Threat Intelligence & OSINT analyst

What exactly is meant by threat intelligence?

One could simply say “intelligence about threats.” That sounds interesting, but in practical terms, what do we really mean by intelligence?

Intelligence is information, but not just any information. It is information that puts you in a position of advantage over a threat, enabling proactive defense or giving you a strategic edge if you decide to go on the offensive.

Forgive the very practical definition, which comes from my own experience.

Let’s move to a more formal definition:

Intelligence is the systematic process of collecting, selecting, analyzing, interpreting, and disseminating relevant information in order to support the decision-making process of an organization (governmental, military, or private) in relation to threats, risks, and opportunities.

Returning to the cyber domain: knowing which group, using which means, such as malware or VPS infrastructure, is about to target you provides a huge advantage. It allows you to refine your defenses or, if your capabilities permit, to disrupt their infrastructure and neutralize their malware before the attack can even be carried out.

During an attack, understanding who is targeting you also enables faster response times and the implementation of more effective defenses.

But how do we achieve such results?

Key elements of intelligence:

• Collection: acquiring data from various sources (HUMINT, SIGINT, OSINT, etc.)

• Processing and analysis: transforming raw data into meaningful information

• Evaluation: assigning reliability and relevance

• Dissemination: delivering the intelligence product to decision-makers

• Purpose: supporting strategic, operational, or tactical decisions

  
  

Each step is essential, but collection is undoubtedly the fuel that powers the entire process.

In the OSINT field, there are numerous online resources, including:

• https://osintframework.com

• https://github.com/smicallef/spiderfoot

  
  

These are two cornerstone resources, along with Maltego, of course.

As for books, I would like to recommend a few titles that are valuable both for those who want to understand whether this field is right for them and for those already working in it who want to build a solid foundation:

• Intelligence-Driven Incident Response – Scott J. Roberts

• Open Source Intelligence Techniques – Michael Bazzell

• Hunting Cyber Criminals – Vinny Troia

• 
  

I would also recommend a couple of Netflix documentaries:

• Don’t F**k With Cats

• The Tinder Swindler

  
  

Our lives are increasingly digitalized. Today, it is almost unthinkable not to have an email address, not to be on social media, not to use WhatsApp, or not to carry a mobile phone.

Every human being has a significant online presence. This has led to the growing importance of OSINT, not only for cybersecurity but also for investigative and public security purposes.

From here, many considerations could be explored, but I don’t want to make this article too long. It is meant to spark curiosity and provide readers with tools to explore further if they wish.

So where does AI fit into all of this?

Given the massive volume of information to analyze, AI comes to the rescue. It can summarize, translate sources from different languages, and significantly speed up the process allowing analysts to keep up with the ever-increasing flow of information.

However, there is a critical caveat: adversaries also use AI to flood the environment with false information and misleading trails. We are not only talking about fake news, but also more recent techniques such as AI Recommendation Poisoning, identified by Microsoft.

In summary: what common sense already suggests, do not blindly trust what AI tells you.