Defensive Security, Digital Forensics & Incident Response

CA303: Cyber Threat Intelligence

  • Flexible Schedule

Course authored by:

Perparim Mjeku, Rinor Shehu, Altin Gashi

Pay now

25 Hours of Instruction

Includes lectures, guest speakers, and Q&A sessions

Hands-on
labs

13 Labs

Live Online or On-Demand Access

Join weekly synchronous sessions or access all material and recorded lectures anytime

Intermediate

Developing practical skills and deepening understanding of core concepts

Course Materials

Available after purchase

Course Overview

Cyber threat intelligence is not about collecting data it is about turning fragmented information into decisions that disrupt real adversaries. The course builds practical CTI and OSINT capabilities for proactive cybersecurity operations over four sections. You will work through the full intelligence lifecycle, from defining requirements to collection, analysis, and dissemination of actionable outputs. The course emphasizes the distinction between raw data and intelligence that drives operational decisions. You will analyze threat actors, their motivations, and real-world attack methodologies across tactical, operational, and strategic levels. OSINT techniques are applied to gather, validate, and correlate information from publicly available sources under realistic constraints. Frameworks such as MITRE ATT&CK are used to map and interpret adversary behavior. Expect analytical rigor, fast-paced scenarios, and zero tolerance for superficial reporting by the end, you will be able to produce actionable intelligence that strengthens security operations and informs defensive strategy.

What You’ll Learn

Develop the ability to collect, analyze, and operationalize intelligence for proactive cybersecurity defense

  • Understand the threat intelligence lifecycle and analyst workflow

  • Differentiate between raw data, indicators, and actionable intelligence

  • Analyze tactical, operational, and strategic intelligence use cases

  • Identify and profile threat actors based on behavior and motivations

  • Apply frameworks like MITRE ATT&CK and the Diamond Model

  • Conduct malware analysis and understand detection techniques

  • Integrate threat intelligence into SOC, SIEM, and incident response processes

  • Perform OSINT investigations using structured methodologies

  • Validate sources, assess reliability, and handle bias in intelligence

  • Use OSINT tools for data collection, monitoring, and analysis

  • Understand legal, ethical, and operational security (OPSEC) considerations

  • Transform intelligence into actionable insights for decision-making

Business Takeaways

Understand how intelligence-driven security enables proactive risk management and strategic decision-making

  • Shift from reactive security to proactive threat anticipation

  • Improve incident detection and response with contextual intelligence

  • Prioritize risks based on real-world threat activity

  • Enhance decision-making with actionable and evidence-based insights

  • Strengthen security operations through intelligence integration

  • Reduce alert fatigue by focusing on relevant and contextual threats

  • Support compliance and governance with structured intelligence reporting

  • Protect organizational assets by understanding adversary behavior

Syllabus: 4 Sections to Transformation

The CA303 program develops your ability to think like an intelligence analyst, turning raw information into actionable insight. You progress from understanding how intelligence works to conducting real-world investigations using OSINT and analytical frameworks.

syllabus overview

download full syllabus

Justify Training to Your Manager

download the letter

section 1

THREAT INTELLIGENCE FOUNDATIONS

Focuses on threat intelligence fundamentals, intelligence analysis methodologies, attacker profiling, and frameworks used to understand, track, and contextualize cyber threats.

TOPICS COVERED

  • What threat intelligence really is (context and actionable insight, not raw data).
  • Intelligence lifecycle (requirements, collection, analysis, dissemination, feedback).
  • Tactical vs Operational vs Strategic intelligence (pyramid on page 24).
  • Intelligence frameworks (MITRE ATT&CK, Kill Chain, Diamond Model).
  • Threat actors: types, motivations, and profiling.

LABS

  • Threat Intelligence Mapping
  • Kill Chain
  • Diamond Model

Section 2

MALWARE & INTELLIGENCE OPERATIONS

Focuses on malware analysis, detection methodologies, threat hunting, and integrating cyber threat intelligence into operational security environments such as SOCs and detection workflows.

TOPICS COVERED

  • Malware types (ransomware, spyware, rootkits).
  • Static vs dynamic vs behavioral analysis.
  • YARA rules and detection logic.
  • Integrating CTI into SOC (SIEM, SOAR, detection engineering).
  • Threat hunting vs detection vs investigation.
  • OPSEC for analysts (very important, often skipped).

LABS

  • Reverse Engineering Malware
  • Static vs Dynamic Malware Analysis Comparison

section 3

OSINT FOUNDATIONS & TECHNIQUES

Focuses on open-source intelligence collection, source validation, digital footprint analysis, social engineering techniques, and investigative methodologies used in real-world intelligence gathering.

TOPICS COVERED

  • OSINT lifecycle aligned with intelligence lifecycle.
  • Source validation and reliability scoring.
  • Legal & ethical boundaries (critical for real-world use).
  • Social engineering techniques (phishing, pretexting, baiting).
  • Doxing and digital footprint tracking.

LABS

  • Social Engineering Toolkit
  • TOR Browser
  • Google Dorking
  • Phishing

section 4

OSINT SOURCES, TOOLS & APPLICATION

Focuses on practical OSINT collection using public data sources and intelligence tools for threat monitoring, attack surface discovery, reputation analysis, and real-world investigative operations.

TOPICS COVERED

  • OSINT sources:
    Social media, public records, forums, leaks.
  • Threat monitoring & early warning indicators.
  • External attack surface discovery.
  • OSINT tools:
    Search engines, scraping tools, Maltego, IntelX.
  • Business use:
    Competitive intelligence
    Reputation monitoring
    Industrial espionage basics

LABS

  • OSINT Tools:
    Maltego
    IntelX
    Shodan

Course Schedule
& Pricing

Looking for Group Purchase Options? See below

Next Start Date

March 5, 2026

Duration

14 Weeks Intensive

Format

Live with Zoom Meeting

What's Included

  • Hands-on Cyber Range Access
  • Expert Instructor-Led Training
  • Hands-on Cyber Range Access
  • Expert Instructor-Led Training

499€

Seats Filling Fast for January 2026

Location

Start Date

Start Time

Prishtina, Kosovo

March 20, 2026

10:30 AM (CEST)

Enlist now

Prishtina, Kosovo

April 15, 2026

4:30 PM (CEST)

Enlist now

Prishtina, Kosovo

May 10, 2026

11:00 AM (CEST)

Enlist now

Next Start Date

March 5, 2026

Duration

14 Weeks Intensive

Format

Live with Zoom Meeting

What's Included

  • Hands-on Cyber Range Access
  • Expert Instructor-Led Training
  • Hands-on Cyber Range Access
  • Expert Instructor-Led Training

499€

Seats Filling Fast for January 2026

Location

Start Date

Start Time

Prishtina, Kosovo

March 20, 2026

10:30 AM (CEST)

Enlist now

Prishtina, Kosovo

April 15, 2026

4:30 PM (CEST)

Enlist now

Prishtina, Kosovo

May 10, 2026

11:00 AM (CEST)

Enlist now

Next Start Date

March 5, 2026

Duration

14 Weeks Intensive

Format

Live with Zoom Meeting

What's Included

  • Hands-on Cyber Range Access
  • Expert Instructor-Led Training
  • Hands-on Cyber Range Access
  • Expert Instructor-Led Training

499€

Seats Filling Fast for January 2026

Location

Start Date

Start Time

Prishtina, Kosovo

March 20, 2026

10:30 AM (CEST)

Enlist now

Prishtina, Kosovo

April 15, 2026

4:30 PM (CEST)

Enlist now

Prishtina, Kosovo

May 10, 2026

11:00 AM (CEST)

Enlist now

Frequently Asked Questions

Mission-critical information for prospective operatives

What is Cyber Threat Intelligence (CTI)?

Cyber Threat Intelligence is analyzed and contextualized information about threats that helps organizations make informed security decisions. Instead of just listing indicators, it explains attacker behavior and provides clear guidance on how to detect, prevent, and respond to attacks.

Raw data includes indicators like IP addresses or domains, but on its own it has limited value. Threat intelligence adds context, analysis, and relevance, turning that data into something actionable. Without this context, security teams often face false positives and unnecessary workload.

Protect vital IT resources. Review real exploits and master Windows/Linux security functionality.

OSINT, or Open-Source Intelligence, is information collected from publicly available sources such as social media, forums, and leaked data. It allows organizations to monitor threats outside their environment, identify exposed assets, and detect attacks before they impact internal systems.

Indicators like IPs and file hashes change quickly and are easy for attackers to replace. Modern threat intelligence focuses on attacker behavior, such as tactics and techniques, which are much harder to hide. This allows defenders to detect attacks even when specific indicators are no longer valid.

0
    Your Cart
    Your cart is empty