CTI Resources – Paralus LLC

This page provides links to further reading, resources, presentations, and other material referenced in Paralus training courses and workshops. This is designed to be a curated list, and not necessarily all-encompassing. If you think something important is missing, please let us know!

Cyber Threat Intelligence

General Intelligence Resources
- JP-2-0 Intelligence (older version; waiting for latest version to be publicly published)
- Psychology of Intelligence Analysis – Richards Heuer, CIA
- A Top 10 Reading List if You’re Getting Started in Cyber Threat Intelligence – Katie Nickles
- A Threat Driven Approach to Cyber Security (Lockheed Martin Kill Chain)
- Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains (Lockheed Martin Kill Chain)
- The Diamond Model of Intrusion Analysis – Sergio Caltagirone, Andrew Pendergast, & Christopher Betz
- MITRE ATT&CK Design and Philosophy
- The Targeting Process: D3A and F3EAD
IOCs and Threat Intelligence
- OpenIOC: Back to the Basics – Will Gibb & Devon Kerr
- OpenIOC Series: Investigating with Indicators of Compromise Part I (Original Source No Longer Available) – Will Gibb & Devon Kerr
- Investigating with Indicators of Compromise Part II (Original Source No Longer Available) – Will Gibb
- The Origin of the Term Indicators of Compromise – Richard Bejtlich
- Indicators and Network Defense
- Misunderstanding Indicators of Compromise – Dave Dittrich & Katherine Carpenter
- Threat Intelligence & the Limits of Malware Analysis
- The Pyramid of Pain – Dave Bianco
- Analyzing Network Infrastructure as Composite Objects
- Formulating a Robust Pivoting Methodology
- Thrunting Grounds – Amitai Cohen
Threat Intelligence and Threat Attribution
- Beyond Attribution: Seeking National Responsibility for Cyber Attacks – Jason Healey
- Conceptualizing a Continuum of Cyber Threat Attribution
- Attribution of Advanced Persistent Threats – Timo Steffens (Book)
- Strategies for Resolving the Cyber Attribution Challenge – Panayotis A. Yannakogeorgos
- Attribution of Malicious Cyber Incidents – Herbert Lin
Intelligence Focus & Prioritization
- Priority Intelligence Requirement – FIRST
- Developing Priority Intelligence Requirements – Red Hat Security
- Developing Priority Intelligence Requirements for your Cyber Threat Intelligence Program – Ondra Rojčik
- CARVER Matrix
- What Is CARVER and When Should You Use it? – Daniel Young

Threat Hunting and Operations

Threat Hunting
- A Practical Model for Conducting Cyber Threat Hunting – Dan Gunter
- Generating Hypotheses for Successful Threat Hunting – Robert M. Lee, David Bianco
- Developing an Intelligence-driven Threat Hunting Methodology
- The THOR Collective
- HUNTPEDIA: Your Threat Hunting Knowledge Compendium – Various
- Threat Hunting Series:
  - Improving through Hunting – Ben Miller
  - Hunting on ICS Networks – Dan Gunter
- Threat Hunting with Python Series:
Detection Engineering
- About Detection Engineering – Florian Roth
- On the Road to Detection Engineering – Leo Bastidas
- So, You Want to Be a Detection Engineer? – Josh Day
- Revisiting the Idea of the “False Positive”
- Focusing on “Left of Boom”
- Detection Engineering Weekly
Intelligence-Driven Threat Operations
- Intelligence-Driven Incident Response (book)
- Threat Modeling (book)

Tools and Resources

Network Resources
- Hurricane Electric Who Is
- Abuse.ch Hunting Platform
- DomainTools (Requires Account)
- SilentPush Community Edition (Requires Account)
- Censys.io (Requires Account)
- Urlscan.io (Requires Account)
- URLhaus (Requires Account)
- MXToolBox SuperTool
- Shodan.io (Requires Account)
- Validin (Requires Account)
Host Resources
Links to Tools
- CyberChef
- FLOSS Strings Tool
- OLETools
- Didier Stevens Tools
- PE Analyzer:
  - Python2
  - Python3
- CAPA Executable Analyzer
- Aldeid Digital Forensics List
- NewDomain Search
- Analysis VMs: