Back to CTI

Case StudiesCyber Threat Intelligence

Develop your threat analysis skills with real-world scenarios in cybersecurity threat intelligence.

Start a caseLearn first

Content under development

CTI case studies are currently under development and will be available soon.

Come back soon to discover realistic investigation scenarios!

Master Threat Intelligence

Cyber Threat Intelligence (CTI) requires a methodical approach and advanced analysis skills. These case studies allow you to develop the necessary expertise.

Strategic Analysis

Develop your capacity to analyze threats in their geopolitical and economic context.

Tactical Intelligence

Master TTPs analysis and attribution of attacks to specific groups.

Intelligence Production

Learn to synthesize information into actionable intelligence for decision-makers.

CTI Investigation Scenarios

Each case study simulates a real situation encountered by Cyber Threat Intelligence analysts.

Advanced
4-6 hours

APT Group Analysis

Analyze the TTPs of a sophisticated APT group and create a complete threat profile

Objectives:

  • Identify characteristic TTPs
  • Map attack campaigns
  • Attribute the responsible group
  • +1 more objectives

Tools used:

MITRE ATT&CKMISPYaraMaltego

Skills developed:

Threat attributionTTP analysisCampaign tracking
Start this case
Intermediate
3-4 hours

Malware Campaign Investigation

Track the evolution and distribution of an emerging malware family

Objectives:

  • Analyze malware samples
  • Identify C2 infrastructure
  • Track geographic propagation
  • +1 more objectives

Tools used:

VirusTotalHybrid AnalysisJoe SandboxIDA Pro

Skills developed:

Malware analysisIOC extractionInfrastructure mapping
Start this case
Advanced
5-7 hours

0-day Vulnerability Analysis

Assess exploitation of a zero-day vulnerability and its impact on the ecosystem

Objectives:

  • Understand the technical vulnerability
  • Identify exploitation vectors
  • Assess attack surface
  • +1 more objectives

Tools used:

CVE DatabaseExploitDBMetasploitShodan

Skills developed:

Vulnerability assessmentExploit analysisRisk evaluation
Start this case
Intermediate
2-3 hours

Multi-source IOC Correlation

Create an attack timeline by correlating indicators of compromise

Objectives:

  • Collect IOCs from multiple sources
  • Identify patterns and correlations
  • Build an attack timeline
  • +1 more objectives

Tools used:

MISPOpenCTITheHiveElastic Stack

Skills developed:

IOC correlationTimeline analysisMulti-source fusion
Start this case
Advanced
4-5 hours

Geopolitical Attack Attribution

Analyze a cyberattack to determine its probable geopolitical origin

Objectives:

  • Analyze attack motivations
  • Identify technical signatures
  • Study geopolitical context
  • +1 more objectives

Tools used:

MISPATT&CK NavigatorRecorded FutureThreatConnect

Skills developed:

Geopolitical analysisAttribution techniquesConfidence assessment
Start this case
Advanced
3-4 hours

Emerging Threat Prediction

Use collective intelligence to predict the next threats

Objectives:

  • Analyze current trends
  • Identify weak signals
  • Model threat evolution
  • +1 more objectives

Tools used:

ThreatCrowdAlienVault OTXIBM X-ForceVirusTotal Intelligence

Skills developed:

Trend analysisPredictive modelingStrategic planning
Start this case

CTI Methodology

Intelligence Cycle

Follow the cycle: Direction → Collection → Processing → Analysis → Dissemination → Evaluation.

Diamond Model

Analyze each incident according to 4 facets: Adversary, Infrastructure, Capability, Victim.

Pyramid of Pain

Focus on TTPs rather than IoCs for more effective defense.

Become an expert CTI analyst

Master the art of threat intelligence and contribute to your organization's security.

Learn CTI basics