Keep Your Enemies Closer: How to Profile and Track Threat Actors
2023-12-09 , Workshop Room 5

Have you ever wanted to learn more about cyber threat intelligence and hunting threat actors? In this workshop, Will Thomas, a professional CTI researcher who hunts threat actors for a living, will walk participants through the fundamentals of creating threat actor profiles. This workshop will involve using a template developed by Will Thomas and Freddy M called the ‘Threat Actor Profile Guide for CTI Analysts’. The guide was originally created for the Curated Intelligence trust group, an international community of over 150 CTI analysts and is used by many on a daily basis.


This is a 2 hour workshop that will include a brief welcome introduction talk to cyber threat intelligence and threat actor profiling.

For the rest of the workshop's duration, participants will then be introduced to each section of the threat actor profile template and advised on how best to fill that part out given various sources of intelligence.

The final result will be a completed threat actor profile of a real-world adversary attacking organizations. The best threat actor profiles created by participants will be featured in the workshop's GitHub repo.

Workshop requirements:
- A laptop and a Discord account - a Discord server will be set up for the duration of the workshop.

Will Thomas (aka @BushidoToken) has been a security researcher for over 4 years and has had his work featured by several well-known publications such as The Telegraph, VICE Motherboard, CyberScoop, BleepingComputer, TheRecord, TheRegister, and InfosecurityMag, among others. He is currently a CTI researcher and threat hunter at the Equinix Threat Analysis Center (ETAC) and is the co-author of the SANS FOR589: Cybercrime Intelligence course. He has previously appeared on Darknet Diaries (Ep 126) and has spoken at multiple conferences, such as NCSC Response22, DTX Europe, BSides Cheltenham, and BSides Basingstoke.