2 days10:00 – 16:00

Threat Intelligence & Attribution Analyst

Learn how to collect information on cyber threats and enrich cybersecurity processes with TI&A data to yield more effective incident response and monitoring.


Modern cybersecurity wouldn’t be where it is today without threat intelligence (TI). TI lies at the heart of any effective IS solution, enriching it with data and information from previously hidden areas of the Internet. By monitoring dark corners such as hacker forums and the dark web, TI analysts are able to see the bigger picture and attribute criminal behavior more accurately.

Group-IB’s Threat Intelligence & Attribution Analyst course teaches how to collect actionable intel from all types of sources, both public and closed, and how to interpret this data and spot signs of attack preparation. As with all Group-IB courses, lessons will include practical exercises based on real cases handled by the company’s TI team. This approach was chosen to ensure that you can immediately apply what you learn in your day-to-day activities.

Course description:

This two-day intensive course is designed to give both existing and future threat intelligence analysts the information and tools they need to expand their capabilities. You’ll be shown where to look for information and how to interpret what you find, as well as what the current threat landscape looks like.

Although there is a schedule, the structure of each class is not set in stone. The goal of each Group-IB course is not only to teach you about the latest cybersecurity methods but also to provide a space where experts can network. As such, you are encouraged to engage with the instructor and other participants, thereby making the most of the experience.

Day 1

To understand and interpret threat intelligence data accurately, TI analysts must have a thorough understanding of the threat landscape. That is why the first part of the day will be dedicated to a discussion about current cybercrime trends, recent attacks, popular schemes, and the TTPs threat actors use. You’ll then learn how to identify the specific trends that are targeting (or could target) your company.

A big part of intelligence gathering entails analyzing public sources, so instructors will share tips and best practices for collecting, processing, and verifying IoCs, as well as information on relevant threats from open-source resources, documents, and more.

The best threat intelligence, however, comes from the source itself. Our instructors will talk about the cybercriminal underground and how to monitor and exploit hacker communities to obtain more information about threat actors. We will also look at criminal infrastructure and how to detect attack preparation within it.

The last (and most exciting) part of the day will be the hands-on practice. You will get a first-hand look at the Group-IB Threat Intelligence & Attribution system and have the opportunity to use it. You’ll be given exercises and work with reports and other resources to detect IoCs that are relevant to your company.

Day 2

You will spend the day working with Group-IB Threat Intelligence & Attribution (TI&A). You will start with a general overview of TI&A and analyze the individual elements of the system. You will learn about how to profile attackers with TI&A, monitor underground forums for cybercriminal activity, and form analyses of attacker TTPs based on MITRE ATT&CK®.

After, you’ll be introduced to the practical application of TI&A, specifically how to use the system to hunt for threats and protect your network security. Moreover, you’ll be shown how to detect leaks and other compromised data early; counteract, block, and investigate phishing attacks; and monitor for and block instances of brand abuse.

At the end of the day, all participants will take a test that will determine their eligibility for the «Certified Threat Intelligence Analyst» certificate.

To successfully pass the course you will need:
  • Knowledge of network technologies and security solutions
  • Understanding how cyberattacks are carried out against organizations
  • Understanding of how malware operates

After this course, you’ll be able to:

  • Collect information from open sources, public reports, and private/underground forums
  • Work with IoCs
  • Identify attacker infrastructure used for targeted attacks during the preparation stage
Who can benefit from this course?
Incident Response professionals
Technical specialists with experience in information security
Digital Forensics specialists
SOC teams
TI enthusiasts (any level)

What you’ll receive

Lecture videos and practical materials used during training


Valuable insights from an industry leader in threat intelligence

Valuable experience and information you can put into practice and use professionally

Why Group-IB?

Experience in international investigations

Our training courses are based on 1300+ successful investigations worldwide.

Technical expertise

All courses are led by GCFA-, EnCE- and MCFE-certified experts.

Practicing experts

The course instructors are current Group-IB specialists, which translates to the most up-to-date and first-hand information for course participants.

Stimulating practical training

Practical exercises based on real-life cases make up 70% of the course.

Continuously updated program

Course materials are regularly updated with new cases from Group-IB’s experience, which ensures that the course program always reflects the latest trends.

Comprehensive development

Group-IB’s training courses provide a wide range of competencies for creating an effective information security department in any company.

Individual learning approach

Send us a request for an individual consultation on Group-IB technical training courses

Get new report
Ransomware Uncovered 2021/2022

The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®


We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.