๐ก๏ธ Cyber Threat Intelligence (CTI)
๐ What is Cyber Threat Intelligence?
Cyber Threat Intelligence (CTI) involves the collection, analysis, and sharing of information about threats to an organizationโs digital assets.
CTI helps security teams proactively detect, prevent, and respond to attacks by understanding threat actors, their tactics, techniques, and procedures (TTPs).
๐ Modules Completed
- Intro to Cyber Threat Intel
- Threat Intelligence Tools
- Yara
- OpenCTI
- MISP
- Friday Overtime
- Trooper
๐ฏ Skills Gained
- Developing and applying YARA rules to detect malware and IOCs
- Aggregating and analyzing threat intelligence using MISP
- Tracking threat actor TTPs and campaigns with OpenCTI
- Investigating cyber incidents using structured intelligence workflows
- Leveraging threat intel tools to improve detection and response
- Reporting actionable intelligence to strengthen organizational defenses
๐ Case Studies
-
YARA Threat Detection
Created and applied YARA rules to detect malware patterns and indicators of compromise.
Read Full Case Study โ -
MISP Intelligence Analysis
Leveraged MISP to aggregate threat intelligence and analyze correlations between incidents.
Read Full Case Study โ -
OpenCTI Threat Investigation
Tracked threat actor TTPs using OpenCTI, identifying actionable intelligence for defense.
Read Full Case Study โ
โ Lessons Learned
- YARA rules are essential for automated detection of malware and malicious activity.
- MISP allows for centralized threat intelligence management and correlation between incidents.
- OpenCTI helps visualize threat actor campaigns and identify trends.
- Combining tools and intelligence sources improves incident detection and proactive defense.
- Structured intelligence workflows ensure actionable, accurate, and timely insights for SOC teams.
๐ Navigation
- Back to Portfolio Home