On This Page

Practical Threat Intelligence

Threat Intelligence Pty Ltd | July 30-31 & August 1-2


Its time to put your intelligence and security skills to the test! Our completely revamped "Practical Threat Intelligence" training course has a highly technical focus supported by automated attacks across 2,000 systems infiltrating 90 virtual organisations.

Each student will be given a jump box to connect to their virtual organisation's cloud based infrastructure. Students will be provided with an in-depth and deeply practical understanding of how to implement Cyber Threat Intelligence systems within their virtual organisation to efficiently identify and prioritise threats, attacks and security breaches throughout the two day course.

Focusing on key Threat Actors and their Intent to harm your organisation, students learn the tools, techniques and practices that hackers use to fingerprint your systems, gain a foothold, analyse your environment, pivot and exfiltrate data. You will learn threat intelligence techniques to gather and analyse indicators of compromise, and what you need to do to share intelligence, and rapidly and effectively respond in order to stay ahead of the attackers

Students will learn practical concepts and skills including:

  • Evolution of Threats, Attacks and Security Breaches
  • Cost of a Security Breach and How This Cost is Triggered
  • Threat Actor Model
  • Threat Actor Intent
  • Threat Scenarios
  • Attack Techniques
  • Exfiltration Techniques
  • Privilege Escalation Techniques
  • Early Indicators of Compromise - Threats
  • Active Indicators of Compromise - Endpoint
  • Active Indicators of Compromise - Servers
  • Post-Incident Indicators of Compromise - Breaches
  • Intelligence Gathering Techniques
  • Open Source Intelligence
  • Human Intelligence
  • Counter Intelligence
  • Internal Intelligence
  • Intelligence Data Formats
  • STIX
  • CybOX
  • MAEC
  • OpenIOC
  • Intelligence Sources
  • Intelligence Aggregation Systems
  • Intelligence Architecture
  • System Analysis
  • Malware Analysis
  • Intelligence Analysis
  • Threat Intent Analysis and Response
  • Threat Data Visualisation
  • Threat Intelligence Sharing

Take your intelligence skills to the next level! Register now to secure your spot!

Who Should Take this Course

Security Team Members
Threat Intelligence Team Members

Student Requirements

Reasonable understanding of Linux and Windows command line concepts.

We have a cut and paste alternative for those who are a bit rusty on Windows or Linux. Ideally you could do most of this already.

What Students Should Bring

  • A working laptop (Windows, Mac or Linux) to run a 64-bit VMware VM
  • MINIMUM 2048 MB RAM required.
  • Ethernet network port
  • 20 GB free Hard disk space
  • LATEST version of VMware Player (or Workstation, Server, Fusion, etc.)
  • VT-X turned on in the BIOS so virtual machines can be used
  • VM downloaded and already running to avoid troubleshooting time

What Students Will Be Provided With

  • Virtual Threat Intelligence Environment
  • Student Virtual Machine
  • Practical Threat Intelligence workbook
  • Lab instructions and solutions


Andrew is an in demand speaker and trainer, with past speaking engagements at AusCERT, linux.conf.au, Black Hat, OWASP AppSec EU and AppSec USA, and training many thousands of developers and information security professionals through public and private training offerings. Andrew van der Stock is an acknowledged leader of the application security field, with over 15 years application security experience in Australia and the USA, and over 20 years' experience in the IT and System Administration fields. Andrew joined OWASP in 2002, and continued sharing his passion for information sharing by participating in and then leading the Developer Guide project, culminating in the OWASP Guide to Building Secure Software 2.0 in 2005. He led the OWASP Top 10 2007 effort, initiated and led the OWASP ESAPI for PHP effort, currently leads the OWASP Developer Guide project, and is a key contributor to the OWASP Proactive Controls. Andrew is lead author of the OWASP Application Security Verification Standard 2.0. He is the long-time moderator of the Symantec SecurityFocus webappsec mailing list. Andrew is currently on the global Board of Directors of OWASP, and has previously held the Executive Director position at OWASP and been a member of the OWASP Global Chapters Committee.