All Episodes
Displaying 21 - 40 of 70 in total
Episode 21 — Systematize collection with repeatable, scalable workflows
To move from a reactive posture to a professional intelligence operation, an analyst must systematize their collection efforts using repeatable and scalable workflows....
Episode 22 — Review checkpoint: foundations locked and loaded
Success in the GCTI exam and real-world investigations depends on a rock-solid grasp of foundational concepts, making this review checkpoint a critical moment in your ...
Episode 23 — Use structured analytic techniques that sharpen judgment
Structured Analytic Techniques (SATs) are the professional tools used to remove subjectivity and sharpen judgment during complex investigations where information is in...
Episode 24 — Defeat cognitive bias before it misleads you
Cognitive biases are the "silent threats" in any investigation, capable of misleading even the most experienced analysts into reaching incorrect and dangerous conclusi...
Episode 25 — Rate sources and evidence with discipline
Rating the reliability of your sources and the credibility of your evidence with technical discipline is essential for producing intelligence that leaders can trust. T...
Episode 26 — Synthesize multi-source findings into one clear story
Synthesis is the sophisticated analytical process of merging fragmented data from disparate sources into a singular, cohesive narrative that explains an adversary's ac...
Episode 27 — State confidence and uncertainty like a pro
Communicating the level of certainty in your findings is a hallmark of professional intelligence, requiring the use of standardized "words of estimative probability" t...
Episode 28 — Form testable hypotheses that survive scrutiny
A hypothesis-driven approach is essential for focused investigations, allowing an analyst to move beyond aimless data browsing to a structured search for the truth. Th...
Episode 29 — Avoid analytic pitfalls that sink good teams
Even the most talented intelligence teams can be derailed by common analytic pitfalls that lead to flawed conclusions and wasted resources. This episode examines the d...
Episode 30 — Triage indicators into true intelligence value
Effective indicator triage is a vital skill for managing the flood of data that enters a modern security operations center, ensuring that analysts focus on signals wit...
Episode 31 — Pivot from domains to infrastructure with intent
Pivoting with intent is the art of using a single technical indicator to map out an adversary's broader offensive infrastructure with surgical precision. This episode ...
Episode 32 — Run link analysis that reveals hidden clusters
Link analysis is a powerful visualization technique used to uncover the "connective tissue" between seemingly unrelated technical artifacts and adversary campaigns. Th...
Episode 33 — Exploit passive DNS for historical context
Passive DNS (pDNS) is a critical forensic resource that provides a historical record of domain-to-IP resolutions, allowing an analyst to see how an adversary's infrast...
Episode 34 — Leverage WHOIS and registration breadcrumbs smartly
WHOIS records and registration metadata provide vital "human breadcrumbs" that can link digital infrastructure to the actual individuals or organizations behind an att...
Episode 35 — Cluster weak signals into compelling hypotheses
The ability to identify "weak signals"—subtle, seemingly unrelated anomalies—and cluster them into a compelling investigative hypothesis is what defines a master threa...
Episode 36 — Validate every pivot without chasing ghosts
Analytical discipline requires that every technical pivot be rigorously validated to ensure that the investigation remains grounded in fact rather than descending into...
Episode 37 — Review boost: analysis and pivoting mastery
This mid-course review boost is designed to solidify your mastery of advanced analytical frameworks and the technical art of multi-stage pivoting. This episode synthes...
Episode 38 — Read malware behavior to surface adversary goals
Analyzing the dynamic behavior of malware within a controlled sandbox environment provides direct insights into the adversary's ultimate tactical and strategic goals. ...
Episode 39 — Extract static malware features that travel well
Static malware analysis allows for the extraction of technical features that are "durable" and "portable," making them ideal for sharing across a global intelligence c...
Episode 40 — Pivot on malware metadata for campaign reach
Malware metadata often contains "unintentional clues" left by the developers that allow an analyst to pivot and uncover the full scope of a global campaign. This episo...