Thinking Behind Enemy Lines – Actionable Threat Intelligence Tools and Technique

Course Description

Security has long ago become more than just malware reverse engineering. To defend your organization, you need to analyze your adversary’s intent, opportunities and capabilities. The tools and skills needed are not only of deep technical nature, but also require one to leverage available intelligence and counterintelligence information and know how to make the most of it.

To become a good intelligence analyst, you need to acquire a different way of thinking – an analytical mindset, which requires getting acquainted with field proven intelligence techniques and methodologies. These will serve as the basis for doing your daily analysis tasks in a much more productive and sophisticated way.

In this course, which will include both lectures and hands on training, we will learn how to look beyond the malware itself in order to dig information on the infrastructure and actor behind it. We will understand the adversary’s intents, way of thinking and the risk it poses against our threat model, to develop the best protections and mitigations. We will get familiarized with tools for gaining insight into attacker’s workflow and learn how to integrate those into the organization.  The students will be capable to go back to their organization and immediately start utilizing the lessons learned to proactively defend their network.

Course contents

  • Introduction to Cyber Threat Intelligence and CTI Models
  • The intelligence process
  • The cybercrime eco systems
  • Advanced searching and Google hacking
  • Data collection and sources
  • Data sharing tools
  • Leveraging DNS for threat intelligence
  • The Malware Information Sharing Platform
  • Honeypots, malware labs and other tools
  • Introduction to attribution

Target audience

  • Network analysts and defenders
  • SOC analysts
  • Incident responders
  • Anyone who is interested in learning a new skillset that will allow them to get ahead of their adversaries


  • Basic scripting (bash/python)
  • Understanding of malware and networking

Hardware/Software Requirements

  • Laptop capable of running VMs

Trainer Biography

Irena Damsky is the founder of – CTI Research, Training and Consulting. She is a security and intelligence researcher and developer based in Israel. Her focus is on threat intelligence, networking, malware & data analysis and taking out bad guys as she is running the company and provides the different services.

Prior to starting, Irena held different roles in the industry from ranging from Threat intelligence leader to VP of Security Research and served over six years in the Israeli Intelligence Forces, where she now holds the rank of Captain in the Reserve Service. She is a frequent speaker at security events, holds a BSc and MSc in Computer Science, and is fluent in English, Russian, and Hebrew.


Twitter: @DamskyIrena