logo

Overview

conference

Schedule

Archive

Awards

Contact Us

Book Now
Book Now Menu

About The Training

trainer-image
Rahul Binjve
trainer-image
Darshit Ashara
trainer-image
Bhumit Mali

Short Abstract

Full Abstract

Course outline

Top 3 Takeaways

Who should attend?

Prerequisites

Target Audience

What to bring?

What will attendees get?

What to expect?

Why Should People Attend?

Hands-on vs. Lecture

What not to expect?

Hands-On

Trainer Bio

Training Title:

Cyber Threat Intelligence Bootcamp

Hands-on Labs & Real-World Scenarios

Training Schedule:

Start Date: 10 September 2025

End Date: 11 September 2025

Short Abstract:

This two-day hands-on training provides cybersecurity professionals with essential skills to collect, analyze, automate, and operationalize Cyber Threat Intelligence (CTI). Covering both foundational and advanced topics, the course explores intelligence frameworks, adversary tactics, OSINT collection, and structured data formats such as STIX and TAXII. Participants will gain practical experience in automating CTI workflows using Python, developing scripts to collect, process, and enrich threat feeds efficiently. Additionally, the training delves into malware and darknet intelligence, equipping attendees with techniques for analyzing malware, understanding cybercrime ecosystems, and tracking threat actors. Hands-on labs will focus on proactive threat hunting using YARA and Sigma rules, as well as PCAP analysis. The final segment emphasizes integrating CTI into organizational workflows, including SIEMs and SOC operations, to enhance security posture. By blending theory, real-world case studies, and automation-driven exercises, this training prepares participants to effectively track, analyze, and respond to cyber threats in a dynamic threat landscape.

Full Abstract

This two-day hands-on training is designed to equip cybersecurity professionals with the skills to collect, analyze, automate, and operationalize Cyber Threat Intelligence (CTI). The course progresses from foundational concepts to advanced threat hunting and intelligence integration, ensuring attendees gain a deep understanding of CTI frameworks, adversary tactics, OSINT techniques, automation, and various intelligence sources like malware and darknet.

By the end of this training, attendees will gain a comprehensive understanding of Cyber Threat Intelligence (CTI), including the intelligence lifecycle, different types of CTI, and industry frameworks like MITRE ATT&CK and the Cyber Kill Chain. They will explore threat actor motivations and emerging cybercrime trends.

Participants will learn how to collect OSINT data from public sources such as domain records, social media, and breach databases. They will also work with IOCs and structured threat data formats (STIX, TAXII, JSON, CSV) for analysis and correlation.

A key focus will be automating threat intelligence with Python, where attendees will develop scripts to collect, process, and enrich threat feeds while implementing automation pipelines for better intelligence processing.

The training will also cover fundamentals of malware and darknet intelligence, including static and dynamic malware analysis, file classification, and understanding various types of threat actors from darknet marketplaces and cybercrime forums.

Attendees will also dive into threat hunting and proactive defense, leveraging YARA rules, Sigma rules, and PCAP analysis to detect and respond to threats effectively.

Finally, they will learn how to operationalize CTI in organizations by integrating it into SIEMs, EDRs, and SOC workflows, understanding stakeholder engagement, intelligence-sharing best practices, and CTI program development to scale intelligence operations successfully.

This training blends theory, hands-on labs, Python-based automation, and real-world case studies/datasets to prepare attendees for real-world CTI operations. Participants will leave with practical skills to enhance their organization’s security posture, proactively track threats, and automate intelligence gathering for effective decision-making.

Course outline:

Day 1

Module 1: Fundamentals of Threat Intelligence (1.5 hours)

  • • What is Cyber Threat Intelligence (CTI)?
  • • The intelligence lifecycle
  • • Strategic, operational, tactical, and technical intelligence
  • • Cyber Kill Chain, MITRE ATT&CK Framework, and Diamond Model
  • • Types of threat actors and their motivations
  • • How CTI supports various Cybersecurity functions
  • • Case studies on real-world cyber threats

Module 2: Python Refresher (1 hour)

  • • Data Types
  • • Conditionals & Loops
  • • Functions
  • • File Handling
  • • Virtual Environment, Modules & Packages
  • • Parsing and Structuring Data (JSON, XML, CSV, STIX/TAXII)

Module 3: OSINT for Threat Intelligence (2 hours)

  • • Introduction to Open-Source Intelligence (OSINT)
  • • Tools and techniques for gathering OSINT data
  • • Understanding indicators of compromise (IOCs)
  • • Hands-on: Analyzing OSINT Reporting
  • • Extracting intelligence from social media, domain records, and breach data
  • • Using threat intelligence feeds (STIX/TAXII, VirusTotal, etc.)
  • • Hands-on: Using OSINT to Pivot & Correlate

Module 4: Threat Intelligence Automation (3.5 hours)

  • • Hands-on: Automating OSINT collection with Python
  • • Parsing threat feeds with Python
  • • Data enrichment and correlation
  • • Hands-on: Writing scripts to collect, process, and analyze threat data
  • • Introduction to MISP
  • • Alerting & Notification Automation
  • • Hands-on: Setting up TAXII feeds for intelligence sharing
  • • Honeypots for CTI Collection

Day 2

Module 5: Adversary and Malware Analysis (2.5 hours)

  • • Gathering malware intelligence from public sources.
  • • Static and dynamic malware analysis basics
  • • File Classification and Working with Hashes
  • • Extracting and Analyzing Data from Binary File Formats.
  • • Hands-on: Extracting IOCs from malware samples
  • • Darknet Sources & Threat Actors (Cybercrime Enablers)
  • • Operational Security (OPSEC)
  • • Hands-on: Adversary Analysis from Leaked Chats

Module 6: Threat Hunting Basics (1.5 hours)

  • • Introduction to threat hunting
  • • Using TI for proactive defense
  • • Analyzing & Parsing PCAPs
  • • Integrating & Contextualizing Internal Threat Data/Logs with External Sources
  • • Hands-on: YARA rules for malware detection
  • • Hands-on: Using Sigma rules for threat detection
  • • Using CTI for Proactive Threat Hunting

Module 7: Operationalize CTI (2 hours)

  • • Intelligence Requirement Gathering
  • • Tracking Emerging Threats
  • • Hands-on: Keeping up with the Emerging Threats
  • • Hands-on: Mapping TTPs to MITRE ATT&CK Framework
  • • Showcase Your Findings
  • • Scaling Operations

Module 8: Building a CTI Program (2 hours)

  • • Threat intelligence in SIEMs, EDRs, and SOC workflows
  • • Understanding Business Needs
  • • Stakeholders Engagement
  • • Intelligence Sharing & Collaboration
  • • Key metrics for evaluating CTI programs
  • • Hands-on: Building a strategy for your organization

Top 3 Takeaways

By the end of this training, attendees will:

  • • Gain a comprehensive understanding of Cyber Threat Intelligence (CTI), including the intelligence lifecycle, different types of CTI, and industry frameworks like MITRE ATT&CK and the Cyber Kill Chain.
  • • Explore threat actor motivations and emerging cybercrime trends.
  • • Learn the practical skills to enhance their organization’s security posture, proactively track threats, and automate intelligence gathering for effective decision-making.

Who should attend?

  • • Security Analysts & SOC Teams looking to integrate threat intelligence into SOC workflows, improve incident response, and automate data collection.
  • • Threat Intelligence Analysts looking to enhance their OSINT collection, malware analysis, and darknet intelligence skills.
  • • Incident Responders who can utilize CTI for quicker incident correlation, IOCs extraction, and response automation.
  • • Any security professional looking to implement and operationalize CTI practices.

Last but not least, anyone who is interested in strengthening their offensive and detection capabilities

Prerequisites:

While beginners are welcome, having the following knowledge will help:

  • • Basic understanding of cybersecurity concepts (e.g., threat actors, malware, IOCs, TTPs)
  • • Familiarity with Python scripting (loops, conditionals, file handling)
  • • Basic knowledge of network security (e.g., IP addresses, ports, logs, firewalls)
  • • Familiarity with Linux command-line

Target Audience:

The course can be attended by complete beginners as well as experienced professionals looking to improve their CTI skills.

What to bring?

To get the most out of this training, attendees should bring:

  • • A laptop (Windows, macOS, or Linux) with at least 8GB RAM and 80GB free storage
  • • A virtualization platform (VMware Workstation/Player or VirtualBox)
  • • Admin/root access to install tools
  • • Pre-installed Python 3.x and Jupyter Notebook

(The team will share updated documentation 1 week prior to the training date.)

What will attendees get?

The students will receive the detailed documentation, slide decks as well as all the scripts and Jupyter notebooks used during the hands-on exercises.

What to expect?

  • • Fundamentals of Cyber Threat Intelligence (CTI)
  • • Intensive, hands-on training with real-world threat datasets in every module.
  • • Hands-on automation exercises designed to put concepts into practice.
  • • Insights into the process of building & operationalizing CTI capabilities from scratch.
  • • Fundamentals of extracting intelligence from malware samples and threat hunting.

Why Should People Attend?

The training is highly informative and hands-on. The attendees will not only learn the fundamentals of CTI, but they will actually be doing the hands-on analysis and work on real world datasets. The training starts with explaining the various use cases of CTI and then covers a multitude of topics such as Intelligence Lifecycle, Frameworks, Collection Automation, Darknet & Malware Intelligence and Operationalizing Threat Intelligence.

The training will be taught by passionate Threat Intelligence Practitioners who have previously built and trained teams from scratch. The trainers have previously worked in industry leading organizations such as iSIGHT Partners, Mandiant, ZeroFox, and Intel471.

Hands-on vs. Lecture

Although we have designed the course to be highly hands-on, understanding various frameworks and strategies is a crucial part of understanding and operationalizing threat intelligence. We believe the split between the lecture vs hands-on is approx. 40% and 60% respectively.

Except for the first lecture where we cover the theory and various underlying principles, every module has multiple hands-on exercises.

What not to expect?

  • The course is not a theoretical lecture series – it's hands-on training.
  • This is not a beginner’s programming course (Basic Python knowledge is highly recommended)
  • The training does not focus on offensive security or penetration testing.
  • We will not cover reverse engineering in-depth (only basic malware analysis)

Hands-On

There are over 15 hands-on exercises, varying in difficulty and time required. Some exercises are basic in nature requiring 10-15 minutes, whereas more complex ones will takesomewhere between 20-40 minutes where attendees will be acting as Threat Intelligence analysts.

Trainer Bio:

Rahul Binjve

Rahul Binjve (c0dist) currently leads the Cyber Threat Intelligence (CTI) Engineering team at Fortinet. With over a decade of experience in aggregating and contextualizing various threats, he's a seasoned threat intelligence practitioner. Rahul has presented and conducted workshops at several international conferences, including Black Hat, Nullcon, PHDays, c0c0n, Seasides and BSides. He's also contributed to multiple open-source security projects, such as the SHIVA spampot and Detux Linux sandbox. Rahul's passions lie in information security, automation, human behavior, and—of course—breaking things. He has previously worked in iSIGHT Partners, Mandiant and ZeroFOX.

Darshit Ashara

Darshit Ashara currently works as Principal Security Researcher at Zscaler. With over 13 years of experience in monitoring cybercrime discussion places, providing accurate and timely intelligence to safeguard clients' environments in a proactive manner. Darshit also has experience in setting up Threat Intelligence functions, both by mentoring and training novice/junior-level analysts to become professionals in a short period of time with a structured learning approach and guidance. He has previously worked as Head of Threat Research at CloudSEK and Threat Intelligence Researcher at Intel471.

Bhumit Mali

Bhumit Mali, a Senior Manager at Fortinet, leads their Digital Risk Protection product that provides threat intelligence solutions. He also manages an expert team of technical and threat analysts who specialize in identifying and tracking financially motivated cyber criminals. Prior to his current role, Bhumit oversaw an intelligence-driven security program at Mandiant, which is now part of Google. He has over 10 years of experience in developing and operating intelligence-led cybersecurity programs, and he consults with deep expertise in threat intelligence and security operations.