Cyber threat intelligence and investigations

November 10th, 2025 | Bucharest

Cyber threats are becoming more advanced, persistent, and targeted, making it essential for organizations to move beyond traditional defenses. 

This workshop offers a comprehensive introduction to Cyber Threat Intelligence (CTI), providing participants with both conceptual knowledge and practical skills to better understand, detect, and mitigate threats.

The session covers the four main types of threat intelligence – strategic, tactical, technical, and operational – and demonstrates how each contributes to building a proactive defense strategy. Participants will learn how to classify threat actors, from cybercriminals and hacktivists to advanced persistent threats (APTs) and insider threats. Real-world case studies, including campaigns attributed to various APT groups, will illustrate how threat intelligence is applied in practice.

Hands-on modules will introduce participants to widely used tools and frameworks. Through guided exercises, they will practice creating Indicators of Compromise (IoCs), writing YARA rules for malware detection, and developing Snort rules for network intrusion detection.

By the end of the workshop, attendees will have a clear understanding of how to collect, analyze, and apply threat intelligence to strengthen defenses, anticipate emerging risks, and support informed decision-making within their organizations.

Why is this workshop relevant?

Cyber threats are growing in sophistication, frequency, and impact

From ransomware attacks crippling global supply chains to state-sponsored espionage campaigns, organizations of all sizes face adversaries who constantly adapt their tactics. 

Traditional, reactive security measures are no longer enough – defenders need actionable intelligence to anticipate and prevent attacks before damage occurs.

This workshop delivers exactly that: a practical, hands-on introduction to Cyber Threat Intelligence (CTI)

Unlike purely theoretical sessions, it combines real-world case studies, industry-standard frameworks (MITRE ATT&CK, Diamond Model), and hands-on labs using open-source tools (VirusTotal, AlienVault OTX, AbuseIPDB, Talos Intelligence). 

Participants won’t just learn about threat intelligence – they will apply it directly by creating Indicators of Compromise (IoCs), writing YARA signatures, and building Snort detection rules.

Workshop agenda

  • Welcome, participant expectations, overview of CTI relevance.
  • What is CTI? Types (strategic, tactical, technical, operational).
  • Objectives and role in cybersecurity operations.
  • Classification of threat actors (cybercriminals, hacktivists, APTs, insiders).
  • Real-world examples: APT28 (Fancy Bear), APT35 (Charming Kitten).
  • Diamond Model & MITRE ATT&CK.
  • Indicators of Compromise (IoCs).
  • Tools: VirusTotal, AlienVault OTX, AbuseIPDB, Talos Intelligence.
  • Hands-on: Collect and analyze IoCs.
  • Integrating CTI into SOC, IR, and vulnerability management workflows.
  • Writing YARA rules for malware detection.
  • Creating Snort rules for network intrusion detection.
  • Key takeaways.
  • Discussion on applying CTI in participants’ organizations.

About the trainer

DANIEL LEU

Daniel Leu is a seasoned cybersecurity expert specializing in cyber threat intelligence, malware analysis, incident response, and security automation. With a strong background in cybercrime investigations and advanced threat hunting, he actively contributes to enhancing cyber resilience through strategic research and automation.

Currently, Daniel Leu is a cyber threat intelligence researcher focusing on identifying, tracking and analysing actors across various types of cyber campaigns with the main area of focus being financially motivated threat actors and hacktivism.

Who is it for?

This workshop is designed for cybersecurity professionals and enthusiasts who want to strengthen their understanding and application of Cyber Threat Intelligence (CTI).

The workshop is suitable for beginner to intermediate participants

Key learning objectives: 

✔ Differentiate between strategic, tactical, technical, and operational threat intelligence and understand their role in building effective cybersecurity strategies

✔ Classify threat actors (cybercriminals, hacktivists, APTs, insiders, script kiddies) and analyze their motivations, techniques, and attack methods

✔ Leverage open-source platforms and frameworks (MITRE ATT&CK, AlienVault OTX, VirusTotal, AbuseIPDB, Talos Intelligence) to collect, verify, and contextualize threat intelligence data

✔ Develop and apply Indicators of Compromise (IoCs) for use in security monitoring, detection, and response workflows

✔ Create practical detection rules by writing YARA signatures for malware identification and Snort rules for network intrusion detection

Other information & prerequisites

This workshop is designed to be accessible to beginners and intermediate-level participants. 

No advanced technical expertise is required, but some foundational knowledge will help participants get the most out of the sessions. R

ecommended prior knowledge includes: basic networking concepts, general cybersecurity awareness, familiarity with common security tools.

Technical requirements for attendees:

Technical requirements include: laptops with internet access, Linux virtual machines, Basic familiarity with command-line interfaces (Windows/Linux) for running YARA or Snort/Suricata rules.

Estimated Workshop Duration: 7 hours

Language of Instruction: English / Romanian 

Participation fee: EUR 190

FAQs

If we do not meet the minimum number of participants, you can either transfer to another workshop and pay or receive a refund for any difference in price, or opt for a full refund. You will be notified in advance and given options to choose what works best for you.

The workshop price covers food. However, accommodation is not included, but we can recommend nearby options for your convenience.

Yes, full refunds are available up to 15 days before the workshop start date. However, if you cancel after that, we can offer only 50% of the price.

You will receive an email with all the necessary details, including the workshop location, prerequisites, and schedule, at least one week before the event. If you have any immediate questions, feel free to reach out to us directly.