Advanced Cyber Threat Intelligence Course

Overview

The arcX Advanced Cyber Threat Intelligence training course has been designed to provide you with advanced knowledge and practical skills necessary to become a dominant force as a cyber threat intelligence analyst. Throughout this course, you will advance your understanding of cyber threat intelligence best practises and learn to apply techniques like OODA Loop and F3EAD Cycle to real-world scenarios. You will also engage in practical exercises, including threat assessments and research of well-known cyber criminal groups like the Conti Ransomware Group and Lockbit. This course is designed to build upon the foundational knowledge gained in our arcX Cyber Threat Intelligence Practitioner course (which is a prerequisite for this course) and take your skills to the next level. By the end of this course, you will have the confidence and expertise needed to excel in a fast-paced and ever-evolving cybersecurity landscape.

This is a CREST aligned training course covering nearly every element of the CREST Registered Threat Intelligence Analyst (CRTIA) examination. The legal and ethical requirements for the CREST syllabus are identical in both the CPTIA and CRTIA examinations. Consequently, we only provide a legal and ethical module in our practitioner course which is a prerequisite for this course. Upon successful completion of the arcX final exam, you will receive the arcX Advanced Threat Intelligence Analyst certification which can be validated on the website using the provided QR code.

Study at your own pace

With our online self-directed training courses you're in charge of how quickly or slowly you work through the content.

Learn on the move

The arcX platform has been designed to work on most mobile devices, so you can keep moving and keep learning.

Challenge yourself

With rigorous testing throughout our courses, you'll have the opportunity to continually improve, and measure improvements against past performance.

Certified excellence

Our courses aren't just good, they're excellent and we are a CREST Approved Training Provider.

Summary

40+ hours of training content
CREST Aligned CRTIA course
87 units covering an extraordinary amount of content
Includes 27+ hours of video training
arcX final exam with free re-test included
100% online and on-demand self-study course
24 engaging exercises
900+ practice questions

Price: £799

Course Delivery

The Advanced Cyber Threat Intelligence training course is the equivalent of a 10-day classroom course. The training is delivered online using the power of the arcX platform with the added benefit of being able study at your own pace, online and through a range of training resources.

Video Content

Video is the primary delivery method of the arcX Advanced Cyber Threat Intelligence training course. There are a total of 80 videos to watch totalling roughly 27+ hours of video content.

Quizzes

Expect to find plenty of tests within this course! Using our bespoke testing engine, you will recieve both free-form and adapting testing throughout designed to help consolidate learning and continually challenge your ability.

Practical Exercises

This course comprises of 24 exercises ranging from micro exercises and quizzes taking a few minutes to complete up to full research projects taking hours. All exercises are designed to help you assess how well you have grasped a concept.

Additional Reading Material

The course includes numerous downloadable reports and research papers that will reinforce the concepts taught. You will also receive downloadable tools that have been created to assist you in your day-to-day work.

arcX Final Exam

The Advanced Cyber Threat Intelligence culminates in a final challenging exam designed to test your knowledge and skills.

The exam is made available upon marking 95% of the course content as complete.

The course also includes one free exam retake. Why not unlimited retakes? Because we want you to learn the content, not how to pass our test.

The arcX final exam also serves as a great indicator of how you will perform in your CREST Registered Threat Intelligence Analyst exam.

Those who successfully pass the arcx examination will be awarded the arcX Advanced Level Threat Intelligence Analyst certification which can be validated on the website using the provided QR code.

What will this course teach me to do?

This course will further elevate your expertise in the field, equipping you with advanced skills and knowledge to operate as a competent cyber threat intelligence analyst.

You will be capable of:

Conducting threat actor attribution by identifying the tactics, techniques and procedures used by nefarious elements.
Selecting the appropriate tools at the right time to assist you in your role as a cyber threat intelligence analyst.
Building out useful intelligence requirements and defining their priority by measuring things like risk, capability and organisational vulnerabilities.
Carrying out in depth analysis on collected information and utilising your repertoire of analysis techniques to refine your workings.
Creating a credible intelligence report and ensuring it is produced at the right level for the right audience.
Understanding some of the more technical aspects of cyber threat intelligence like IP protocols, encryption methodology, command and control (C2), and data exfiltration.

Who is this for?

Designed for cyber security professionals who have already completed our practitioner course that are seeking to enhance their skills and knowledge further. The perfect choice for:

People who have completed our practitioner level course
Threat Intelligence Analysts
CREST exam preparation
Penetration Testers
SOC Analysts
Incident Responders

Course Syllabus

Section 1 - Threat Actors and Attribution: In this section we will be diving into one of the heavier topics of this course, attribution. Covering familiar concepts like the unholy trinity and building upon them with detailed explorations of motivation, threat and capability. We will undertake practical exercises on Phineas Fisher, the Conti Ransomeware Group and carry out a Lockbit threat assessment.
Section 2 - Attack Methodologies: In this section we will be taking a detailed look at attack methodologies like the diamond model and the kill chain exploring practical use cases and learning how to blend these models together effectively. We will be undertaking practical exercises in the application of these models in addition to critically evaluating other use cases by well known organisations.
Section 3 - Analysis Methodology: In this section we will be developing a structured approach to the collection, processing, analysis and dissemination of cyber threat intelligence (CTI). We will be exploring the concept of intelligence preparation of the battlefield and its adoption in CTI and subsequent renaming to Intelligence Preparation for the Cyber Environment (IPCE).
Section 4 - Process and the Intelligence Cycle: In this section we will build upon your knowledge of the intelligence cycle by introducing additional supportive concepts like OODA and F3EAD cycle before demonstrating practical ways of applying these techniques.
Section 5 - Principles of Intelligence: In this section we will be taking an important look back at the familiar concept of CROSSCAT before demonstrating the concept in action.

Section 6 - Introduction to Direction and Review: In this section we will be discussing the importance of effective direction within the context of the intelligence cycle.
Section 7 - Intelligence Requirements: In this section we will be looking at intelligence requirements and how to interpret customer wants vs needs. We will also be providing useful downloads to help support the development of intelligence requirements.
Section 8 - Prioritising Intelligence Requirements: In this section we will be taking an in depth look at the MoSCoW rule and introducing the RACI Matrix, before demonstrating how these work within the context of an organisation.
Section 9 - PIRs and Weighted Scoring Models: In this section we will be providing an explanation and downloadable tool for defining what is a priority and what is not, in conjunction with the MoSCoW rule.
Section 10 - Project Planning and Review: In this section we will be pulling apart the work breakdown structure (WBS) to combine it with the intelligence cycle. This section also touches upon the intelligence synchronisation matrix, its benefits and uses.

Section 11 - Google Sphere / Google-Fu: In this section we will be exploring the power of Google in greater detail, highlighting its presence within the foundations of most if not all proprietary products and why.
Section 12 - Web Content: In this short section we will be introducing the delivery format for some of the more technical aspects of the course coming up.
Section 13 - Site Scraping and Bulk Data Collection: In this section we will be diving right in to web scraping and understanding how to effectively create a subset of data based on information readily available to you in the 'needle rich haystack' that is the internet.
Section 14 - Web Infrastructure: In this section we will be taking our first foray into some slightly more technical concepts within cyber threat intelligence, starting with registration records and WhoIs records. Then we will be jumping into domain name servers (DNS), passive domain name servers (PDNS) and monitoring.
Section 15 - Power of the Pivot: In this section we will be taking what we discussed in Section 14 and demonstrating how an analyst can conduct analytical pivoting using IP addresses, domain names and other internet infrastructure.
Section 16 - Document Metadata: In this section we will be taking a look at metadata and its three general categories of descriptive, structural and administrative. We will also be looking at this from an adversarial standpoint and how they can use metadata to great affect.
Section 17 - CTI Sharing Communities: In this section we will be looking at the benefits of information sharing and analysis centers (ISACs) before a quick recap of the traffic light protocol and other concepts you should now be familiar with from our Practitioner course.
Section 18 - Data Reliability: In this section we will be revisitng data reliability and how to ensure that the data you are gathering is in fact reliable. Knowledge around the Police 5x5x5 system and Admiralty code is assumed as a prerequisite having completed the Practitioner course.
Section 19 - Human Sources: In this section we will be looking at human sources, the legality and ethics that surround this contentious subject, and we will be dissecting a great piece of journalism on incel extremist.
Section 20 - Operational Security Recap: In this section we will be recapping operational security (OPSEC) and looking at how intelligence and counter-intelligence fit into this picture.

Section 21 - Introduction to Data Analysis: In this section we will be looking at how we can structure our analysis to improve ideas and make better decisions as cyber threat intelligence analysts.
Section 22 - Idea Generation: In this section we are going to be taking a look at how we as analysts can generate ideas within the context of hypothesis generation, we will also be explaining what general morphological analysis is and how it works.
Section 23 - Scenarios and Indicators: In this section we will be learning about the cone of plausibility and PESTLE analysis. We will also be discussing how they can be used together through brainstorming drivers and assumptions to establish a baseline scenario, before generating both plausible and wildcard scenarions by altering those assumptions.
Section 24 - Hypothesis Generation and Testing: In this section we will be building on your knowledge of ACH and demonstrating its uses within the context of a test organisation. We will also be introducing new concepts like hypothesis clustering.
Section 25 - Cause and Effect: In this section we will be exploring the concept of cause and effect. We will also be touching on a particularly interesting set of topics; misinformation, disinformation and the concept of 'fake news'.
Section 26 - Challenge Analysis: In this section we will be looking at how we challenge our hypothesis using techniques like devils advocate, the strawman argument, steelman argument, and most importantly when to use each of them.
Section 27 - Decision Support: In this section we will be looking at how we can support the decisions we make as analysts using SWOT analysis, attack trees and other techniques. We will also be introducing the concept of threat modeling.
Section 28 - Decomposition and Visualisation: In this section we will be taking a look at one of Stewart's favourite areas of study; social network analysis (SNA). We will be looking at the impact SNA can have in analysis and why it is such a great technique.
Section 29 - Data Analysis Conclusion: In this section we will be having a quick round-up of all the techniques and theories covered within this module.

Section 30 - Forms of Delivery: In this section we will be taking a deep dive into STIX and TAXII and how we can use it in our professional practise.
Section 31 - Threat Intelligence Platform Introduction: In this section we will be taking a look at OpenCTI, demonstrating its uses, limitations and showing you where you can set up your own demo account to give it a test drive.
Section 32 - Intelligence Sharing Initiatives: In this section we will be taking an in depth look at some of the intelligence sharing initiatives available to us as cyber threat intelligence analysts.

Section 33 - Risk: In this section we will be looking at risk from a cyber security professional standpoint, focusing on understanding and learning how to manage risk.
Section 34 - Regulator Mandated Threat Intelligence Schemes: In this section we will be looking at regulator mandated threat intelligence schemes and some of the techniques and that are becoming prevalent in cyber security such as TTP emulation, purple teaming and threat-led penetration testing.
Section 35 - Reporting: In this section we will be discussing the reporting process and explaining how we can tailor our reporting based on the audience, we will also be imparting some practical advice and guidelines on how to deliver effective reports.

Section 36 - IP Protocols: In this section we will be taking a detailed look at the OSI model, we will also undertake a practical exercise on geofencing by a nation state .
Section 37 - Cryptography: In this section we will be discussing the basic principles of cryptography. We will be covering hashing, symmetric and asymmetric encryption, and we will teaching you about famous cryptographic methods.
Section 38 - Vulnerabilities: In this section we will be looking at vulnerabilities and intrusion vectors. We will also be running through a practical demonstation on how to effectively use the MITRE ATT&CK Navigator.
Section 39 - Command and Control: In this section we will be focusing on the command and control (C2) side of cyber attacks, how it all works, and its many forms. We will then undertake an exercise on Hammertoss which looks at the stealthy tactics of an adversary.
Section 40 - Exfiltration Techniques: In this section we will be looking at how an adversary might exfiltrate sensitive data from your organisation. We will be looking at a case study about Turla Crutch to help consolidate learning.
Section 41 - Conclusions: In this section we will be closing out the technical cyber security module with some reflection on the techniques and theories discussed throughout.

Instructor Profile

Stewart Bertram

Stewart has worked within the field of Intelligence and Security for the past 18 years with experience across both the private and public sector. Starting his career in 2004 in the Intelligence Corps of the British Army, Stewart entered the private sector in 2009 and has held a number of roles in Cyber Threat Intelligence (CTI) since then. These have included product development, service delivery and consulting, with his most recent roles involving the management of specialist teams involved in research into the cyber criminal underground and nation state threat actors.

Holding both a Masters in Computing and a Master of Letters in Terrorism Studies from St. Andrews University. Stewart was also among the first in the world to pass the CREST Certified Threat Intelligence Manager (CCTIM) examination.

Stewart’s research interests and work have always sat at the intersection of technology, security and people focused issues. These unique areas of focus are bought to bare within his role at arcX, where he is responsible for the design and delivery of the core CREST related CTI courses and oversight of the wider Cyber Threat Intelligence stream.

CREST Aligned Training

This course has been designed to help prepare you for your CRTIA examination, it builds upon familiar concepts from our practitioner course and advances your skills and ability as a cyber threat intelligence analyst.

Our course is currently going through its final review by CREST to ensure our content maps to the CRTIA examination syllabus. Due to the duplication of the legal and ethical requirements in both the CPTIA and the CRTIA, we have decided to only provide the legal and ethical requirements module in our practitioner course, which serves as a prerequisite to this advanced course.

There is no CREST exam voucher included in the purchase of this course.