Presented By: Irena Damsky
Security has long ago become more than just malware reverse engineering. To defend your organization, you need to analyze your adversary’s intent, opportunities and capabilities. The tools and skills needed are not only of deep technical nature, but also require one to leverage available intelligence and counterintelligence information and know how to make the most of it.
To become a good intelligence analyst, you need to acquire a different way of thinking – an analytical mindset, which requires getting acquainted with field proven intelligence techniques and methodologies. These will serve as the basis for doing your daily analysis tasks in a much more productive and sophisticated way.
In this course, which will include both lectures and hands on training, we will learn how to look beyond the malware itself in order to dig information on the infrastructure and actor behind it. We will understand the adversary’s intents, way of thinking and the risk it poses against our threat model, to develop the best protections and mitigations. We will get familiarized with tools for gaining insight into attacker’s workflow and learn how to integrate those into the organization. The students will be capable to go back to their organization and immediately start utilizing the lessons learned to proactively defend their network.
- Introduction to Cyber Threat Intelligence and CTI Models
- The intelligence process
- The cybercrime eco systems
- Advanced searching and Google hacking
- Data collection and sources
- Data sharing tools
- Leveraging DNS for threat intelligence
- The Malware Information Sharing Platform
- Yara Primer for Threat Intelligence
- Honeypots, malware labs and other tools
- Introduction to attribution
- Network analysts and defenders
- SOC analysts
- Incident responders
- Anyone who is interested in learning a new skillset that will allow them to get ahead of their adversaries
- Basic scripting (bash/python)
- Understanding of malware and networking
Laptop capable of running VMs
About the Trainer
Irena Damsky is the founder of damsky.tech – CTI Research, Training and Consulting
Irena is a security and intelligence researcher and developer based in Israel. Her focus is on threat intelligence, networking, malware & data analysis and taking out bad guys as she is running the company and provides the different services. Prior to starting damsky.tech, Irena was VP of Security Research for ThreatSTOP, established the Threat Intelligence group for Check Point Software and served over six years in the Israeli Intelligence Forces, where she now holds the rank of Captain in the Reserve Service. She is a frequent speaker at security events, holds a BSc and MSc in Computer Science, and is fluent in English, Russian, and Hebrew.