Cyber Intelligence Analysis
Cyber intelligence analysis is an exciting investigative specialisation that requires technical knowledge, excellent communication and analytical skills to do well. This course covers the foundational knowledge and skills needed by aspiring cyber analysts wanting to identify adversaries most effectively by applying appropriate cyber tradecraft to produce actionable intelligence.
Students role play as cyber criminals, issue motivated groups and state-based actors to steal, damage or destroy data from staged targets. As ‘bad guys’ students learn to use cyber tradecraft to hide their activity and deceive their targets. They also experience the challenges of maintaining covert infrastructure, fake identities and minimising the evidence left behind. As ‘good guys’ they leverage this experience to spot mistakes, laziness or apathy in tradecraft and reveal cyber actors inside networks they must defend.
Students participate in hands-on exercises using burner phones, covert laptops and virtual private networks to reinforce the theory covered. They perform dynamic malware analysis using Cuckoo sandbox and deploy a honeypot to collect various types of indicators they will leverage in analysis.
Duration: 5 days
Delivery mode: Classroom
In-house: Contact the Professional Education Course Unit for more information and to arrange a quote. Recommended for groups of 10 or more.
What you will receive:
- Comprehensive notes with all slide handouts.
- Access to an online Training Portal.
- UNSW certificate of attendance.
- A Cyber-Intelligence Analyst (CA+1) silver dog tag upon completion.
- Morning tea, lunch and afternoon tea.
This course is well suited to experienced IT professionals who wish to further specialise in ‘cyber’ investigative roles in mature commercial Security Operations Centres (SOC) or National Security CERT/CIRT teams.
The following topics will be covered:
|What is a cyber intelligence analyst?|
|Why the world needs more cyber intelligence analysts.|
|What makes a good cyber analyst?|
|History of cyber espionage and cyber crime|
|Impact of cyber threats|
|Effectiveness of security controls|
|Taxonomy of cyber attacks|
|The Intelligence Life Cycle|
|Revealing capability and intent|
|What is cyber tradecraft?|
|Capitalising on poor cyber tradecraft|
|Using online personas|
|Assessing counterintelligence risks and choosing your OSINT strategy|
|Maintaining covert infrastructure and personas|
|Social media challenges|
|Investigate target personas using covert infrastructure|
|Dynamic malware analysis|
|Cyber security defences that work?|
|Capability maturity models for cyber teams|
|Evidence left behind by threat actors|
|DNS, logs, PCAPs and PasteBin|
|Beacon patterns and C2|
|Covert communications for bad guys|
|Where to capture for maximum effect?|
|How to find APTs most easily?|
|Using your persona for OSINT against different targets|
Paul Nevin is a career IT security professional having worked in forensics and investigative roles for more than twenty years. He has worked in incident response in industry, Defence and the Federal Government chasing down all kinds of bad guys by studying network traffic to find things that ‘just don’t look right’. In 2004 Paul identified his first ‘APT’ and has been researching ways to more easily identify and degrade the efforts of these cyber actors ever since. This course is the culmination of Paul’s experience investigating sophisticated cyber actors in high-value networks all over the world.
AUSTRALIAN CENTRE FOR CYBER SECURITY
The Australian Centre for Cyber Security (ACCS) is a focal point for the research of some 60 scholars from various faculties across UNSW who conduct research work on different aspects of cyber security. The Centre is based in Canberra at the Defence Force Academy that provides both advanced research as well as undergraduate and graduate education on cyber security. ACCS brings together the biggest concentration of research and tertiary education for the multi-disciplinary study of cyber security in any single university in the Southern hemisphere. A number of ACCS scholars, in areas ranging from information technology and engineering to law and politics, have significant international reputations for their work.
firstname.lastname@example.org W: www.accs.unsw.adfa.edu.au No dates? Or unable to attend dates shown? Submit an Expression of Interest below to be notified of upcoming courses.