\documentclass[10pt,a4paper]{article}

% Packages
\usepackage{fancyhdr}           % For header and footer
\usepackage{multicol}           % Allows multicols in tables
\usepackage{tabularx}           % Intelligent column widths
\usepackage{tabulary}           % Used in header and footer
\usepackage{hhline}             % Border under tables
\usepackage{graphicx}           % For images
\usepackage{xcolor}             % For hex colours
%\usepackage[utf8x]{inputenc}    % For unicode character support
\usepackage[T1]{fontenc}        % Without this we get weird character replacements
\usepackage{colortbl}           % For coloured tables
\usepackage{setspace}           % For line height
\usepackage{lastpage}           % Needed for total page number
\usepackage{seqsplit}           % Splits long words.
%\usepackage{opensans}          % Can't make this work so far. Shame. Would be lovely.
\usepackage[normalem]{ulem}     % For underlining links
% Most of the following are not required for the majority
% of cheat sheets but are needed for some symbol support.
\usepackage{amsmath}            % Symbols
\usepackage{MnSymbol}           % Symbols
\usepackage{wasysym}            % Symbols
%\usepackage[english,german,french,spanish,italian]{babel}              % Languages

% Document Info
\author{csthrowaway}
\pdfinfo{
  /Title (cs445-cyber-threat-intelligence.pdf)
  /Creator (Cheatography)
  /Author (csthrowaway)
  /Subject (CS445: Cyber Threat Intelligence Cheat Sheet)
}

% Lengths and widths
\addtolength{\textwidth}{6cm}
\addtolength{\textheight}{-1cm}
\addtolength{\hoffset}{-3cm}
\addtolength{\voffset}{-2cm}
\setlength{\tabcolsep}{0.2cm} % Space between columns
\setlength{\headsep}{-12pt} % Reduce space between header and content
\setlength{\headheight}{85pt} % If less, LaTeX automatically increases it
\renewcommand{\footrulewidth}{0pt} % Remove footer line
\renewcommand{\headrulewidth}{0pt} % Remove header line
\renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit
% This two commands together give roughly
% the right line height in the tables
\renewcommand{\arraystretch}{1.3}
\onehalfspacing

% Commands
\newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour
\newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols
\newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns
\newcommand{\tn}{\tabularnewline} % Required as custom column type in use

% Font and Colours
\definecolor{HeadBackground}{HTML}{333333}
\definecolor{FootBackground}{HTML}{666666}
\definecolor{TextColor}{HTML}{333333}
\definecolor{DarkBackground}{HTML}{A3A3A3}
\definecolor{LightBackground}{HTML}{F3F3F3}
\renewcommand{\familydefault}{\sfdefault}
\color{TextColor}

% Header and Footer
\pagestyle{fancy}
\fancyhead{} % Set header to blank
\fancyfoot{} % Set footer to blank
\fancyhead[L]{
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{C}
    \SetRowColor{DarkBackground}
    \vspace{-7pt}
    {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent
        \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}}
    }
\end{tabulary}
\columnbreak
\begin{tabulary}{11cm}{L}
    \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{CS445: Cyber Threat Intelligence Cheat Sheet}}}} \\
    \normalsize{by \textcolor{DarkBackground}{csthrowaway} via \textcolor{DarkBackground}{\uline{cheatography.com/201525/cs/45438/}}}
\end{tabulary}
\end{multicols}}

\fancyfoot[L]{ \footnotesize
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{LL}
  \SetRowColor{FootBackground}
  \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}}  \\
  \vspace{-2pt}csthrowaway \\
  \uline{cheatography.com/csthrowaway} \\
  \end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}}  \\
   \vspace{-2pt}Not Yet Published.\\
   Updated 28th January, 2025.\\
   Page {\thepage} of \pageref{LastPage}.
\end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}}  \\
  \SetRowColor{white}
  \vspace{-5pt}
  %\includegraphics[width=48px,height=48px]{dave.jpeg}
  Measure your website readability!\\
  www.readability-score.com
\end{tabulary}
\end{multicols}}




\begin{document}
\raggedright
\raggedcolumns

% Set font size to small. Switch to any value
% from this page to resize cheat sheet text:
% www.emerson.emory.edu/services/latex/latex_169.html
\footnotesize % Small font.

\begin{multicols*}{3}

\begin{tabularx}{5.377cm}{x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{4}{x{5.377cm}}{\bf\textcolor{white}{Chapter 1: Intro to CTI}}  \tn
% Row 0
\SetRowColor{LightBackground}
What is \seqsplit{Intelligence}? Humit, Geoint, Masint, Sigint, Osint (focus) & \seqsplit{Intelligence} \seqsplit{lifecycle:} \seqsplit{Operational} \seqsplit{environment} -\textgreater{} Data collected -\textgreater{} Data will be processed and exploited to obtain \seqsplit{information} -\textgreater{} \seqsplit{Information} will be analysed and utilised -\textgreater{} \seqsplit{Intelligence} & Analysis: 1. Requires analysts to immerse \seqsplit{themselves} into ambiguous \seqsplit{situations}. Data/Info may not be useful, so need to generate \seqsplit{hypothesis} to determine possible answers. \seqsplit{Hypothesis} is then tested against evidence. 2. \seqsplit{Analytical} \seqsplit{judgements} should have process searching for, sorting, \seqsplit{structuring} and \seqsplit{evaluating} \seqsplit{data/info.} Even if not enough time or data, decision should still be made. & Forensic process: \seqsplit{systematic} \seqsplit{investigation} used to uncover what happened during an incident (like a \seqsplit{cyberattack)} by examining the evidence. The goal is to gather facts that are \seqsplit{defensible}, \seqsplit{repeatable}, and \seqsplit{understandable}. \tn 
% Row Count 39 (+ 39)
% Row 1
\SetRowColor{white}
\seqsplit{Defensibility:} Your \seqsplit{conclusions} must be backed by evidence. & \seqsplit{Repeatability:} Another \seqsplit{investigator} should be able to follow your process and reach the same \seqsplit{conclusion}. & \seqsplit{Understandability} : Your findings must be clear and easy to explain to others, including \seqsplit{non-technical} people (like \seqsplit{executives} or law \seqsplit{enforcement)}. & Everyone views issues in different ways. \seqsplit{Perception} should be active instead of passive one (dont passively accept data, actively interpret it) \tn 
% Row Count 54 (+ 15)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{4}{x{5.377cm}}{\bf\textcolor{white}{Chapter 1: Intro to CTI (cont)}}  \tn
% Row 2
\SetRowColor{LightBackground}
Dont let your views cloud your analysis since critical \seqsplit{situations} are ambiguous \seqsplit{situations}. & WannaCry: \seqsplit{Ransomware} worm that exploit a \seqsplit{vulnerability} in windows os. Infected 300k machines. Adversary from north korea. & Adversary intent one of the hardest questions to crack in cyber security. \seqsplit{Understanding} actor intent helps structure defenses. & What is CTI? Gathering, \seqsplit{processing}, analysing \seqsplit{information} about potential \& active cyber threats. Goal is to help \seqsplit{organisations} make better security decisions by staying ahead of \seqsplit{criminals.} \tn 
% Row Count 19 (+ 19)
% Row 3
\SetRowColor{white}
Info vs Intel: 1. Info: Raw, \seqsplit{unfiltered} feed, non \seqsplit{actionable}. 2. Intel: Processed, sorted \seqsplit{information}, \seqsplit{actionable} & Why use CTI? Prevent, mitigate, solve threats. Make correct decisions to: 1. Prevent \seqsplit{significant} losses 2. Keep ourselves safe. 3. Protect \seqsplit{sovereignty} of our society. & Assets: Anything valuable that needs \seqsplit{protection} & \seqsplit{Vulnerability:} Weakness that can be \seqsplit{exploited.} \tn 
% Row Count 36 (+ 17)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{4}{x{5.377cm}}{\bf\textcolor{white}{Chapter 1: Intro to CTI (cont)}}  \tn
% Row 4
\SetRowColor{LightBackground}
Threat: Something that can exploit a \seqsplit{vulnerability} to harm an asset. & Risk: \seqsplit{Likelihood} \& impact of a threat \seqsplit{exploiting} a \seqsplit{vulnerability}. & Threat actors: 1. Nation states: big 4 (russia, china, north korea, iran) 2. \seqsplit{Hacktivists:} \seqsplit{Individuals} or group with political \seqsplit{motivations}. 3. Cyber \seqsplit{criminals:} Attackers seeking financial gain. & Zero day \seqsplit{vulnerability:} \seqsplit{Vulnerability} that hasnt been discussed or patched yet. \tn 
% Row Count 20 (+ 20)
% Row 5
\SetRowColor{white}
Advantage of \seqsplit{Intelligence} led security: 1. Mitigate risk, 2. Help make better \seqsplit{decisions.} 3. \seqsplit{Prioritise} resources, 4. Ensure value of \seqsplit{operations}. 5. Sync between intel and core business & \seqsplit{Understand} true risk -\textgreater{} Inform business and develop risk \seqsplit{mitigation} -\textgreater{} Build proactive and reactive \seqsplit{strategies} -\textgreater{} Demand right budgets + drive right \seqsplit{investments}. & Types of CTI: 1. Strategic, 2. \seqsplit{Operational}, 3. Tactical & Strategic \seqsplit{intelligence:} Focused on high level trends and \seqsplit{adversarial} motives, leverage this \seqsplit{understanding} to engage in strategic security and business decision making. \seqsplit{Stakeholders:} C suite, Executive board, Strategic intel. (who/why \seqsplit{questions)} \tn 
% Row Count 45 (+ 25)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{4}{x{5.377cm}}{\bf\textcolor{white}{Chapter 1: Intro to CTI (cont)}}  \tn
% Row 6
\SetRowColor{LightBackground}
Tactical \seqsplit{intelligence:} Focused on \seqsplit{performing} malware analysis and take in \seqsplit{behavioural} threat \seqsplit{indicators} into defensive \seqsplit{cybersecurity} systems. \seqsplit{Stakeholders:} SOC analyst, SIEM, firewall, IDS. (What \seqsplit{questions)} & \seqsplit{Operational} \seqsplit{intelligence:} Focused on \seqsplit{understanding} \seqsplit{adversarial} \seqsplit{capabilities}, \seqsplit{infrastructure}, TTPs and leverage that \seqsplit{understanding} to conduct more targeted and \seqsplit{prioritised} \seqsplit{cybersecurity} \seqsplit{operations}. \seqsplit{Stakeholders:} 1. Threat hunter, 2. SOC analyst, 3. Incident response, 4. \seqsplit{Vulnerability} \seqsplit{management.} \seqsplit{(How/Where} \seqsplit{questions)} & TTP: Tactics: Describe what an adversary is trying to \seqsplit{accomplish}. Aka tactical \seqsplit{objective.} 2. \seqsplit{Technique:} \seqsplit{Represents} how the threat actor achieves tactical \seqsplit{objective.} 3. \seqsplit{Procedures:} Analysis of \seqsplit{procedures} used by adversary can help \seqsplit{understand} what the adversary is looking for within target \seqsplit{infrastructure}. & Models to convey cyber activity: 1. Mandiant Attack Lifecycle (to be covered in detail) 2. Mitre attack: Framework that maps out tactics \& \seqsplit{techniques} used by \seqsplit{attackers.} 3. Diamond model of Intrusion, 4. Pyramid of Pain \tn 
% Row Count 32 (+ 32)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{4}{x{5.377cm}}{\bf\textcolor{white}{Chapter 1: Intro to CTI (cont)}}  \tn
% Row 7
\SetRowColor{LightBackground}
Diamond Model of Intrusion Analysis: Framework used in \seqsplit{cybersecurity} to help analysts \seqsplit{understand} \seqsplit{cyberattacks} by \seqsplit{identifying} the key \seqsplit{components} of an intrusion and the \seqsplit{relationships} between them. 1. Adversary – The attacker (e.g., hacker group). 2. Victim – The target (e.g., company, person, or system). 3. \seqsplit{Capability} – The tools or methods the attacker used (e.g., malware, \seqsplit{phishing).} 4. \seqsplit{Infrastructure} – The resources used to carry out the attack (e.g., IP addresses, domains). & Pyramid of Pain: How hard it is to change attack \seqsplit{indicators}. Bottom is hash values since tiny changes in file can produce \seqsplit{completely} different hash output. Top is TTPs since attackers core methods are difficult to change quickly. & Estimate language to convey \seqsplit{uncertainty:} 1. High \seqsplit{confidence} level (100\%): Certain (75\%), highly likely, likely, 2. Medium \seqsplit{confidence} level (50\%): Even/May, 3. Low \seqsplit{Confidence} level (25\%): Unlikely, Highly unlikely, \seqsplit{Impossible}. &  \tn 
% Row Count 49 (+ 49)
\hhline{>{\arrayrulecolor{DarkBackground}}----}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{4}{x{5.377cm}}{\bf\textcolor{white}{Chapter 2: CTI Ops}}  \tn
% Row 0
\SetRowColor{LightBackground}
Cyber \seqsplit{espionage:} Means to gather sensitive or \seqsplit{classified} data, trade secrets or other forms of \seqsplit{intellectual} property that can be used by threat actor for an \seqsplit{advantage.} & Financial crime: Illegal activties whose primary goal is to make money. & \seqsplit{Hacktivism:} \seqsplit{Individual} or group who utilises hacking \seqsplit{techniques} to promote a political or social agenda. & \seqsplit{Information} \seqsplit{operations:} \seqsplit{Coordinated} actions taken to influence, disrupt or exploit an adversary decision making process. \tn 
% Row Count 17 (+ 17)
% Row 1
\SetRowColor{white}
Analyst \seqsplit{Tradecraft:} 1. \seqsplit{Intelligence} Analysis: Like \seqsplit{detectives} piecing together clues, CTI analysts use reasoning to figure out what happened and why. 2. \seqsplit{Technology} \seqsplit{Expertise:} Analysts need to \seqsplit{understand} hardware and software \seqsplit{engineering}, systems \seqsplit{integration}, networks and protocols, exploits and \seqsplit{vulnerabilities} to spot issues. & Challenge of \seqsplit{attribution} and response: When \seqsplit{attempting} to find out who is behind an attack, Incident \seqsplit{responders} typically assess both \seqsplit{indicators} of \seqsplit{compromise} (IoCs) and attack tactics, \seqsplit{techniques} and \seqsplit{procedures} (TTPs) that had been observed during an attack. IoCs are good place to start but an attacker \seqsplit{infrastructure} like IP address, domains can be easily spoofed or generated which will obfuscate their real identity. & 2 types of thinking ( System 1 - intuition, fast,  permits quick \seqsplit{judgement.} How we perceived the world around us System 2 - \seqsplit{analytical}, slow, \seqsplit{deliberate}, slow thinking process. Activated when we do something that does not come naturally and requires some thinking through. ) & Cognitive bias in CTI: Cognitive biases are mental shortcuts that sometimes lead us astray. Think of them as illusions for the brain. \tn 
% Row Count 60 (+ 43)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{4}{x{5.377cm}}{\bf\textcolor{white}{Chapter 2: CTI Ops (cont)}}  \tn
% Row 2
\SetRowColor{LightBackground}
5 most common \seqsplit{analytical} traps: 1. Failing to consider multiple \seqsplit{hypotheses} or \seqsplit{explanations}. 2. Ignoring \seqsplit{inconsistencies}. 3. Reject evidence that does not support the \seqsplit{hypothesis}. 4. \seqsplit{Insufficient} resources to capture key evidence. 5. \seqsplit{Improperly} \seqsplit{projecting} past \seqsplit{experience}. & Failure to consider \seqsplit{visibility:} Form of failing to consider multiple \seqsplit{hypotheses} or \seqsplit{explanations}. Different \seqsplit{organisations} have different views of threat \seqsplit{landscape.} Your \seqsplit{environment}, your country, your industry. Example: \seqsplit{Suspicious} email with unknown backdoor sent to CFO, must be targeted. But this activity is hitting customers of european based banks, must be a \seqsplit{regionally} focused cyber crime. & Mixing facts with \seqsplit{assessments:} Result in failure to cope with evidence of uncertain accuracy. Example:  Team wombat domain \seqsplit{news.myworldnews.com} resolved to same IP address as \seqsplit{mail.mediacorp.com.} (fact) Possible \seqsplit{misinterpretation} as \seqsplit{mail.mediacorp.com} is \seqsplit{attributable} to team wombat \seqsplit{(assessment)}. & Failing to properly vet sources: threat \seqsplit{intelligence} lives and dies on the quality of inputs, garbage in and garbage out. However, many \seqsplit{organisations} start their threat \seqsplit{intelligence} program by signing up for a series of open source threat feeds without a proper vetting process in place. Can result in a flood of alerts that are difficult to trust or \seqsplit{differentiate}. \tn 
% Row Count 40 (+ 40)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{4}{x{5.377cm}}{\bf\textcolor{white}{Chapter 2: CTI Ops (cont)}}  \tn
% Row 3
\SetRowColor{LightBackground}
Failure to account for human action: In the landscape of computer \seqsplit{operations}, we deal with data but it is easy to forget that there is a person behind the keyboard.  Our minds naturally want to sort and \seqsplit{categorise} \seqsplit{information}, make sense of the \seqsplit{environment} but not always \seqsplit{comfortable} with grey areas. & Common Biases: 1. \seqsplit{Confirmation} Bias: Seeing what you expect to see, like ignoring evidence against your belief. 2. Ambiguity Effect: Avoiding decisions because of \seqsplit{incomplete} \seqsplit{information.} 3. Bandwagon Effect: Believing something just because everyone else does. & Impact on \seqsplit{Cybersecurity:} Bias can cause analysts to misjudge \seqsplit{situations}, like assuming an attack on multiple targets must be highly organized without verifying the evidence. & Bias is inherent and even awareness of biases not enough to \seqsplit{neutralise} them, what to do? Heuer says that when presented with an outcome, we ask ourselves the following \seqsplit{questions:} 1. If the opposite outcome had occurred, would I be \seqsplit{surprised?} 2. If this report had told me the opposite, would I believe it? 3. If the opposite outcome had occurred, would it have been \seqsplit{predictable} given the \seqsplit{information} that was \seqsplit{available.} \tn 
% Row Count 42 (+ 42)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{4}{x{5.377cm}}{\bf\textcolor{white}{Chapter 2: CTI Ops (cont)}}  \tn
% Row 4
\SetRowColor{LightBackground}
\seqsplit{Structured} \seqsplit{Analytical} \seqsplit{Techniques:} \seqsplit{Frameworks} to ensure logical and unbiased analysis. Pros: 1. Promote \seqsplit{collaboration} and clarity. 2. Show the reasoning process for \seqsplit{conclusions}, making them more \seqsplit{transparent}. & \seqsplit{Intelligence} \seqsplit{lifecycle:} 1. Planning and \seqsplit{requirements}, 2. \seqsplit{Collection}, 3. Analysis, 4. \seqsplit{Production}, 5. \seqsplit{Dissemination} and feedback & Planning and \seqsplit{requirements:} \seqsplit{stakeholders} defined, business needs and \seqsplit{information} concerns. & \seqsplit{Collection:} From \seqsplit{information} sources, raw internal and external data, open source, \seqsplit{commercial} and \seqsplit{sensitive.} \tn 
% Row Count 21 (+ 21)
% Row 5
\SetRowColor{white}
Analysis: Collation and \seqsplit{aggregation} via threat intel platform or analyst best \seqsplit{practices.} & \seqsplit{Production:} \seqsplit{Estimative} language, challenge analysis & \seqsplit{Dissemination} and feedback: Role based \seqsplit{intelligence} reporting, feedback loop firmly \seqsplit{established}. & Refer to case study for my details \tn 
% Row Count 31 (+ 10)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{4}{x{5.377cm}}{\bf\textcolor{white}{Chapter 2: CTI Ops (cont)}}  \tn
% Row 6
\SetRowColor{LightBackground}
Diamond Model : Connects the dots between attackers, victims, tools, and \seqsplit{infrastructure}. Four Elements: 1. \seqsplit{Adversary:} The attacker or group. 2. \seqsplit{Infrastructure:} Tools and assets like servers used in the attack. 3. \seqsplit{Capability:} The methods or \seqsplit{techniques} used (e.g., malware). 4. Victim: The target. & \seqsplit{Considerations} for the diamond model: 1. \seqsplit{Timestamp:} Date and time intrusion event occurred. 2. Result: Outcome of intrusion, succeed or failure or unknown. 3. \seqsplit{Direction:} How event moved through network or host (e.g victim to \seqsplit{infrastructure}, adversary to \seqsplit{infrastructure}, \seqsplit{bidirectional)} 4. \seqsplit{Methodology:} Category of event (portscan, spear phishing) 5. \seqsplit{Resources:} elements required for intrusion (e.g \seqsplit{particular} software, knowledge, funds, \seqsplit{facilities}, access rights) 6. \seqsplit{Socio-political:} \seqsplit{Relationship} between adversary and victim. 7. \seqsplit{Technology:} Tech involved in adversary \seqsplit{capabilities} and use of \seqsplit{infrastructure}. & Example: LAPSUS\$ used social \seqsplit{engineering} to breach companies like Okta and Microsoft, \seqsplit{demonstrating} how attackers exploit human and technical \seqsplit{weaknesses}. Refer to case study for more details. & Cyber Kill Chain (7 stages): 1. \seqsplit{Reconnaissance:} Spying on the target to find \seqsplit{weaknesses}. 2. \seqsplit{Weaponization:} Creating tools like malicious emails or files. 3. Delivery: Sending the malicious tool to the target. 4. \seqsplit{Exploitation:} \seqsplit{Activating} the tool to break in. 5. \seqsplit{Installation:} Planting backdoors for ongoing access. 6. Command and Control (C2): \seqsplit{Controlling} infected machines remotely. 7. Actions on \seqsplit{Objectives:} Achieving the \seqsplit{attacker's} goal, like stealing data or causing \seqsplit{disruption}. \tn 
% Row Count 61 (+ 61)
\hhline{>{\arrayrulecolor{DarkBackground}}----}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} x{1.04425 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{4}{x{5.377cm}}{\bf\textcolor{white}{Cahpter 3: Analytical Skills}}  \tn
% Row 0
\SetRowColor{LightBackground}
Cyber Assets \seqsplit{Definition:} These are resources that need \seqsplit{protection} from cyber threats. They include hardware (Physical devices like servers, computers, mobile phones, network \seqsplit{equipment)}, Software (Programs and \seqsplit{applications} such as messaging apps, operating systems), Data \seqsplit{(Information} stored digitally, including databases, documents, usernames, \seqsplit{passwords)},  People (Users who operate \seqsplit{technology} within a business), Physical \seqsplit{infrastructure} \seqsplit{(Buildings}, data centers, storage units) & \seqsplit{Objectives} of Analysts: To gather \seqsplit{information} that fills gaps in knowledge about threats or \seqsplit{operational} \seqsplit{environments.} Ask one question at a time, focus on specific \seqsplit{facts/events/activities} to support \seqsplit{decision-making}. & TTP (Tactics, \seqsplit{Techniques}, and \seqsplit{Procedures):} 1. Tactics : \seqsplit{High-level} \seqsplit{approaches} attackers use to achieve their goals, 2. \seqsplit{Techniques} : More specific methods used to carry out tactics, 3. \seqsplit{Procedures} : Detailed steps taken by \seqsplit{attackers.} & Indicator = Data + Context. An indicator is forensic data (like unusual network traffic or changes in system files) that can point to malicious activity. E.gs: Unusual Outbound Network Traffic, Log-in Red flags, Mobile Device profile changes. \tn 
% Row Count 48 (+ 48)
% Row 1
\SetRowColor{white}
Indicator Lifespan: All \seqsplit{intelligence} has a useful lifespan; it should be retired when false positives arise. \seqsplit{Adversaries} determine how long an indicator remains useful. & Pyramid of Pain: Refer to notion case study & ACH: Refer to notion case study &  \tn 
% Row Count 65 (+ 17)
\hhline{>{\arrayrulecolor{DarkBackground}}----}
\end{tabularx}
\par\addvspace{1.3em}


% That's all folks
\end{multicols*}

\end{document}