Security Training ▸ CTI

Cyber Threat Intelligence Training

A methodology to prevent cyber threats

#MISP

#Malware

#Indicator

#MITRE ATT&CK

#YARA

What is Cyber Threat Intelligence Training?

What do we need to protect our organization from cyber threats? It is the ability to collect and analyze the information and data that are related to the adversary’s purpose, ability and chances. CTI(Cyber Threat Intelligence) is the information on the threat and threat actors that are required to keep the cyber world safe. With the information, you are able to analyze who the adversary is, and how they attack and why they attack. In this training, you can build the CTI platform using MISP, and experience MITRE ATTACK, which is the standard for the threat intelligence.

Who should take this course?

Military and government officers

Security Policy Manager

Cyber threat analyst

Security Monitoring
Manager

Threat intelligence
officer

Other Cyber Threat
-Related Officials

Why Cyber Threat Intelligence Training?

Strategies to protect
from cyber threat

CTI basic concepts and
step-by-step approach

Exploring and developing
MISP platform for CTI

Extracting Static/Dynamic
Indicator & Pivoting

Threat Hunting using Yara

MITRE ATT&CK

Curriculum

Day 1

[CTI Overview]

1. Basic concepts of CTI and 3-step level
– Basic Concepts of Cyber Threat Intelligence
– Information Analysis

2. Information Resources for CTI
– Various resources for cyber threat intelligences

3 CTI-based security
– CTI-based Management Methodology

4. Malware based CTI process
– Looking at CTI with malwares

5. Threat detection and countermeasures using CTI

[Hands-on Scenarios]

1. Tools and Websites used for CTI Analysis

[Building CTI Platform with MISP]

1. Intro to MISP Platform
– What is MISP(Malware Information Sharing
Platform)?
– Constructing the database using MISP

2. Building MISP
– Building MSIP Platform
– Surfing on MISP

Day 2

[Extracting Indicator from Malware]

1. Static Indicator
– Definition and Concept
– Extracting Static Indicator from malwares

2. Dynamic Indicator
– Definition and Concept
– Extracting Static Indicator from malwares

3. Network Indicator and its Extraction
– Finding and extracting indicators on the network

[Pivoting using Indicators]

1. Pivoting Network Indicators
– Pivoting Network indicators that was extracted on VirusTotal

2. Hands-on exercises
– Pivoting Network Indicators on a specific domain

[Clustering & Correlation]

1. ssdeep(Fuzzy Hashing)
– A way to measure the similarity of the indicators

2. Imphash
– Investigating on a specific threat group using imphash

3. Rich Header Hash
– Finding the characteristic of a threat group using Rich Header of a file

4. .NET Module ID
– Using MVID value to find the characteristic of a threat group

5. Other Clustering methods
– Clustering with information such as PDB Path

Day 3

[Yara Rule and Threat Hunting]

1. Yara Basic Grammar
– Overview of Yara

2. Real-life Cases used in Yara
– General malwares that use Yara

3. Threat Hunting Hands-on with Yara
– Expanding Yara module to analyze malware
– Hands-on Exercise

[MITRE ATT&CK]

1. ATT&CK Matrix Concepts
– Structuring Adversary , Tactics, Techniques, Procedures with MITRE ATT&CK

2. Analysis Report and ATT&CK Matrix
– Applying MITRE ATT&CK in real-life
– Mapping MITRE ATT&CK with Analysis Report

3. Raw Data and ATT&CK Matrix
– Linking Raw Data with MITRE ATT&CK

4. MISP and ATT&CK Matrix
– Various MITRE ATT&CK related real-life cases

Tools

1. Software
− Virtualization Software : VMWare, VirtualBox
− Hex Editor : HxD, PEViewer, FileInsight
− YARA Editor : YARA, Yara GUI, Yara-Editor
− Text Editor : Notepad++

2. WebService
− Cyber Threat Intelligence Platform : MISP(Malware Intelligence Sharing Platform)
− Malware & Threat Search : VirusTotal, ReversingLabs A1000 
− Sandbox : JoeSandbox, ANY.RUN, Cuckoo 
− Information & Data Search • Google, Bing, Yahoo and other search engines

Prerequisites

Computer Science and Software Engineering

Professional Experience in Cyber Security

DFIR(Digital Forensic and Incident Response)

Threat hunting and Malware hunting

Malware Analysis and Reversing Engineering

Instructors

YoungJun Chang

Chief Researcher

SangYoon Yoo

Senior Researcher

TaeHyung Kim

Senior Researcher

HanGuk Jo

Researcher

YoungJun Chang

Chief Researcher

SangYoon Yoo

Senior Researcher

TaeHyung Kim

Senior Researcher

HanGuk Jo

Researcher

Reviews

Corporate Trainee (Korea)

CTI

This training gave a great introduction to Cyber Threat Intelligence. I was able to find out how much I know about CTI as well as on which part I need to study more. I also asked many practical questions, and the answers I got from the instructor and teaching assistants were very helpful. I will definitely recommend this course to my co-workers, and even consider myself to attend once again soon.

Corporate Trainee (Korea)

CTI

I took Cyber Threat Intelligence trainings at other institutions, too. But NSHC training was the most informative, up-to-date and well-organized. I was not only able to review the knowledge I know, but also learn about new trends on CTI and practical know-hows.

Videos

Notice

NSHC provides following items for your convenience.

1) Laptop
We provide laptop with software that you will need for hands-on training.

2) Textbook
All the learning materials will be provided in form of a textbook.

3) Training fee
Lunches and snacks are included in your training fee.
Transportation, accommodation, and dinner are excluded.

4) Certificate of Completion
We give the certificate of completion to those who finish the training.

Location

<ibis Ambassador Seoul Myeongdong> 78, Namdaemun-ro, Jung-gu, Seoul, Republic of Korea

Registration and Payment

There are two ways to pay the training fee: PayPal or bank transfer.

You may select preferred payment method when submitting the registration form.
We will assist you after your registration form is received.

If you have any question regarding the payment, please contact us at training@nshc.net.

Refund Policy

You may receive a full refund without a penalty if you make cancellation a week prior to the training. Or, you will be charged for 10% cancellation fee.

Cancellation made until [8 days] before the training : fully refundable
Cancellation made within [7 days ~ the day of training]: 10% cancellation fee is charged.
Refund policy may be changed without a notice.

Security Training ▸ CTI