Threat Intelligence & Attribution Best Practices: Attribution Analysis

Threat Intelligence & Attribution Best Practices: Attribution Analysis

• discover the key concepts covered in this course
• summarize what is meant by attribution analysis and describe how it can relate to threat intelligence
• differentiation between attribution types such as machine, human, and adversary
• describe the different levels of attribution, including cyberweapon, country or city, and person or organization
• list techniques and tools used by cybercrime investigators for performing cyber attribution
• list common challenges related to cyber attribution
• list key indicators that enable attribution
• outline best practices for determining attribution
• outline best practices for presenting attribution analysis
• describe how attribution judgments are made
• recognize the importance of identifying and preserving forensic artifacts and list common errors when dealing with digital evidence
• outline how to manage digital evidence properly
• describe how attribution analysis can affect geopolitical dynamics
• identify national-level partners in the Intelligence Community that can assist with attribution
• summarize what is meant by malware cyber threats and interpret how reverse engineering malware can lead to attribution
• recognize different code sharing analysis techniques that lead to attribution
• describe network behavior analysis techniques that lead to attribution
• recognize legal implications related to cyber threats and attribution
• define indirect attribution and interrelate it to machine learning, social networks, and political ideologies
• summarize the key concepts covered in this course

Cyber attribution analysis is used to track, identify, and incriminate perpetrators of cyber attacks or exploits and is a must-know offensive security operations technique. In this course, you'll learn about the fundamental concepts and critical concerns related to attribution.

You'll start by examining the different attribution types and levels before exploring attribution indicators, techniques, best practices, tools, and challenges.

Moving on, you'll gain insight into how to identify and interpret forensic artifacts gathered from various sources, manage evidence, and make attribution judgments and assessments. You'll then study geopolitics, the Intelligence Community, and legal considerations as they relate to cyber threats and attribution. Lastly, you'll look into how malware cyber threat reverse engineering, code sharing analysis, and network behavior analysis lead to attribution.

Threat Intelligence & Attribution Best Practices: Threat Intelligence Concepts

Threat Intelligence & Attribution Best Practices: Threat Intelligence Concepts

• discover the key concepts covered in this course
• recognize the purpose and benefits of threat intelligence and outline its various definitions
• list the core characteristics of threat intelligence
• name the parties who can benefit from threat intelligence
• describe when and how to use threat intelligence including before, during, and after an attack
• categorize and identify the different cyber threat actors
• list common indicators of compromise
• differentiate among intelligence, data, and information
• outline the 6 phases of the threat intelligence lifecycle
• describe what is meant by strategic threat intelligence and list some common sources of information for it
• define what is meant by tactical threat intelligence and recognize key components and benefits of it
• define what is meant by operational threat intelligence and outline some associated challenges and solutions
• define what is meant by technical threat intelligence and describe its purpose
• describe how machine learning can improve threat intelligence
• define what is involved in risk analysis and risk modeling as they relate to threat intelligence and outline the FAIR risk model and framework
• list the various use cases for threat intelligence
• describe how threat intelligence can help map the threat landscape
• recognize why intrusion detection is the heart of threat intelligence and outline the kill chain and diamond models of analysis
• differentiate between different threat intelligent sources, such as credentials, mobile apps, social media
• summarize the key concepts covered in this course

Identifying and interpreting threat intelligence is crucial to preventing and mitigating cyber attacks. In this course, you'll explore the various threat intelligence types and how they relate to an organization's threat landscape.

You'll begin by examining the key characteristics and benefits of threat intelligence and how to use it before, during, and after an attack. You'll then name known cyber threat actors and common indicators of compromise. You'll characterize intelligence, data, and information, and the four categories of threat intelligence: strategic, tactical, operational, and technical.

You'll outline the threat intelligence lifecycle and how machine learning and risk modeling relate to threat intelligence. Lastly, you'll recognize threat intelligence use cases and sources, and how to map the threat landscape and benefit from intrusion detection and analysis.