Operationalize Threat Intelligence with Real-World Malware Behaviors
Join Intel 471 for a new 2-hour, intelligence-driven workshop series built around today’s most pressing threats. This first session focuses on malware and its role in enabling high-impact operations, from ransomware to destructive campaigns.
The workshop kicks off with a threat intelligence briefing from Jorge Rodriguez, Intel 471’s Director of Malware Research, who will break down how malware supports adversary objectives and how that intelligence can be used to inform detection. Then, Lee Archinal, Senior Threat Hunt Analyst, will lead a hands-on session where participants will actively apply threat intelligence to build and test hunting hypotheses using indicators of attack (IOAs).
This is an interactive experience—participants will engage directly with real-world behaviors, tactics, and telemetry in a guided hunt. You’ll work through key behaviors associated with Discovery, Persistence, and Impact, such as registry run keys and VSSADMIN deletion, using actual threat intelligence and community hunt packages.
What you’ll gain:
- A clear understanding of how malware behaviors tie to adversary objectives and threat intelligence
- Practical methods for extracting IOAs and creating hunting hypotheses
- Direct experience applying malware intel to live hunt scenarios
- Exposure to community hunt packages focused on Discovery, Persistence, and Impact techniques
- The ability to correlate behavioral telemetry with threat intelligence to strengthen detection coverage
This session bridges the gap between malware analysis and operational threat hunting using live intel and real-world techniques.
Earn Your Intelligence-Driven Threat Hunting – Malware Badge
After the workshop, attendees can complete a final challenge to earn the Intelligence-Driven Threat Hunting – Malware Badge, recognizing their ability to hunt based on malware intelligence. The challenge reinforces skills like identifying behavioral patterns tied to specific malware families, building hypotheses from IOAs, executing targeted queries, and mapping activity to MITRE ATT&CK. Successful completion demonstrates readiness to detect malware-driven activity in live environments.
Intelligence-Driven Threat Hunting Workshop: Analyzing Malware Behaviors
