What Participants Will Learn
Participants will gain a comprehensive understanding of the CTI lifecycle, intelligence types, and frameworks like MITRE ATT&CK and the Cyber Kill Chain, while exploring threat actor motivations and emerging cybercrime trends. They will also learn to collect OSINT from public sources—such as domain records, social media, and breach databases—and work with IOCs and structured threat data formats (STIX, TAXII, JSON, CSV) for effective analysis and correlation.
A major focus of the training is on automating threat intelligence with Python, enabling participants to build scripts and automation pipelines for collecting, processing, and enriching threat feeds. The course further delves into basics of malware and darknet intelligence, understanding static and dynamic malware analysis tools, and profiling threat actors from darknet forums and marketplaces. Attendees will practice proactive defense through threat hunting, leveraging YARA and Sigma rules, as well as PCAP analysis for detection and response. The final module emphasizes operationalizing CTI within organizations: integrating intelligence into SIEM, EDR, and SOC workflows, establishing sharing mechanisms, and developing scalable CTI programs. Blending theory, real-world case studies, and hands-on Python labs, this training prepares participants to enhance their organization’s security posture, automate intelligence processes, and make informed, intelligence-driven decisions.
Suggested Prerequisites
While complete beginners are welcome, having the following knowledge will help:
Understanding of cybersecurity concepts (e.g., threat actors, malware, IOCs, TTPs)
Familiarity with basic Python scripting (loops, conditionals, file handling). Students will be provided with a Python refresher session to catch up, if required.
Knowledge of network security (e.g., IP addresses, ports, logs, firewalls)
What the Trainer Will Provide
The students will receive slide decks as well as all the scripts and Jupyter notebooks used during the hands-on exercises. Along with the slide decks, the students will also be provided with detailed notes related to the training, containing expanded notes, references, and future reading materials, as PDF.
Trainer Bios
Rahul Binjve (c0dist) currently leads the Cyber Threat Intelligence (CTI) Engineering team at Fortinet. With over a decade of experience in aggregating and contextualizing various threats, he's a seasoned threat intelligence practitioner. Rahul has presented and conducted workshops at several international conferences, including Black Hat, Nullcon, PHDays, c0c0n, Seasides and BSides. He's also contributed to multiple open-source security projects, such as the SHIVA spampot and Detux Linux sandbox. Rahul's passions lie in information security, automation, human behavior, and—of course—breaking things. He has previously worked in iSIGHT Partners, Mandiant and ZeroFOX.
Darshit Ashara currently works as Principal Security Researcher at Zscaler. With over 13 years of experience in monitoring cybercrime discussion places, providing accurate and timely intelligence to safeguard clients' environments in a proactive manner. Darshit also has experience in setting up Threat Intelligence functions, both by mentoring and training novice/junior-level analysts to become professionals in a short period of time with a structured learning approach and guidance. He has previously worked as Head of Threat Research at CloudSEK and Threat Intelligence Researcher at Intel471.