Module: Cyber Threat Intelligence
Academic Year: 2024–2025
This repository contains my academic assignment for the Cyber Threat Intelligence (CTI) module. The assignment covers in-depth analysis of CTI concepts, frameworks, and their practical application across multiple real-world scenarios.
| File | Description |
|---|---|
CTI.docx |
Full assignment with all questions answered and references |
README.md |
This file |
The assignment is structured around 10 questions across multiple scenarios:
- Threat Intelligence Investigation — Dark web credential exposure & VPN brute-force attack; PIR design, collection planning, enrichment techniques
- CTI Frameworks & Defensive Strategy — Intelligence Lifecycle applied to APT defense; Diamond Model and Cyber Kill Chain analysis
- CTI Lifecycle Application — C2 communication detection in a financial organization; collection strategy and indicator analysis
- Analytical Reasoning & CTI Integration — Ransomware threat intelligence; Data → Information → Intelligence transformation; ACH methodology
- Malware Campaign Analysis — Phishing-to-persistence campaign; indicator classification, correlation, and attribution
- Building an Organizational CTI Capability — Healthcare sector CTI framework; threat data processing and stakeholder dissemination
- Intelligence Evaluation and Threat Modeling — Multi-source intelligence reliability assessment using the NATO Admiralty Code; threat modeling
- Intelligence Frameworks & Strategic Decision Making — ATT&CK TTP mapping; campaign pattern recognition; strategic intelligence reporting
- Intrusion Analysis Using Analytical Frameworks — Full Kill Chain reconstruction + Diamond Model applied to a targeted intrusion scenario
- Indicators, Tactics & Threat Hunting — IOC vs TTP comparison; threat hunting hypothesis design; SIEM/EDR detection engineering
- MITRE ATT&CK — Adversary tactic and technique mapping
- Lockheed Martin Cyber Kill Chain — Intrusion stage reconstruction
- Diamond Model of Intrusion Analysis — Adversary-infrastructure-capability-victim relationships
- Analysis of Competing Hypotheses (ACH) — Structured analytical reasoning
- Pyramid of Pain — IOC vs TTP defense value
- NATO Admiralty Code — Source reliability and information credibility assessment
- STIX 2.1 / TAXII 2.1 — Threat intelligence sharing standards
- Intelligence Lifecycle — Plan → Collect → Process → Analyse → Disseminate → Feedback
- Caltagirone, Pendergast & Betz (2013) — The Diamond Model of Intrusion Analysis
- Hutchins, Cloppert & Amin (2011) — Intelligence-Driven Computer Network Defense (Lockheed Martin)
- Heuer, R.J. (1999) — Psychology of Intelligence Analysis (CIA)
- Bianco, D. (2014) — The Pyramid of Pain
- MITRE Corporation (2023) — ATT&CK Framework — https://attack.mitre.org
- OASIS (2021) — STIX 2.1 Standard
This repository is shared for portfolio and learning purposes only.
Please do not copy or submit this work as your own — that would constitute academic plagiarism.
Uliya Fatima — Student ID: 232098