Identifying Adversary TTPs

CyberDefenses Academy



Available Upon Request


Available Upon Request

Delivery Method

Classroom & Online


Certification of Completion

Audience / Level



Intro to Threat Intelligence


Laptop required

Course Details

Program Introduction

This class introduces students to methods of profiling TTPs observed in open source or through internal collection. A series of interactive labs guide the students in deriving TTPs from observation and analysis. Students then apply models that map logical components to classifications of TTPs to look for gaps or missing pieces to the technique, procedure or tactic profiled. When a student departs this class they will have a practical understanding, confidence and experience to model and profile TTPs observed in internal or external intelligence.

This course is 90% labs and it’s through the use of the interactive labs that the student learns how to identify and profile Tactics, Techniques and Procedures.

Course Objectives

  • It’s designed for those with an interest in using Threat Intelligence tasks to identify elements of an adversary’s operations.
  • It conveys the necessary concepts, principles and terms to lay down a solid foundation.
  • It is an introductory class on several tracks CDI offers for the professional starting out.

Target Student

  • Individuals new to or desiring a better understanding of how to understand Threat Intelligence concepts.
  • Professionals who deal with technical issues, but feel they do not have enough background in Threat Intelligence.
  • Technical professionals that need to be armed with greater knowledge of incident response, Threat Intelligence and their role in resolving incidents.


Monty St John
Monty St John is a computer science and information security expert, U.S. Navy and U.S. Air Force veteran, certified instructor, and author of dozens of classes for CyberDefenses. He has assisted numerous companies build and accredit laboratories, threat teams, and security operations centers. He’s also a prolific writer with two upcoming technical volumes set for 2018; Game Designer and Speaker. Learn more about Monty St John

Additional Information

  • Laptop required
  • Requires basic knowledge of computers, technology and command line interface (CLI)
    • Open and operate browsers
    • Find and use command line
    • Execute scripts
  • Requires knowledge of Linux
  • Requires basic knowledge of Threat Intelligence
  • Understanding of virtual machines (VM) and how to use one.
    • Understand how to import and power on a VM
Follow up this course with another one of CDI’s offerings:
  • Intro to Threat Intelligence
  • CHRIME for Threat Intelligence
  • Threat Intelligence Fundamentals

Course Outline

  • Introduction
  • Profiling
  • Correlation & Analysis
  • Collection
  • Investigation
  • Modeling
  • Wrap-up & Close