Intelligence sources

Question 1

Indicators of Compromise

Answer 1

Malware samples, IP addresses and domain names are used to update firewalls and detection systems and understand threat actors’ TTPs. These are raw data but included within CTI.

Question 2

Client-derived Data

Answer 2

Extracted from client infrastructure or SIEM/logs. Used with other sources for proactive measures like threat hunting.

Question 3

Deep Web

Answer 3

Members-only hacking forums provide insight into tools and services requested and advertised by cybercriminals. Can include exploits and inform patch prioritisation.

Question 4

Dark Web

Answer 4

Used to identify if credentials are present on marketplaces hosted on anonymity-focused networks like Tor or I2P. Also used to detect intent to target infrastructure.

Question 5

Messaging Platforms

Answer 5

Used by threat actors to communicate and sell goods/services. Preferred over semi-public forums for direct engagement.

Question 6

Cyber Activists Communication

Answer 6

Use IRC channels and messaging platforms to discuss operations, providing insight into tactics and targets.

Question 7

Social Media

Answer 7

Used by low-capability actors to signal intent. Also used by criminals to attract customers and may reveal data leaks or insider threats.

Question 8

Human Intelligence

Answer 8

Derived from engagement via various sources. Must be collected ethically and legally, complying with regulations like GDPR.

Question 9

Malware Analysis

Answer 9

Extracts indicators of compromise and helps understand threat actors’ TTPs to inform network defenders.

Question 10

Use of Geopolitical Developments in CTI?

Answer 10

Used to understand the intent of nation-state actors.

Question 11

What can be derived from Paste Sites?

Answer 11

Reveal leaked credentials, activist operations, code snippets, and breach evidence.

Question 12

Information Sharing Platforms

Answer 12

Provide context and insight into threat actors’ activity. Often divided by national or sectoral boundaries.