Cyber Threat Intelligence
Collection, processing, and analysis of threat data to produce actionable intelligence for defenders.
Research.
Intelligence.
Tradecraft.
IVOTRA advances cybersecurity through practitioner-led research, operational tradecraft, and hands-on intelligence education.
9+
Research Domains
100%
Practitioner-Led
Open
Vendor Neutral
Global
Community Focus
Built on three pillars
Everything IVOTRA does flows from research to knowledge sharing to community acceleration.
Research
Original, practitioner-driven investigations into adversary behavior, infrastructure patterns, malware capabilities, and emerging threats. Research comes first — always.
Training
Knowledge transfer through hands-on, technically rigorous training. Practitioners teaching practitioners — no vendor agendas, no slide-deck theory.
Community
Accelerating practitioners through open knowledge, shared tooling, collaborative research, and a community built on mutual trust and technical depth.
Built by practitioners, for practitioners
IVOTRA is built by individuals actively working in threat intelligence, malware analysis, infrastructure investigations, and cyber research. We are not academics writing about what others do — we are the people doing it.
We believe practical knowledge should be shared openly with the community. The best way to raise the collective defensive posture of the industry is to bring real-world tradecraft out of siloed teams and into the hands of every practitioner.
"We are not a training company that happens to do research. We are a research organization that shares knowledge through training."
Our expertise
Deep technical capability across the full spectrum of offensive research and defensive intelligence disciplines.
Malware Analysis
Static and dynamic analysis of malicious code to understand capabilities, behavior, and attribution indicators.
Adversary Infrastructure Hunting
Proactive discovery of attacker infrastructure through pivot analysis, passive DNS, and certificate intelligence.
Threat Actor Tracking
Long-term monitoring and profiling of adversary groups — motivations, TTPs, infrastructure evolution, and campaign history.
OSINT
Structured open-source intelligence collection and analysis across digital, social, and technical data sources.
Detection Engineering
Development of detection logic, analytic frameworks, and behavioral signatures grounded in real-world threat data.
Campaign Attribution
Systematic analysis of attack campaigns to attribute activity, identify threat clusters, and connect operational patterns.
Operational Tradecraft
Practical tradecraft methodologies for intelligence operations, investigation workflows, and practitioner processes.
Digital Infrastructure Investigations
In-depth investigation of digital infrastructure to uncover ownership, abuse patterns, and network-level threat indicators.
From the research lab
Dissecting C2 Beacon Patterns in Modern RAT Frameworks
An examination of command-and-control communication patterns across widely deployed remote access tooling, with a focus on behavioral fingerprinting and detection opportunities.
Pivoting on TLS Certificates to Map Adversary Hosting Clusters
A practical walkthrough of certificate transparency log analysis as a pivot mechanism for uncovering threat actor infrastructure clusters at scale.
Writing Detection Rules That Survive Adversary Evasion
How to build behavioral detection logic that remains effective as adversaries adapt — a framework for detection durability over signature freshness.
Hands-on intelligence training
DEF CON 33 · Las Vegas
Hands-On Adversary Infrastructure Hunting
Intermediate
16 seats
A two-day practitioner workshop covering passive DNS analysis, certificate intelligence, ASN pivoting, and infrastructure clustering methodology. Students leave with a structured hunting framework applicable immediately.
Black Hat USA 2025 · Las Vegas
Practical CTI: From Raw Data to Finished Intelligence
Beginner–Intermediate
20 seats
A structured introduction to the full intelligence cycle — from requirement definition and collection planning through analysis, production, and dissemination — using real threat data and practitioner workflows.