We’ve been hit, how can CyberDefenses help? Incident Hotline

Cyber Defenses Academy

Identifying Adversary TTPs


Currently Unavailable - Join the waitlist to be emailed when this product becomes available

Product Description

Course Objectives

Through the user interactive labs the student will learn:

This class introduces students to methods of profiling TTPs observed in open source or through internal collection.  A series of interactive labs guide the students in deriving TTPs from observation and analysis.  Students then apply models that map logical components to classifications of TTPs to look for gaps or missing pieces to the technique, procedure or tactic profiled.  When a student departs this class they will have the practical understanding, confidence and experience to model and profile TTPs observed in internal or external intelligence.

Date & Time


CDI Academy
1205 Sam Bass Road, Suite 300
Round Rock, TX 78681
(512) 255-3700

Target Student

  • Individuals new to or desiring a better understanding of how to understand Threat Intelligence concepts.
  • Professionals who deal with technical issues but feel they do not have enough background in Threat Intelligence
  • Technical professionals that need to be armed with greater knowledge of incident response, Threat Intelligence and their role in resolving incidents.

Additional Information

  • Laptop required
  • Requires basic knowledge of computers, technology and command line interface (CLI)
    • Assume students can open and operate browsers, find and use the command line, execute scripts and open programs
  • Requires knowledge of Linux
  • No prior knowledge of Virustotal required
  • Understanding of virtual machines (VM) and how to use one.
    • Assume students understand how to import and power on a VM

Your Instructor

Monty St John

Monty St John has been in the security world for more than two decades. When he is not responding to incidents he teaches classes in Threat Intelligence, Incident Response and Digital Forensics.


Certification of Completion

Course Outline

1. Introduction

2. Public Virustotal

  • URL Reporting
  • DNS Replication Service
  • Files and File Reporting
  • Searching

3. Private Virustotal

  • Searching

4. Hunting

5. Retro Hunting

6. Using YARA to hunt

7. Wrap up and Close

What’s Next

The following CDI courses are good follow-ups:

Additional Information

Why this course?

  • The course is designed for those with an interest in using Threat Intelligence tasks to identify elements of an adversary’s operations. It conveys the necessary concepts, principles and terms to lay down a solid foundation.  If you have that requirement then it will serve your needs well.
  • The course is an introductory class on several tracks CDI offers for the beginner professional.

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.