🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
312-85
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
312-85 EC-Council Coming Soon

ECCouncil CTIA

The CTIA certification equips analysts with professional-level skills in intelligence fundamentals, OSINT collection, technical intelligence, structured analysis, and intelligence sharing, enabling them to produce actionable threat insights for organizational security.

180
Minutes
100
Questions
70/100
Passing Score
$999
Exam Cost

Who Should Take This

It is intended for security analysts, incident responders, and threat intelligence professionals who have at least two years of experience in cyber security and seek to formalize their analytical methodology. These learners aim to advance their careers by mastering structured intelligence processes and contributing to coordinated defense efforts across their organizations.

What's Covered

1 Intelligence Fundamentals
2 OSINT Collection
3 Technical Intelligence
4 Structured Analysis
5 Intelligence Sharing
6 Operationalizing Intelligence
7 TI Tools and Platforms
8 Counterintelligence
9 Legal and Ethical
10 Intelligence Program Management

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

60 learning goals
1 Intelligence Fundamentals
2 topics

Concepts and frameworks

  • Apply the intelligence lifecycle including planning collection processing analysis dissemination and feedback to structure operations.
  • Analyze intelligence types including strategic tactical operational and technical to determine collection methods.
  • Apply Diamond Model Kill Chain and MITRE ATT&CK frameworks to structure analysis and communicate findings.

Threat landscape

  • Analyze the cyber threat landscape including nation-state APTs cybercriminals hacktivists and insider threats.
  • Apply threat categorization using taxonomies to classify malware families techniques and motivations.
  • Analyze emerging threats including supply chain attacks RaaS AI attacks and zero-day exploitation.
2 OSINT Collection
2 topics

Open source intelligence

  • Apply OSINT using search engines social media dark web paste sites and code repositories for threat data.
  • Apply dark web monitoring to identify threat actor communications leaked credentials and exploit markets.
  • Apply automated collection using scrapers RSS APIs to scale OSINT gathering across multiple sources.

Source evaluation

  • Analyze source reliability and data credibility using the Admiralty system to assess intelligence quality.
  • Apply collection management frameworks to prioritize intelligence requirements and task collection assets.
  • Design OSINT collection plans addressing coverage gaps priority intelligence requirements and source diversification.
3 Technical Intelligence
2 topics

Technical collection

  • Apply honeypots packet captures DNS logs and NetFlow to gather technical indicators of compromise.
  • Apply malware sandboxing static and behavioral analysis to extract IOCs and characterize capabilities.
  • Apply TIP ingestion including feed normalization deduplication enrichment and scoring for indicator management.

Data processing

  • Analyze collected technical data to identify patterns correlations and gaps requiring additional tasking.
  • Apply data enrichment using WHOIS passive DNS geolocation and reputation services for IOC context.
  • Apply indicator lifecycle management including aging scoring and expiration to maintain intelligence currency.
4 Structured Analysis
2 topics

Analytical techniques

  • Apply ACH link analysis timeline analysis and pattern analysis to reduce cognitive bias in assessments.
  • Apply adversary profiling to characterize capabilities intentions infrastructure and operational patterns.
  • Analyze campaigns by correlating IOCs TTPs and infrastructure to establish relationships and attribute activity.

Campaign analysis

  • Apply malware family classification using behavioral signatures code similarities and infrastructure overlaps.
  • Analyze C2 infrastructure including domain registration hosting and protocols to map adversary networks.
  • Design collection requirements based on analytical gaps to direct efforts against priority threats.
5 Intelligence Sharing
2 topics

Sharing standards

  • Apply STIX to represent indicators observables TTPs and actors in machine-readable format.
  • Apply TAXII to publish and consume threat feeds across organizational and community boundaries.
  • Apply MISP to collaboratively share correlate and analyze intelligence with partners and ISACs.

Dissemination

  • Apply intelligence report writing including strategic assessments tactical bulletins and technical advisories.
  • Apply briefing techniques to communicate complex threats to technical teams executives and stakeholders.
  • Design dissemination workflows with automated distribution feedback collection and impact measurement.
6 Operationalizing Intelligence
2 topics

Detection integration

  • Apply intelligence to develop SIEM rules IDS signatures and EDR logic targeting specific adversary techniques.
  • Apply intelligence-driven hunting by developing hypotheses from reports and searching for undetected activity.
  • Analyze detection effectiveness measuring rule performance coverage gaps and time-to-detection improvements.

Risk integration

  • Apply intelligence to risk assessment quantifying threat likelihood and impact based on adversary capabilities.
  • Analyze organizational attack surface through intelligence-informed assessment of targets and vectors.
  • Design threat intelligence maturity roadmaps incorporating capability development tool investment and process improvement.
7 TI Tools and Platforms
2 topics

Platform management

  • Apply TIP administration including feed management indicator lifecycle and integration with security infrastructure.
  • Apply intelligence automation including IOC enrichment reputation scoring and automated blocking.
  • Analyze TIP effectiveness evaluating indicator volume quality actionability and integration coverage.

Analysis tools

  • Apply Maltego graph databases and visualization tools to map actor infrastructure and campaign relationships.
  • Apply sandbox platforms including Cuckoo Joe Sandbox ANY.RUN to extract behavioral IOCs from samples.
  • Analyze multi-tool output to synthesize findings into cohesive intelligence products for consumption.
8 Counterintelligence
2 topics

Defensive CI

  • Apply deception technologies honeypots and canary tokens to detect and misdirect adversary reconnaissance.
  • Apply OPSEC assessment to identify organizational information leakage exploitable for targeting.
  • Analyze adversary reconnaissance to identify collection patterns targeting methods and intelligence requirements.

Deception operations

  • Apply honey accounts fake infrastructure and misleading data to detect delay and profile threat actors.
  • Analyze deception interaction data to profile adversary tools techniques and objectives for intelligence production.
  • Design organizational deception strategies integrating honeypots canaries and decoy data into defense architecture.
9 Legal and Ethical
2 topics

Governance

  • Apply legal frameworks including CFAA GDPR and privacy regulations to ensure compliant intelligence operations.
  • Analyze ethical considerations including source protection privacy and responsible disclosure.
  • Design governance policies incorporating collection boundaries data handling retention and oversight mechanisms.

Information handling

  • Apply classification and handling markings including TLP to control intelligence dissemination appropriately.
  • Apply data retention and destruction policies for intelligence materials containing sensitive source information.
  • Analyze cross-jurisdictional legal requirements affecting intelligence collection sharing and storage practices.
10 Intelligence Program Management
2 topics

Program development

  • Apply intelligence requirements management including PIRs EEIs and specific intelligence requirements documentation.
  • Apply intelligence metrics including production timeliness accuracy and operational impact for program evaluation.
  • Analyze program performance to identify collection gaps analytical bottlenecks and dissemination delays.

Stakeholder management

  • Apply stakeholder engagement to align intelligence production with consumer needs across security IR and executive teams.
  • Design intelligence feedback mechanisms to capture consumer satisfaction and adjust production priorities.
  • Analyze intelligence consumer requirements across SOC IR threat hunting and executive decision-making functions.

Scope

Included Topics

  • All domains in EC-Council CTIA covering threat intelligence lifecycle collection analysis dissemination and operationalization.
  • Intelligence fundamentals including types sources frameworks and lifecycle.
  • Data collection including OSINT HUMINT technical intelligence and automated platforms.
  • Threat analysis including structured techniques adversary profiling and attribution.
  • Sharing standards including STIX TAXII MISP and ISACs.
  • Operationalizing intelligence for detection hunting and risk assessment.

Not Covered

  • Offensive testing covered by CEH/CPENT.
  • SOC management covered by CSA.
  • Incident response covered by ECIH.
  • Forensics covered by CHFI.
  • Executive governance covered by CCISO.

Official Exam Page

Learn more at EC-Council

Visit

312-85 is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

EC-Council®, CEH®, and all EC-Council certification marks are registered trademarks of the International Council of Electronic Commerce Consultants. EC-Council does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.