engleză
KALI LINUX CYBER THREAT INTELLIGENCE: Map Threats, Correlate Evidence and Produce Actionable Intelligence
This book presents a practical approach to Cyber Threat Intelligence operations using Kali Linux as an analysis and investigation platform. Aimed at cybersecurity professionals and students, the content demonstrates how to collect, validate, and correlate indicators of compromise, investigate malicious infrastructure, and transform technical data into usable intelligence for digital defense.
The work explores tools widely used in CTI operations, such as Nmap, Whois, Dig, Dnsrecon and Searchsploit for infrastructure and vulnerability analysis, in addition to traffic analysis and monitoring resources with TShark, Zeek and Suricata. It also covers automation with Bash and Python, data manipulation in JSON, use of SQLite for indicator databases, and integration with intelligence sharing platforms such as MISP, OpenCTI, STIX and TAXII.
You will learn to:
• Investigate domains, IPs, DNS, ASN and threat infrastructure • Collect and analyze indicators of compromise (IoCs) • Correlate campaigns, malware, TTPs and technical evidence • Monitor network traffic and analyze PCAP files • Automate intelligence data collection and analysis • Build structured indicator databases and ingestion pipelines • Produce technical reports for SOC, DFIR and Threat Hunting
At the end, the reader will be able to implement complete Cyber Threat Intelligence routines with Kali Linux, integrating data collection, indicator validation, evidence correlation and intelligence production applied to digital defense.
