Masterclass Threat Intelligence.
On Saturday the 23rd of March I was invited to a masterclass about Threat Intelligence given by the CCB.
The day began early in the morning at the new campus of Howest in Bruges. The air was crisp, and there was a buzz of excitement as participants arrived for the highly anticipated class. At 8:30, we were warmly greeted by the two teachers, Sandro Manzo and Niels Desloover, who welcomed us with an inviting spread of coffee and breakfast. The warm beverages and delicious pastries provided a perfect start to the day, helping to shake off any lingering morning grogginess.
At 9:00 sharp, we officially began the class. The first item on the agenda was introductions. Each participant stood up to introduce themselves and explain why Threat Intelligence was important to them. This exercise not only broke the ice but also highlighted the diverse motivations and backgrounds of the attendees. I attended this class because Threat Intelligence has a significant correlation with my Bachelor Thesis, and I was eager to deepen my understanding of the subject.
Following the introductions, Sandro and Niels launched into the theoretical portion of the class. They provided us with the foundational knowledge necessary to understand the complexities of Threat Intelligence. Their lecture was engaging, punctuated with real-world examples to illustrate key concepts. To keep everyone actively involved, they asked us to form groups of two or three and prepared questions for us to discuss. This interactive approach ensured that the class remained lively and that everyone stayed alert. One of the questions posed to my group was: “How did DDOS evolve?” This prompted a stimulating discussion and exchange of ideas.
By 12:20, it was time for a much-needed lunch break. The organizers provided an assortment of sandwiches and both still and sparkling water. This break gave us an opportunity to relax and engage in friendly conversations with our peers. It was a pleasant interlude, allowing us to recharge before diving into the practical session scheduled for the afternoon.
At 13:00, we reconvened, starting the afternoon with a brief continuation of the theoretical material, as Sandro had not managed to cover everything in the morning session. Once the additional theory was covered, Niels Desloover took over to lead us through the practical aspects of Threat Intelligence. He introduced us to the Malware Information Sharing Platform (MISP), an open-source threat intelligence platform. Niels demonstrated how to add new feeds into MISP, and importantly, how to supplement feeds that might have incomplete information—illustrating how to fill in the gaps when a feed has only about 75% of the necessary data, ensuring it becomes fully functional and useful.
After thoroughly explaining the functionalities of MISP, Niels shared a few interesting links and programs that could further aid our understanding and application of Threat Intelligence. These resources were invaluable, providing additional tools and knowledge that we could incorporate into our work.
The day was a blend of theory and hands-on practice, structured in a way that maximized learning and engagement. The thoughtful combination of interactive elements and practical demonstrations made the class both informative and enjoyable. By the end of the day, I felt equipped with a deeper understanding of Threat Intelligence and its applications, ready to apply this knowledge to my Bachelor Thesis and future endeavors. The experience was enriching, providing not just educational value but also the chance to network with like-minded individuals and experts in the field.
