Course Description
The Paralus Technical Cyber Threat Intelligence (CTI) plus Detection Engineering and Threat Hunting (DE&TH) training is designed to be an intensive and technical introduction to these security concepts. By working through topics in a rapid, focused nature, students will quickly gain familiarity with core principles behind CTI work and how this applies to and informs subsequent DE&TH operations.
This course is designed to be highly interactive and conversational, with opportunities to test out and explore concepts within the material to ensure the greatest possible immersion into critical CTI and DE&TH ideas. Building on a foundation of core CTI concepts, attendees will then work towards immediate applications of CTI research across DE&TH deliverables, including proper development mechanisms within detection engineering and hypothesis development and testing for threat hunting.
Course contents
- Session One: Intelligence Fundamentals
- Meaning & Purpose of Intelligence
- CTI & Outcomes ●
- Session Two: Technical Intelligence & Operational Applications
- Understanding Intelligence Artifacts & Observables
- Indicators & Indicators of Compromise
- CTI Purpose & Alignment with Operations
- Session Three: Intelligence-Driven Detection Engineering
- Understanding Detection Engineering
- Intelligence Support to Detection Engineering Functions
- Evaluating Efficacy, Coverage, & Gaps
- Session Four: Intelligence-Driven Threat Hunting
- Understanding Threat Hunting
- Threat Hunting Hypothesis Formulation & Development
- Internal & External Threat Hunting
- Threat Hunting Outcomes & Deliverables
Who should take this course?
Requirements
Hardware/Software Requirements
Students should bring:
- Computer for following along with materials and taking notes is preferable.
- Computer with capability of running virtualized environments for sample analysis is possible, but not necessary.
- Access to any of the following tools is preferable, but not necessary: VirusTotal, DomainTools, SilentPush, Censys.io, Hunt.io, URLScan, or similar
Trainer Biography
Joe Slowik has over 15 years of experience across multiple domains of information security and cyber operations. Joe currently leads threat intelligence functions for the MITRE ATT&CK project while also performing critical infrastructure threat analysis and research for the MITRE Corporation. Previously, Joe has worked in various roles in threat intelligence, detection engineering, threat hunting, and incident response across organizations such as Dragos, DomainTools, Huntress, Los Alamos National Laboratory, and the US Navy. In addition to the above, Joe also maintains an active training and consulting practice through his organization, Paralus LLC, focusing on applied threat intelligence, operational technology security, and threat-focused security planning.
Twitter: @jfslowik