Mar 27, 2022
A Review of FOR578 Cyber Threat Intelligence
Why take this course?
For me Threat Intelligence has been an area of interest. Many organizations are still in the mindset and position of being very reactive. You notice something odd and investigate it further. However, not a lot of organizations are as proactive, where they go our and research threat actors/adversaries. Or building their own threat intel database that covers incidents within their own org. And, with that not just pulling in public and private threat feeds. But, also building your own indicators, and additional defensive mechanisms. This course will teach you all of that and much more!
Day 1
You will learn about actual incidents and case studies that took place. And, how CTI (Cyber Threat Intelligence) played a huge role in identifying each threat actor. There are topics just on general “what is threat intelligence”, and different threat models that can be used to develop a program. Overall, day 1 is very much a more theory and introduction type of day.
Day 2
Day 2 things start to get more fun! There is lots of learning about the kill chain life cycle, and really understanding how it functions in respect to threat intel. There are great topics on more detailed threat models, how to apply them and how to analyze various types of logs for key indicators. You also get a good grasp on networking, and forensics analysis techniques.
Day 3
For Day 3, most of it is spent learning about various collection sources and techniques. There are also sections on building visual relationships among indicators and other key sources. Lots of information on types of different threat feeds that can be used, and how they can be most effective. The one thing I really enjoyed for Day 3 is all the case studies you go through and learn. It really puts the topics into perspective in the real working world.
Day 4
So, for Day 4, look forward to learning how to produce your own threat intel. And also, how do conduct analysis on all this threat data you either are receiving or creating on your own. You’ll learn about various threat platforms and additional tools that can help store and analyze key indicators. This was one of my favorite days as it included a lot more technical lab work.
Day 5
Day 5 deals more with attribution of adversaries and campaigns that may include them. The existing part for this day for me was learning about building and understanding YARA rules. It’s a great tool to help hunt down known attacks through various known adversarial key indicators. Once again, there are lots of great case studies that really show how these skills can be applied in the real world. You’ll get to see real life examples of how attribution can be applied to known or unknown adversaries.
Day 6
Day 6 is fun and really is an optional day. However, I highly recommend you take advantage of it. This is a chance to meet people in your class. And, also put your newly acquired skills to the test. Capstone projects are always fun, because you get a chance to use this knowledge on an actual real-life problem. I won’t go into details on the project itself because that would ruin the fun. But if you have a chance to attend Day 6 go for it and go in with an open mindset. You are not going to be an expert on Day 6, but you will realize how much you have learned. And, how you can apply this knowledge to everyday cyber security tasks.
Final verdict
Overall, this was a fun course and there was a lot to learn and bring back to the workforce. If you have any interest in threat intel or are looking to build out a threat intel team. This is a must course for you to take and build off!
If you plan to challenge the GCTI exam, check out my post on how to prepare for it –> https://www.stealthbay.com/passing-the-gcti-exam/
Have you taken the FOR578: Cyber Threat Intelligence course? Or have any other questions?
Post your comments below!
2 Responses to “A Review of FOR578 Cyber Threat Intelligence”
Trackbacks/Pingbacks
- Passing the GCTI Exam - StealthBay - […] A Review of FOR578 Cyber Threat Intelligence […]
My name is Harry Taheem
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like 
Thank you for sharing your experience Specific we don’t have a lot to reviews about SANS exam or Threat intelligence exam. I want to ask you about the time you will take it to study because I’m a beginner + I’m not Native speaker so my English language not very good what do you think the time I will take to study the certificate ?
thank you
Honestly, treat it like any other SANS exam. Read the material, work on the labs and really understand the material. If you do that, you should not have any issue passing the exam. But you need to put in the time for it. A lot of people think they can read it once and pass the exam. It takes effort, discipline and passion for learning the material to pass the exam. Good luck and wish you a pass on the exam! 🙂