Intelligence-led penetration

Purpose of Intelligence-led penetration and its phases – 2

Penetration testers compromise your security and identify vulnerabilities to provide the organization with recommended changes and security posture that will strengthen the overall cyber effectiveness. There are various types of penetration testing and based on the type of business activity, a specific combination of penetration testing is performed. This article is the second part of the series of Cyber Talks – Intelligence-led penetration testing.

Types of Penetration Testing

The types of penetration testing are based on the position of tester as defined in the following diagram –

  • External Penetration Testing – If the penetration test is conducted from outside the network, it is referred to as external penetration testing.
  • Internal Penetration Testing – When penetration testing is stimulated from inside the network, it is referred to as internal penetration testing.
  • Targeted Penetration Testing – It is performed by the organization’s IT team and the penetration testing team.
  • Blind Penetration Testing – The testing does not provide prior information to the tester except the organization’s name.
  • Double-Blind Penetration Testing – Here only one or two people within the organization might be aware that a test is being conducted.

Cyber Threat Intelligence Cycle – CTI Core Elements

Cyber threat intelligence is what cyber threat information becomes once it has been collected, evaluated in the context of its source and reliability. The information is analyzed through rigorous and structured tradecraft techniques by expertise. Like all intelligence, cyber threat intelligence provides value addition to cyber threat information which reduces uncertainty for the consumer while ailing the consumer in identifying threats and opportunities.

In the above cycle, data collection is stated, planned, implemented and evaluated. The results are analyzed to produce intelligence and the resulting intelligence is disseminated and evaluated in the context of new information and consumer feedback.

Basically, talks about the key elements of CTI that involve a strategic operational and tactical level of intelligence where it would be accessing real-time events, investigations or activities. The CTI cycle in the webinar talks about how intelligence needs to be ingested, controlled, disseminated as well as stored in the repositories. Intelligence should have a centralized structure.

The responsive nature of intelligence should be provided to the consumer having defined objectives of the elements. It should be systematic, should be able to be shared appropriately with different CTI based classifications to different users. It should be continuously reviewed because if an intelligence element happens to be older, it does not support the cause where it might be deprecated, or it might not be used anymore by the threat actors. Before a threat causes any harm to the infrastructure of the victim, timely information sharing should be connected.

C|TIA to be a Cyber Threat Intelligence Analyst

Cyber Threat Intelligence Analyst (C|TIA) is a training and credentialing program from EC-Council to help organizations with a workforce that can identify and mitigate business risks by converting unknown threats into known threats. The program has been developed by the threat intelligence experts across the globe. The features of CTIA are as follows –

  • C|TIA is a method-driven program.
  • It is based on a Job Task Analysis of the job roles involved in threat intelligence.
  • It is a comprehensive specialist-level program that addresses all the stages involved in the threat intelligence life cycle.
  • C|TIA is 100% compliance with NICE 2.0 and CREST Frameworks.
  • The program covers the latest threat intelligence tools, platforms, and networks.
  • It is a hands-on program with 40% dedicated lab practice which consists of the latest operating systems and Kali Linux.
  • C|TIA emphasizes the creation of effective threat intelligence reports based on intelligence sharing acts and regulations.
  • The program encourages data collection from different feeds and sources.
  • It defines Indicators of Compromises (IoC) and indicates acquiring the IoCs from various sources.

Cyber Threat Intelligence after Penetration Testing

Cyber threat intelligence is the next level of penetration testing and ethical hacking. The ECSA program from EC-Council focuses on penetration testing skills and methodologies. The knowledge of penetration testing is crucial to acquire CTI skills and capabilities as the networks are to be penetrated first and then the threat intelligence strategy is laid to secure the IT infrastructure. Follow the links to avail more details about the program on our website:

EC-Council University conducts CyberTalks weekly by renowned cybersecurity experts who liberally come forward to share their knowledge and experience with other seeking aspirants. This article is an abstract from the CyberTalk series by speaker Varun Srivastava. Varun is based in UAE and has 12+ years of experience in cybersecurity. He currently heads cyber threat intelligence function for Mubadala / Injazat Data Systems, which is based out of Abu Dhabi, UAE. In his webinar, he covers different aspects of intelligence-driven penetration testing. Watch the video now!

For the sake of convenience and to provide you with in-depth knowledge on the subject, we have created series of this particular cybertalk. You can visit these links to access other two parts of the webinar @

get certified from ec-council
Write for Us