Clear, in-depth guides to cyber threat intelligence — from core concepts to frameworks, detection and vulnerability management. Written for analysts, SOC teams and anyone getting started with threat intel.
A plain-English guide to cyber threat intelligence (CTI): what it is, why it matters, the four types, the six-stage lifecycle, where it comes from, and how teams actually use it.
Read guideThreat intelligence comes in four flavors — strategic, operational, tactical and technical. Learn what each one is, who consumes it, and how they fit together.
Read guideQuality intelligence is produced by a repeatable process. Walk through all six stages of the threat intelligence lifecycle and the pitfalls that derail each one.
Read guideIndicators of compromise are the forensic breadcrumbs of an attack. Learn the main IOC types, real examples, IOC vs IOA, the Pyramid of Pain, and how to operationalize them.
Read guideAdvanced persistent threats are the most sophisticated adversaries in cyber. Learn what defines an APT, how the attack lifecycle works, famous groups, and how to defend.
Read guideMITRE ATT&CK is the common language of adversary behavior. Learn its tactics, techniques and sub-techniques, the matrices, and practical ways to use it for defense.
Read guideTTPs describe the behavior of an adversary — the most durable thing to defend against. Learn what tactics, techniques and procedures mean, with examples.
Read guideYou don't need a big budget to start a threat-intel program. Here are the best free and open-source tools and feeds — platforms, feeds and enrichment — and how to combine them.
Read guideThreat hunting assumes attackers are already inside and goes looking for them. Learn the core methodologies, a repeatable process, example hypotheses, and how to start.
Read guideCVEs are the universal IDs for security vulnerabilities. Learn how CVE identifiers and CVSS scores work, how CVE differs from CWE, and how to prioritize what to patch.
Read guideTheory meets practice on our live feed — the top cyber threats from the last 24 hours, aggregated from 30+ sources, deduplicated and ranked by priority.