cyberseb edited this page 6 months ago

Welcome to the world of Cyber Threat Intelligence (CTI)!

CTI is a cybersecurity discipline that involves the collection, analysis, and distribution of knowledge regarding specific cyber attacks or types of cyber attacks.

CTI includes three different Abstraction Layers:

  • Indicators Of Compromise (IOC) - Artefacts of information like IP addresses, malware file hashes, etc.
  • Tactics, Techniques, and Procedures (TTP) - Popular cyber attack paths (https://attack.mitre.org/)
  • Strategic & (Geo-)Political Layer - At this layer CTI is being merged with human intelligence (HUMINT) and other military intelligence to make (global) strategic decisions.

IOC - Indicators of Compromise

IOCs can be picked up from your own cybersecurity tools (blocking/identifying attacks) or you can download them from public IOC feeds. Here are some examples of public IOC feeds:

Here are some collections of IOC feeds:

If you’d like to share IOCs in a community, here are some IOC Exchanges:

TTP - Tactics, Techniques, and Procedures

The de-facto standard library of TTP is the Mitre ATT&CK Framkework, which currently exists in the following three versions:

The Mitre Corporation is a not-for-profit research organization that is funded by the US federal government. Mitre also produces many interesting technical papers about cybersecurity related topics: https://www.mitre.org/publications/technical-papers

Strategic & (Geo-)Political Layer

If you are interested in reading about Nation State offensive cyber groups, check out the list at Mitre: https://attack.mitre.org/groups/

If you are interested in Global Cyber Strategies, I recommend the following books:

  • Sandworm by Andy Greenberg (Amazon)
  • Dark Territory: The Secret History of Cyber War by Fred Kaplan (Amazon)
  • Cult of the Dead Cow by Joseph Menn (Amazon)