Cyber Threat Intelligence (CTI)

Objectives

• Enable skills to gather, analyze, and disseminate threat intelligence.
• Adopt proactive security strategies.
• Use open-source and proprietary threat intelligence platforms.

Curriculum:

• Fundamental CTI Concepts & Lifecycle
• Data Collection & Source Analysis
• Threat Actor Profiling
• Indicator of Compromise (IOC) Analysis
• Threat Reports & Intelligence Sharing
• Threat Hunting Integration
• Using Threat Intel Platforms (MISP, Recorded Future)
• Trend Analysis & Case Studies

12-Week Cyber Threat Intelligence (CTI) Curriculum

Week 1: Introduction to CTI & Lifecycle

The course begins with an overview of Cyber Threat Intelligence fundamentals. Participants will understand what CTI is, its importance in modern cybersecurity, and how it fits into an effective security posture. The CTI lifecycle—planning, collection, analysis, dissemination, and feedback—

will be explored in depth, establishing a systematic approach to threat intelligence operations. This week emphasizes understanding the goals and scope of threat intelligence programs.

Week 2: Data Collection & Sources Analysis

Learners will explore various data sources for threat intelligence collection, including open-source feeds, commercial platforms, and internal logs.

Techniques for gathering relevant data while filtering noise will be covered. Labs will involve collecting threat data from sources like OTX, analyzing their credibility, and integrating this data into intelligence workflows to support proactive defense.

Week 3: Threat Actor Profiling

Participants will learn to profile threat actors by analyzing their tactics, techniques, procedures (TTPs), motivations, and attack patterns. This includes understanding nation-states, cybercriminal groups, and hacktivists. Exercises will involve building threat actor profiles from real- world case studies and using available intelligence to predict potential future activities.

Week 4: Indicator of Compromise (IOC) Analysis

This week focuses on identifying, analyzing, and operationalizing

Indicators of Compromise such as IP addresses, domains, file hashes, and email addresses. Trainees will practice detecting IOCs in logs, networks,and endpoint data. Labs will simulate IOC detection within SIEM logs and develop IOC feeds for use in automated detection systems.

Week 5: Threat Reports & Intelligence Sharing

Learners will develop skills in writing threat intelligence reports, ensuring clarity, accuracy, and actionability. They will study best practices in disseminating intelligence within organizations and sharing information via ISACs or proprietary platforms. Practical exercises will involve drafting threat reports based on simulated attack data.

Week 6: Threat Hunting & Proactive Defense Integration

This week integrates threat intelligence into active threat hunting activities. Participants will learn to formulate hypotheses based on intelligence, identify potential threats lurking in their environments, and proactively hunt for malicious activity. Labs will include developing hunting queries and correlating threat data with their telemetry.

Week 7: Using Threat Intelligence Platforms (MISP, Recorded Future) Participants will get hands-on experience with prominent open-source platforms like MISP and proprietary solutions such as Recorded Future. They will learn how to import, organize, and share threat intelligence data, automate threat feeds, and correlate IOCs against logs and alerts. System demonstrations and labs will focus on platform navigation and threat intel enrichment.

Week 8: Trend Analysis & Case Studies

This week emphasizes analyzing threat trends over time, identifying emerging threats, and understanding attack campaigns. Participants will examine real-world case studies of major cyber attacks like ransomware outbreaks, supply chain compromises, and nation-state campaigns. Exercises will involve trend analysis and presentation of findings.

Week 9: Threat Attribution & Attack Chain Reconstruction Learners will develop skills to attribute cyber attacks to specific threat actors by analyzing TTPs, IOCs, and campaign overlaps. Labs will involve attack attribution exercises, reconstructing attack chains, and correlating threat intelligence with incident data to provide context and support attribution efforts.

Week 10: Threat Intelligence Integration into Defensive Operations

This week focuses on embedding threat intelligence into incident

response, vulnerability management, and security controls. Participants will learn to operationalize intelligence feeds, enhance security controls, and inform strategic risk assessments. Labs will simulate applying CTI insights to real-world defense scenarios and automation workflows.

Week 11: Final Threat Hunting & Intelligence Synthesis

Building on previous weeks, students will conduct comprehensive threat hunts using diverse intelligence sources. They will synthesize intelligence into strategic and tactical insights, producing actionable intelligence for security operations teams. Labs will include developing threat landscape reports and conducting attack simulations.

Week 12: Capstone Project & Certification Preparation

The course concludes with a capstone project where teams develop a comprehensive threat intelligence report, including actor profiling, IOC analysis, and mitigation recommendations based on a simulated or real threat scenario. Additionally, review sessions, mock exams, and scenario- based questions will prepare participants for industry certifications like CySA+ or Threat Intelligence certifications, ensuring readiness for professional roles.

Labs/Tools/Simulations:

• MISP, Open Threat Exchange (OTX)
• Threat report writing exercises
• IOC detection in logs
• Attack attribution simulations
• Threat actor behavior analysis

Internships & Projects:

• Threat intelligence reports
• IoC development projects
• Real-world threat attribution cases

Certifications:

• Certified Threat Intelligence Analyst (CTIA)
• GIAC Threat Intelligence (GCTI)

Job Readiness Program:

• Report writing & presentation
• Industry insights
• Networking sessions