CTI-fundamentals
A collection of papers, blogs, and resources that make up the quintessential aspects of cyber threat intelligence
CTI Theory
| Authour | Description | Resource URL |
|---|---|---|
| iSIGHT Partners | The first definitive guide to cyber threat intelligence ever produced | cti-guide.pdf |
| David J. Bianco | Analysing relationships between the types of indicators you might use to detect an adversary's activities and how much pain it will cause them when you are able to deny those indicators to them | the-pyramid-of-pain.html |
| Lockheed Martin | The Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for the identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective | Cyber_Kill_Chain.pdf |
| Mercyhurst University Institute for Intelligence Studies | The Analyst’s Style Manual is a product intended to assist student analysts with the many perplexing and complex rules they should follow in producing written intelligence products | analysts_style_manual.pdf |
| Freddy M | The Intelligence Architecture Map is based on interviews of industry experts, former intelligence practitioners, and Freddy's personal views. It represents a logical and meaningful way of how different aspects of producing intelligence should be put together. | intelligence-architecture-map-freddy-m |
Adversary Intelligence
| --- | --- | --- | | Mandiant | Mandiant's unprecedented report linking APT1 to China's 2nd Bureau of the People's Liberation Army (PLA) General Staff Department's (GSD) 3rd Department (Military Cover Designator 61398). | mandiant-apt1-report.pdf |
The Cyber Underground
| Authour | Description | Resource URL |
|---|---|---|
| RAND Corporation | This report describes the fundamental characteristics of cybercriminal black markets and how they have grown into their current state in order to give insight into how their existence can harm the information security environment | RAND_RR610.pdf |
| @Bank_Security | HUMINT activities during undercover operations are fundamental as a part of Cyber Intelligence activities. This guide shares insights how someone could engage Threat Actors during undercover operations in the cybercriminal underground | cyber-intelligence-humint-operations |
Vulnerability Intelligence
| Authour | Description | Resource URL |
|---|---|---|
| Google Project Zero | GP0 has compiled a spreadsheet of 0day vulnerabilities leveraged in the wild by threat actors before the vendors were aware of them | 0days "In the Wild" |