid
36. Watch: A Brief History of Attribution Mistakes by Sarah Jones
37. Exercise: Exploring Attribution
38. Creating and Managing Activity Groups, Threat Groups, and Intrusion Sets
39. Documenting and Managing Analysis
40. Exercise: Documenting Analysis Using MISP
41. Integrating External Threat Intelligence
42. Evaluating External Threat Intelligence
43. Case Study: Validating an FBI FLASH Report
44. Ethics for Analysts
1. Classification, Protection, and TLP
2. Dissemination
3. Writing for Analysts
4. Presentation for Analysts
5. Intelligence for Architecture and Visibility
6. Intelligence for Policy and Compliance
7. Intelligence for Risk Analysis
8. Intelligence for Threat Modeling
9. Intelligence for Security Operations
10. Intelligence for Detection
11. WATCH: Threat Indications and Warning in Principle & Practice
12. Intelligence for Threat Hunting
13. Exercise: Build a Visibility and Detection Strategy
14. Intelligence for Incident Response
15. Disrupting Cyber Threats
16. Exercise: Build Disruption Plan
17. Intelligence for Executives
18. READ: The President's Daily Brief: Delivering Intelligence to Nixon and Ford
19. Working with Press and Journalists
20. Measuring Success
21. Gathering and Using Customer Feedback
22. Test your learning
1. Intelligence Maturity Scale
2. Collaboration and Sharing
3. Building an Intelligence Function and Team
4. Legal Considerations in Threat Intelligence
5. Optional: Read "Can Private Sector Intelligence Benefit from U.S. Intelligence Community Analytic Standards?" By Dorothea Gioe, Jeremy Parkhurst, and David V. Gioe
6. Selecting an Intelligence Vendor
7. Exercise: Evaluate and Select an Intelligence Vendor
8. CTI Building and Growing Intel Function Quiz
1. Congrats! Here's what's next...
2. More resources for you
3. Before you go...

About this course

$3,999.00
320 lessons
51.5 hours of video content

Want to get updates about this course?

Materials

This course requires some external resources for the student to obtain prior to starting the course.

Required

These resources are required for the student to obtain for completion of the course.

Intelligence-Driven Incident Response by Scott Roberts and Rebekah Brown

Threat Intelligence and Me by Robert M. Lee

Threat Intelligence Handbook, 2nd ed. by Recorded Future (Free download)

Recommended

These resources are highly recommended by the instructor but not necessary.

Tinker, Tailor, Soldier, Spy by John le Carré

Red Team: How to Succeed by Thinking Like the Enemy by Micah Zenko