Cyber Threat Intelligence

Learn Cyber Threat Intelligence | Hands-on experience | Elevate your career to the next level

What you'll learn

Understand typical behavior patterns of adversaries, enabling you to predict and mitigate potential security breaches.

Learn to effectively identify and analyze a wide range of cyber threats and to enable threat-informed defenses.

Comprehensive Understanding of MITRE ATT&CK

Explore industry best practices around CTI

Requirements

Willingness to learn cool stuff!

Basic IT Knowledge

Description

Cyber Threat Intelligence (CTI) by Christopher Nett is a meticulously organized Udemy course designed for IT professionals aiming to master CTI to empower threat-informed defenses. This course systematically guides you from the basis to advanced concepts of CTI.By mastering CTI, you're developing expertise in essential topics in today's cybersecurity landscape. Through this course, you'll develop expertise in CTI, a comprehensive topic widely recognized for understanding tactics, techniques and procedures of adversaries and defending against cyber threats. This deep dive into CTI equips you with the skills necessary for a cutting-edge career in cybersecurity.Key Benefits for you:SOC Basics: Understand the foundational structures of Security Operations Centers and their role in cybersecurity.Azure Basics: Gain essential knowledge of Microsoft Azure's infrastructure.Zero Trust Basics: Learn the principles of the Zero Trust security model.Intelligence: Explore the methods of collecting and analyzing data to predict and prevent threats.CTI: Delve into the core techniques of Cyber Threat Intelligence to identify potential threats before they impact.CTI Related Frameworks: Discover various frameworks that enhance the effectiveness of CTI  processes.MITRE ATT&CK: Study this globally-accessible knowledge base of adversary tactics and techniques.Threat Actors and Advanced Persistent Threats: Identify common adversaries in cyber warfare.CTI Tools: Get hands-on experience with the tools that professionals use for CTI gathering and analysis.CTI Platforms: Familiarize yourself with platforms specifically designed for managing and operationalizing CTI.AI & CTI: Explore the intersection of Artificial Intelligence and CTI to enhance threat detection.Case Study I - MISP on Azure: Analyze how the MISP threat intelligence platform can be implemented on Azure to manage CTI.Case Study II: Researching APT41 with ATT&CK: Understand the approach to investigating the TTPs of APT41 using the MITRE ATT&CK framework.Case Study III: Leveraging CTI in Microsoft Sentinel: See practical applications of CTI in enhancing Microsoft Sentinel's threat detection capabilities.Case Study IV: Building a CTI Program: Learn from a comprehensive blueprint on setting up a successful CTI program within an organization.

Overview

Section 1: Introduction

Lecture 1 Welcome & About your Instructor

Lecture 2 Course Slides

Lecture 3 IMPORTANT - Basics

Lecture 4 IMPORTANT - Demos

Lecture 5 FAQs

Section 2: Basics - SOC

Lecture 6 Complexity and Cyber Security Challenges

Lecture 7 What is a SOC?

Lecture 8 SOC Model

Lecture 9 Cyber Security Incident Response Process

Lecture 10 EDR, XDR, SIEM & SOAR

Lecture 11 Blue, Red and Purple Teaming

Section 3: Basics - Azure

Lecture 12 Cloud Computing Properties

Lecture 13 Cloud Computing Types

Lecture 14 Azure Global Backbone

Lecture 15 Shared Responsibility Model

Lecture 16 Azure Resource Hierarchy

Lecture 17 Azure Subscription Types

Lecture 18 Entra ID Tenants and Azure Subscriptions

Section 4: Basics - Zero Trust & Microsoft Security

Lecture 19 What is Zero Trust?

Lecture 20 The Microsoft Security Cosmos

Lecture 21 Defending Across Attack Chains

Section 5: Lab Setup - Kali Linux

Lecture 22 Demo: Install VirtualBox

Lecture 23 Demo: Install Kali Linux

Lecture 24 Demo: Configure Kali Keyboard Layout

Section 6: Intelligence

Lecture 25 What is Intelligence?

Lecture 26 Observe, Orient, Decide & Act

Lecture 27 The Intelligence Cycle

Lecture 28 Analysis of Competing Hypotheses (ACH)

Lecture 29 The Traffic Light Protocol (TLP)

Lecture 30 Sources of Intelligence

Lecture 31 Levels of Intelligence

Section 7: Cyber Threat Intelligence (CTI)

Lecture 32 What is CTI?

Lecture 33 Intelligence, Threat Intelligence and Cyber Threat Intelligence

Lecture 34 What is a Threat?

Lecture 35 Threat, Vulnerability & Risk

Lecture 36 Threat-informed Defense

Lecture 37 Tactics, Techniques & Procedures (TTPs)

Lecture 38 IOCs and IOAs

Lecture 39 Indicator Lifecycle

Lecture 40 Pyramid of Pain

Lecture 41 Pivoting

Lecture 42 Threat Hunting

Lecture 43 CTI Sources

Section 8: CTI-Related Frameworks

Lecture 44 Diamond Model

Lecture 45 Lockheed Martin Cyber Kill Chain

Lecture 46 MITRE ATT&CK

Section 9: MITRE ATT&CK

Lecture 47 Mapping ATT&CK to the Pyramid of Pain

Lecture 48 Matrices

Lecture 49 Tactics

Lecture 50 Techniques

Lecture 51 Subtechniques

Lecture 52 Tactics, Techniques & Subtechniques

Lecture 53 Data Sources

Lecture 54 Detections

Lecture 55 Mitigations

Lecture 56 Groups

Lecture 57 Software

Lecture 58 Campaigns

Lecture 59 Relations

Lecture 60 Speaking one language

Lecture 61 Threat-Informed Decision Making

Lecture 62 Demo: Enterprise Matrix

Lecture 63 Demo: ATT&CK Navigator

Lecture 64 Purple Teaming with ATT&CK

Lecture 65 Evolution of ATT&CK

Section 10: Threat Actors and APTs

Lecture 66 Threat Actors: Types & Motivations

Lecture 67 APT: Sandworm & NotPetya

Section 11: CTI Tools

Lecture 68 Demo: whois

Lecture 69 Demo: TheHarvester

Lecture 70 Demo: Spiderfoot

Section 12: CTI Platforms

Lecture 71 Demo: Pulsedive

Lecture 72 Demo: Shodan.io

Lecture 73 Demo: VirusTotal

Section 13: Artificial Intelligence (AI) & CTI

Lecture 74 What is an LLM?

Lecture 75 MITRE ATLAS

Lecture 76 Demo: ChatGPT for CTI

Section 14: Case Study I - MISP on Azure

Lecture 77 Scenario

Lecture 78 Your Free Azure Subscription

Lecture 79 Demo: Install Azure CLI

Lecture 80 Demo: Create a Resource Group

Lecture 81 Demo: Create an Azure Virtual Machine

Lecture 82 Demo: Install MISP on Azure VM

Lecture 83 Demo: MISP

Section 15: Case Study II - Researching APT41 with ATT&CK

Lecture 84 Scenario

Lecture 85 Campaigns & The Groups

Lecture 86 Tactics, Techniques & Subtechniques

Lecture 87 Detections & Mitigations

Lecture 88 Pyramid of Pain for the Campaign

Section 16: Case Study III - Leveraging CTI in Microsoft Sentinel

Lecture 89 Scenario

Lecture 90 What is Microsoft Sentinel?

Lecture 91 Sentinel as SaaS

Lecture 92 Sentinel Architecture

Lecture 93 Deployment Prerequisites

Lecture 94 Azure Log Analytics

Lecture 95 Data Connectors

Lecture 96 Content Hub

Lecture 97 Typical Data Sources for a SIEM

Lecture 98 CTI in Sentinel

Lecture 99 Demo: Create an Azure Subscription

Lecture 100 Demo: Create a Resource Group

Lecture 101 Demo: Create a Log Analytics Workspace

Lecture 102 Demo: Create a Sentinel Workspace

Lecture 103 Sentinel RBAC

Lecture 104 Demo: Sentinel RBAC

Lecture 105 Demo: Sentinel Content Hub

Lecture 106 Demo: Ingesting a Threat Feed into Sentinel

Lecture 107 Demo: Verify Threat Feed log ingestion

Lecture 108 Demo: Ingest Entra ID

Lecture 109 Demo: Verify Entra ID Ingestion

Lecture 110 Demo: CTI in Sentinel

Lecture 111 Demo: ATT&CK in Sentinel

Lecture 112 KQL 101

Lecture 113 Demo: KQL 101

Lecture 114 Demo: Threat Hunting in Sentinel

Lecture 115 Demo: Hunting for Entra ID Events

Lecture 116 Analytic Rules

Lecture 117 Scheduled Rules

Lecture 118 Demo: Scheduled Rules

Lecture 119 NRT Rules

Lecture 120 Demo: NRT Rules

Lecture 121 Threat Intelligence Rules

Lecture 122 Demo: Threat Intelligence Rules

Lecture 123 Playbooks

Lecture 124 Azure Logic Apps

Lecture 125 Demo: Playbooks with ChatGPT

Lecture 126 Notebooks

Lecture 127 Notebooks with MSTICPy

Section 17: Case Study IV - Building a CTI Program

Lecture 128 Scenario & Objectives

Lecture 129 Steps to building the CTI Program

Lecture 130 Define Strategic Goals

Lecture 131 Identify Key Intelligence Requirements

Lecture 132 Establish Processes and Tools

Lecture 133 Intelligence-Driven SecOps and DFIR

Lecture 134 Continuous Improvement

Lecture 135 Conclusion

Section 18: Bonus Section

Lecture 136 Bonus

SOC Analyst,Security Engineer,Security Consultant,Security Architect,Security Manager,CISO,Red Team,Blue Team,Cybersecurity Professional,Ethical Hacker,Penetration Tester,Incident Handler