Threat Actor Profiling

This course teaches you how to analyze threat actors and create profiles for them. Through a structured methodology, you'll learn to distinguish between threat actors, intrusion sets, and campaigns and understand how digital infrastructure, behavioral patterns, and attack frameworks converge to enable accurate attribution.


What You'll Learn
  • Differentiate between threat actors, intrusion sets (APT28, Lazarus Group), and time-limited campaigns with dedicated infrastructure.
  • Analyze passive DNS records to trace historical domain-to-IP resolutions and link incidents to common actors.
  • Conduct WHOIS and SSL/TLS certificate analysis to surface shared registration data and identify common infrastructure.
  • Perform AS analysis to understand how threat actors select hosting providers based on takedown sensitivity.
  • Apply the Diamond Model (Adversary, Infrastructure, Capability, Victim) as a structural framework for any cyber attack.
  • Correlate events using shared TTPs, malware families, and C2 infrastructure mapped to MITRE ATT&CK.
  • Produce a structured threat actor profile through a live case study on Blind Eagle (APT-C-36).
Format

Online
Course

Created Date

Aug
25

Learners

95+

Level

Beginner

Duration

30 min

Price

Free

Created with