Back to All Events

Hunting the Adversary: Applying Cyber Threat Intelligence


DOJO Schedule and Details

There is ONE offering of this 2-Day dojo.

  • March 16 - 17 (Saturday to Sunday), 2024

    Available as In-Person or On-Line Training

 

Course Abstract

Traditional security defence tools are increasingly unable to protect against emerging and current attacks. The modern attacker has adopted advanced tools and techniques that are unable to be stopped with traditional firewalls, intrusion detection and anti-virus. Meanwhile, dedicated attackers are attempting intrusions over months and years while going undetected to steal valuable information, trade secrets and financial information. Defence techniques that leverage information about attackers and their techniques, however, provide the ability to greatly enhance the security of an organization.

Modern defences can integrate intelligence and counterintelligence information which greatly increases the ability to keep attackers out and to detect their presence quickly. This course will teach students about the tools they can use to gain insight into attackers and to integrate them into their organization. This course will be a mix of lecture and hands-on training so students will be equipped on day one to go back to their work and start using threat intelligence to protect their networks.

 

Course Pre-requisites

  • Basic scripting (bash or python)

  • Understanding of reverse engineering malware and sandboxing,

  • Understanding of networking and DNS.

 

Course Learning Objectives

  • Gain a clear understanding of what threat intelligence in cybersecurity entails, including its key concepts, terminologies, and the importance of threat intelligence in the current cybersecurity landscape.

  • Gain hands-on experience with various threat intelligence tools and platforms.

  • Understand how to apply these tools in real-world scenarios to detect, analyze, and mitigate threats.

  • Understand the role of threat intelligence in incident response and security operations center (SOC) functions.

  • Foster critical thinking abilities to assess the credibility, relevance, and urgency of intelligence information.

  • Analyze real-world case studies to understand the application and impact of threat intelligence in mitigating cyber incidents.

  • Understand the importance of collaboration and information sharing within the threat intelligence community.

 

Who Should Attend

Investigators, network defenders, incident responders and anyone interested in how to use intelligence to get ahead of the adversary.

 

Course Agenda

  • Critical Thinking, ACH and Threat Intelligence Models

  • Intelligence Sharing Mechanisms

  • Open Source Intelligence Gathering, Tools and Sources

  • The Collective Intelligence Framework

  • Malware Information Sharing Platform

  • Yara Primer for Threat Intelligence

  • Malware Surveillance Techniques

  • Creating and Deriving Intelligence Data

  • Identifying Adversarial Weaknesses and Disruption Operations

  • Defensive and Offensive Deception Techniques

 

Hardware Requirements

  • A notebook with internet access

 

Software Requirements

  • SSH client able to access provided AWS images

 

Included Course Materials

  • Course materials in PDFs

  • All required additional files: source code, documentation, installation binaries

 

John Bambenek

John Bambenek is President of Bambenek Labs and a handler with the SANS Internet Storm Centre. He has over 25 years experience in Information Security and leads several International investigative efforts tracking cybercriminals - some of which have lead to high profile arrests and legal action. He currently tracks neonazi fundraising via cryptocurrency and publishes that online to twitter and has other monitoring solutions for cryptocurrency activity. He specializes in disruptive activities designed to greatly diminish the effectiveness of online criminal operations. He has produced some of the largest bodies of open-source intelligence, used by thousands of entities across the world. He is currently finishing his PhD in cybersecurity machine learning at the University of Illinois at Urbana-Champaign.

 
 
Previous
Previous
March 16

Attacking Hybrid Multi-Cloud Environment

Next
Next
March 16

C/C++ Implementation Vulnerabilities Part 1