Obsidian CTI: Operationalizing Threat Intelligence
08-13, 11:30–12:30 (US/Pacific), Project Obsidian: Track 0x42 (In-person)

This module presents an overview of how threat intelligence gleaned from a single CTI report can be operationalized across an organization. We'll run through a report based on content from Project Obsidian's kill chain 3 and demonstrate how it can be operationalized by different teams (SOC, IR, forensics, security management, and executives.

Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).


This module covers:

  • Direction & Planning: Establishing CTI goals and objectives
  • Collection: Objective is to review and operationalize a single CTI report
  • Analysis & Production: Elements to identify in a CTI report
  • Dissemination: Sharing takeaways from a CTI report with stakeholders
  • Feedback & Evaluation: Methods for receiving feedback

Objective: Demonstrate how a CTI report can be operationalized.

Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).

Mentor, Hacker, Cyber Threat Intelligence, Reverse Engineering Malware, OSINT, 70757a7a6c6573, Blue Team Village Director, Consultant

This speaker also appears in:

l00sid just started a career as a blue teamer. He loves the kinds of puzzles he gets to solve in the process of stopping attackers.

This speaker also appears in:

Stephanie is a security software engineer in the product security space. She is a volunteer on BTV's CTI team for Project Obsidian at DEF CON 30.

This speaker also appears in: