Security Break

Redefined Threat Intelligence with Practical GenAI✨

Two-Day Training

Practical GenAI for Threat Intel is a unique training that shows you how to use GenAI for Threat Intelligence in a practical and hands-on way.

No fluff, no bullshit—just real skills for real-world needs.

Hype alone won’t change the industry. You need the right methods, and that’s exactly what this course delivers.

We are excited to share that our training is confirmed for BlackHat USA 2025. 👇

Enroll at BlackHat

Register to be updated! 🤓

🏅Learn Tomorrow's Skills Today!

Generative AI is shaking up every corner of tech, including cybersecurity. I was skeptical at first, but after testing real methods, I saw how GenAI can speed-up your analysis and take your workflow to the next level.

After delivering a full-capacity of our training Blue Team Arsenal at BlackHat 2024, I rebuilt the program with new scenarios, updated tactics, and practical explanations. This course focuses on how to use GenAI in real threat intel and malware analysis usecases—no fluff, just the skills you need to stay ahead in the industry.

If you’re ready to stop watching from the sidelines and actually see what GenAI can do for threat intelligence, this is the training for you!

With the growing demand for AI security jobs, I guarantee this will add a unique skillset to your arsenal. It will broaden your perspective and help you remain competitive.

Drop me a message if you want to learn more. I hope to see you there!

Thomas

Course Overview

The training is an intensive, hands-on session designed to help you think ahead in your work.

Here is a preview of what you will learn.

Introduction and Setup

  • Lab environment and initial configuration to get you started fast

  • Threat Intelligence essentials and how it intersects with GenAI

  • Integrating Generative AI for advanced threat analysis

  • Leveraging open-source vs proprietary models

  • Overview of popular LLM framework for security teams

Beyond Prompt Engineering

  • Understand what prompt engineering is and its limitations

  • Apply prompt strategies to real CTI scenarios

  • Hunt malicious prompts

  • Create guardrails and maintain your prompt playbook

  • Identify vulnerabilities and weaknesses

Fifty Shades of RAG (Retrieval Augmented Generation)

  • Understand how a RAG works in depth with multiple security examples

  • Learn to load different kinds of data (PDF, JSON, Markdown, unstructured...)

  • Learn data chunking strategies

  • Understand embeddings and vector databases

  • Learn the strategies for data retrieval based on the data types

Agents VS Multi-Agents for CTI

  • Understand what an agent is and why you might need one (or not)

  • Understand the difference between a single-agent and a multi-agent system.

  • Compare agents to reasoning models and see why it matters

  • Build an agent from scratch and learn how it works

  • Create multiple autonomous systems for CTI

Fine-Tuning for CTI

  • Understand how fine-tuning works and for which usecases

  • Compare RAG with fine-tuning

  • Build and prepare your dataset

  • Apply best practices for security contexts

  • Automate, iterate and deploy your pipeline

Final Project

  • Engage in practical hands-on exercises

  • Create your entire system using what you’ve learned

  • Think out of the box to spark fresh ideas

  • Challenge yourself with advanced scenarios

  • Collaborate with peers to solve real-world security challenges

Check out some of my public work! 👇

Applying LLMs to Threat Intelligence Workflow

Large Language Models, are an exciting technology designed to leverage natural languages with various technologies. Specifically in cybersecurity, and more so in threat intelligence, there are challenges that can be partially addressed with LLMs and generative AI.

GenAI for Cybersecurity

This blog is a learning series focused on applying generative AI to cybersecurity. Over 24 days, I shared practical examples, code snippets, and techniques.

It provides a glimpse into what’s possible when leveraging generative AI in cybersecurity.

Building a Threat Intelligence GenAI Reporter with ORKL and Claude

The Model Context Protocol is an innovative approach to standardizing the creation of agents using a unified protocol. This blog post explores how to create a CTI agent connected to ORKL.

Private Training Enquiry

Meet Your Trainer 🤓

Hi! I’m Thomas Roccia, also known as @fr0gger_! With more than a decade of experience in cybersecurity, I’ve had the privilege of working on the front lines of some of the most notorious cyberattacks, managing critical outbreaks, and traveling the globe to address emerging threats.

I’m a regular speaker at top security conferences and a dedicated contributor to the open-source community. In 2015, I founded the Unprotect Project, the first open database dedicated to malware evasion techniques. More recently, I launched YaraToolkit, a comprehensive platform for YARA rule creation and analysis, and the Jupyter Universe, a search engine for infosec-focused Jupyter Notebooks. I’m also a passionate Python enthusiast who regularly shares processes and tools for the cybersecurity community.

As a pioneer in applying generative AI to threat intelligence, I’ve been at the forefront of integrating cutting-edge technology into practical solutions. I've been sharing my findings and experiments on social network.

In this training, I have condensed my years of experience tracking threat actors, analyzing sophisticated malware, and responding to critical outbreaks worldwide, along with my processes for applying Generative AI to real-world security use cases. My goal is to provide you with actionable insights, share the mindset I’ve developed through years of experience, and help you discover new opportunities to advance your cybersecurity career.