Security Training ▸ CTI

Cyber Threat Intelligence Training

A methodology to prevent cyber threats

#MISP

#Malware

#Indicator

#MITRE ATT&CK

#YARA

What is Cyber Threat Intelligence Training?

What do we need to protect our organization from cyber threats? It is the ability to collect and analyze the information and data that are related to the adversary’s purpose, ability and chances. CTI(Cyber Threat Intelligence) is the information on the threat and threat actors that are required to keep the cyber world safe. With the information, you are able to analyze who the adversary is, and how they attack and why they attack. In this training, you can build the CTI platform using MISP, and experience MITRE ATTACK, which is the standard for the threat intelligence.

Who should take this course?

Military and government officers

Military and government officers

Security Policy Manager

Security Policy Manager

Cyber threat analyst

Cyber threat analyst

Security Monitoring<br>Manager

Security Monitoring
Manager

Threat intelligence<br>officer

Threat intelligence
officer

Other Cyber Threat<br>-Related Officials

Other Cyber Threat
-Related Officials

Why Cyber Threat Intelligence Training?

Strategies to protect
from cyber threat

CTI basic concepts and
step-by-step approach

Exploring and developing
MISP platform for CTI

Extracting Static/Dynamic
Indicator & Pivoting 

Threat Hunting using Yara
 

MITRE ATT&CK
 

Curriculum

Day 1

[CTI Overview]

1. Basic concepts of CTI and 3-step level
– Basic Concepts of Cyber Threat Intelligence
– Information Analysis

2. Information Resources for CTI
– Various resources for cyber threat intelligences

3 CTI-based security
– CTI-based Management Methodology

4. Malware based CTI process
– Looking at CTI with malwares

5. Threat detection and countermeasures using CTI

01

[Hands-on Scenarios]

1. Tools and Websites used for CTI Analysis

02

[Building CTI Platform with MISP]

1. Intro to MISP Platform
– What is MISP(Malware Information Sharing
Platform)?
– Constructing the database using MISP

2. Building MISP
– Building MSIP Platform
– Surfing on MISP

03
Day 2

[Extracting Indicator from Malware]

1. Static Indicator
– Definition and Concept
– Extracting Static Indicator from malwares

2. Dynamic Indicator
– Definition and Concept
– Extracting Static Indicator from malwares

3. Network Indicator and its Extraction
– Finding and extracting indicators on the network

01

[Pivoting using Indicators]

1. Pivoting Network Indicators
– Pivoting Network indicators that was extracted on VirusTotal

2. Hands-on exercises
– Pivoting Network Indicators on a specific domain

02

[Clustering & Correlation]

1. ssdeep(Fuzzy Hashing)
– A way to measure the similarity of the indicators

2. Imphash
– Investigating on a specific threat group using imphash

3. Rich Header Hash
– Finding the characteristic of a threat group using Rich Header of a file

4. .NET Module ID
– Using MVID value to find the characteristic of a threat group

5. Other Clustering methods
– Clustering with information such as PDB Path

03
Day 3

[Yara Rule and Threat Hunting]

1. Yara Basic Grammar
– Overview of Yara

2. Real-life Cases used in Yara
– General malwares that use Yara

3. Threat Hunting Hands-on with Yara
– Expanding Yara module to analyze malware
– Hands-on Exercise

01

[MITRE ATT&CK]

1. ATT&CK Matrix Concepts
– Structuring Adversary , Tactics, Techniques, Procedures with MITRE ATT&CK

2. Analysis Report and ATT&CK Matrix
– Applying MITRE ATT&CK in real-life
– Mapping MITRE ATT&CK with Analysis Report

3. Raw Data and ATT&CK Matrix
– Linking Raw Data with MITRE ATT&CK

4. MISP and ATT&CK Matrix
– Various MITRE ATT&CK related real-life cases

02

Tools

1. Software
− Virtualization Software : VMWare, VirtualBox
− Hex Editor : HxD, PEViewer, FileInsight
− YARA Editor : YARA, Yara GUI, Yara-Editor
− Text Editor : Notepad++

2. WebService
− Cyber Threat Intelligence Platform : MISP(Malware Intelligence Sharing Platform)
− Malware & Threat Search : VirusTotal, ReversingLabs A1000

− Sandbox : JoeSandbox, ANY.RUN, Cuckoo

− Information & Data Search
• Google, Bing, Yahoo and other search engines

Prerequisites

Computer Science and Software Engineering

Professional Experience in Cyber Security

DFIR(Digital Forensic and Incident Response)

Threat hunting and Malware hunting

Malware Analysis and Reversing Engineering

Instructors

Chief Researcher
YoungJun Chang

Chief Researcher

batch_강사진_15(장영준)

YoungJun Chang | Chief Researcher

Main Training Area

Security Threat Trend

CTI Intro. & Process

MITRE ATT@CK

Senior Researcher
SangYoon Yoo

Senior Researcher

batch_강사진_16(유상윤)

SangYoon Yoo | Senior Researcher

Main Training Area

Malware Analyzing Envrionment & Tool

Senior Researcher
TaeHyung Kim

Senior Researcher

batch_강사진_17(김태형)

TaeHyung Kim | Senior Researcher

Main Training Area

Malware Analysis Methodology

Researcher
HanGuk Jo

Researcher

batch_강사진_18(조한국)

HanGuk Jo | Researcher

Main Training Area

Windows Memory Forensics

YARA

Chief Researcher
YoungJun Chang

Chief Researcher

batch_강사진_15(장영준)

YoungJun Chang | Chief Researcher

Main Training Area

Security Threat Trend

CTI Intro. & Process

MITRE ATT@CK

Senior Researcher
SangYoon Yoo

Senior Researcher

batch_강사진_16(유상윤)

SangYoon Yoo | Senior Researcher

Main Training Area

Malware Analyzing Envrionment & Tool

Senior Researcher
TaeHyung Kim

Senior Researcher

batch_강사진_17(김태형)

TaeHyung Kim | Senior Researcher

Main Training Area

Malware Analysis Methodology

Researcher
HanGuk Jo

Researcher

batch_강사진_18(조한국)

HanGuk Jo | Researcher

Main Training Area

Windows Memory Forensics

YARA

Reviews

Videos

Notice

NSHC provides following items for your convenience.

1) Laptop
We provide laptop with software that you will need for hands-on training.

2) Textbook
All the learning materials will be provided in form of a textbook.

3) Training fee
Lunches and snacks are included in your training fee.
Transportation, accommodation, and dinner are excluded.

4) Certificate of Completion
We give the certificate of completion to those who finish the training.

Location

<ibis Ambassador Seoul Myeongdong> 78, Namdaemun-ro, Jung-gu, Seoul, Republic of Korea

Registration and Payment

There are two ways to pay the training fee: PayPal or bank transfer

You may select preferred payment method when submitting the registration form.
We will assist you after your registration form is received.

If you have any question regarding the payment, please contact us at training@nshc.net.

Refund Policy

You may receive a full refund without a penalty if you make cancellation a week prior to the training. Or, you will be charged for 10% cancellation fee.

  • Cancellation made until [8 days] before the training : fully refundable

  • Cancellation made within [7 days ~ the day of training]: 10% cancellation fee is charged.

  • Refund policy may be changed without a notice.

Security Training ▸ CTI

Cyber Threat Intelligence

#MISP

#Malware

#Indicator

#MITRE ATT&CK

#YARA

$3,300(USD)

VAT incl.
  • Date
    Sept 28 ~ Sept 30
  • Time
    09:30 ~ 18:00
  • Location
    Myeongdong, Seoul
  • Deadline
    Sept 21, 2022
  • Capacity
    15
Register

Cyber Threat Intelligence 전문가 교육 수강신청

(1=입문자, 5=전문가)

수강신청

Cyber Threat Intelligence 전문가 교육 수강신청

(1=입문자, 5=전문가)