2025-12-13 –, Workshop Room 4
This hands-on workshop explores the world of cyber threat actors and the intelligence that helps us understand and counter their activity. Participants will learn how to identify threat actor tactics, techniques, and procedures (TTPs), and apply threat intelligence models to real-world case studies. They will also learn how to pivot from a single indicator of compromise (IoC) to build a picture of threat activity. Through collaborative exercises, attendees will analyze incidents using frameworks such as MITRE ATT&CK and build actionable threat intelligence profiles.
Key Takeaways:
Understand different types of threat actors (APTs, cybercriminals, hacktivists, insiders).
Learn how to categorize threat intelligence: strategic, operational, and tactical/technical.
Apply threat intelligence models to real-world case studies.
Use open-source tools to gather and analyze indicators of compromise (IOCs).
Practice defanging and safe analysis techniques.
Tools & Resources:
Participants will use tools such as:
VirusTotal
urlscan.io
CyberChef
MITRE ATT&CK
Any.run
Joe Sandbox
Browserling
Shodan
ViewDNSinfo
https://github.com/curated-intel/Attribution-to-IP
Workshop Structure:
Intro to Threat Actors & Intelligence
Definitions and categories
Motivation and behavior
Threat Intelligence Models and Frameworks
Pyramid of Pain
Diamond Model
MITRE ATT&CK
Intro to Indicators of Compromise (IOCs)
Domains, IPs, and File Hashes
IP attributes
Domain attributes
File attributes
Case Study Analysis
DFIR Report examples
Group Exercise
Select a case study
Identify threat intel components (who, what, where, when, how, why)
Categorize intel (strategic, operational, tactical)
Build a threat intel model
Present findings
Hands-On Component:
Participants will:
Analyze indicators of compromise.
Investigate C2 infrastructure.
Examine packet captures and sandbox outputs.
Practice safe analysis and defanging techniques.
Target Audience:
Security analysts
Threat intelligence professionals
Incident responders
Students and career changers in cybersecurity
Marcelle Lee is the CEO and founder of Fractal Security Group. She brings over twelve years of experience in cybersecurity, and her journey has taken her through some of the most elite teams in the field, including Secureworks Counter Threat Unit (CTU) and the Equinix Threat Analysis Center (ETAC). She's a security consultant, threat researcher, educator, and intel analyst with deep expertise in cyber threat intelligence, digital forensics, intrusion analysis, security operations, and technical writing.
She has contributed to both government and private sector initiatives, bringing a well-rounded perspective to cyber defense and threat research. Before transitioning into cybersecurity, Marcelle led operations and managed complex projects across various industries.
A frequent speaker at conferences and training events, Marcelle is deeply committed to advancing the cybersecurity field and empowering the next generation of professionals.
She is an active leader in the cyber community, serving on boards and working groups such as the Women’s Society of Cyberjutsu. She is also an enthusiast of cyber competitions, both as a builder and participant.
Marcelle holds numerous industry certifications, including CISSP, GCFA, GCIA, GCIH, GPEN, GISF, GSEC, GCCC, C|HFI, C|EH, PenTest+, CASP+, Security+, and Network+. She has earned four academic degrees, including a Master’s in cybersecurity. Her contributions have been recognized with honors such as the Chesapeake Regional Tech Council Women in Tech (WIT) Award and the Volunteer of the Year award from the Women’s Society of Cyberjutsu.