Most Advanced Persistent Threat (APT) groups are organized and well-funded. Their main goal is to steal your data. There is much focus on data loss prevention, but how can you truly defend your data unless you know what attackers are specifically after? Hackers are human, they fall victim to doing the minimum they have to do in order to obtain their goal. They typically follow the same game plan until they are forced to change it. The key to defending against these things, is knowing what you have that attackers want and then knowing how they go about getting it. Threat Intelligence is the art of understanding your enemy to better protect your own network by firmly knowing their tools, techniques and procedures (TTPs). Implementing blocks of IP addresses, Domain Names and MD5 hash values has very little value. Adversaries can easily change these indicators of compromise, often in an automated manner. The focus then needs to be on identifying groups by the information they are after as well as the tools and procedures they use to find that data.
This class aims to provide the students with the knowledge they need to begin a threat intelligence program in their own environment.