Learn to intelligently detect and take down cyber threats
In today’s cyber security landscape, it isn’t possible to prevent every attack. Modern attackers are often well-funded, patient, and highly sophisticated—targeting not only technology, but also people and processes. That’s why Cyber Threat Intelligence (CTI) is essential: it helps organizations understand threats earlier, prioritize risks, and act before damage spreads.
Certified Cyber Threat Intelligence Analyst is a hands-on, analyst-focused course designed to teach you how to: identify malicious activity, extract key indicators, correlate attack patterns, attribute threat actors, track evolving campaigns, and support takedown actions through structured intelligence workflows.
What You’ll Learn
-
Threat Intelligence Phases: Understand a complete CTI lifecycle and how each phase supports proactive defense.
-
Hunting: Collect samples and intelligence from multiple sources to begin profiling threats.
-
Feature Extraction (Static): Identify unique static features in malware binaries and artifacts to classify malicious groups.
-
Behavior Extraction (Dynamic): Extract behavioral indicators and dynamic features to strengthen detection and classification.
-
Correlation & Clustering: Link behaviors and features to group threats, map attack flows, and discover relationships.
-
Threat Actor Attribution: Learn techniques to attribute campaigns to threat actors and understand targets, motives, and geography.
-
Tracking: Anticipate future attacks by monitoring new variants, infrastructure changes, and evolving TTPs.
-
Taking Down: Understand the takedown workflow, including sinkholing and victim notification (high-level, analyst perspective).
Course Content Overview
This course includes 9.5 hours of on-demand video content and is organized into 8 sections with labs, quizzes, and real-world workflows.
-
CTI Phases Overview (3 parts)
-
Hunting (concepts + practical sources)
-
Feature Extraction (imphash, fuzzy hashing, macro extraction, pivoting)
-
Behavior Extraction (dynamic indicators, DNS intelligence, common behavior patterns)
-
Clustering & Correlation (graph-based thinking, linking data, labs)
-
Attribution (targets, initial access, escalation, persistence, lateral movement, exfiltration)
-
Tracking (lookups, OSINT sources, monitoring attacker infrastructure)
-
Takedown Concepts (sinkhole, how it works, notifying victims)
Hands-On Labs You’ll Practice
- Using VirusTotal Intelligence for investigation workflows
- Binary-level detection with YARA
- Extracting indicators from documents (e.g., macro extraction tools)
- Pivoting from C2 infrastructure (IP/DNS pivots and enrichment)
- Correlation and clustering exercises to link malware families and campaigns
Requirements
- Basic familiarity with well-known cyber exploits/breaches seen publicly
- Curiosity and willingness to think like an investigator
Who This Course Is For
- Aspiring CTI analysts and threat researchers
- SOC analysts who want to level up into threat intelligence
- Blue team defenders interested in attacker profiling and proactive defense
- Anyone interested in preventing and understanding cyber threats
Outcome
By the end of this course, you’ll understand how to take a small indicator or sample and build a bigger picture: what happened, how it happened, who is behind it, and how to track or disrupt it using structured CTI methods.
