My current job description includes cyber threat intelligence analyst, dealing with phishing and typosquatting, vulnerability assessments, OSINT investigations, penetration testing, and malware analysis.
I have a tried and tested writing framework which has been reliable for reporting and analysis so far.
Some of the topics I initially aim to cover includes:
- The Magecart collective
- The Lazarus Group
- Emotet, TrickBot, and Ryuk
Analyse the threat:
- Introduce your topic with the what, where, when, who, how?
- So what does this mean and why? (provide analysis)
For any kind of new malware/threat I will:
- Attach IOCs (Indicators of Compromise)
- Provide Mitre ATT&CK framework TTPs
The fun part is researching, but the writing is what matters.