homepage
Menu
Open menu

FOR578: Cyber Threat Intelligence™

GIAC Cyber Threat Intelligence (GCTI)
GIAC Cyber Threat Intelligence (GCTI)
Register Now Course Preview
  • In Person (6 days)
  • Online
36 CPEs
Cyber threat intelligence represents a force multiplier for organizations looking to update their response and detection programs to deal with increasingly sophisticated advanced persistent threats. Malware is an adversary's tool but the real threat is the human one, and cyber threat intelligence focuses on countering those flexible and persistent human threats with empowered and trained human defenders. During a targeted attack, an organization needs a top-notch and cutting-edge threat hunting or incident response team armed with the threat intelligence necessary to understand how adversaries operate and to counter the threat. FOR578: Cyber Threat Intelligence will train you and your team in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to make security teams better, threat hunting more accurate, incident response more effective, and organizations more aware of the evolving threat landscape.
Course Authors:
Robert M. Lee
Robert M. Lee
Fellow
Rebekah Brown
Rebekah Brown
Certified Instructor Candidate
What You Will LearnSyllabusCertificationPrerequisitesLaptop RequirementsAuthor StatementReviewsTraining & Pricing

What You Will Learn

There Is No Teacher But The Enemy!

All security practitioners should attend FOR578: Cyber Threat Intelligence to sharpen their analytical skills. This course is unlike any other technical training you have ever experienced. It focuses on structured analysis in order to establish a solid foundation for any security skillset and to amplify existing skills. The course will help practitioners from across the security spectrum:

  • Develop analysis skills to better comprehend, synthesize, and leverage complex scenarios
  • Identify and create intelligence requirements through practices such as threat modeling
  • Understand and develop skills in tactical, operational, and strategic-level threat intelligence
  • Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
  • Learn the different sources to collect adversary data and how to exploit and pivot off of those data
  • Validate information received externally to minimize the costs of bad intelligence
  • Create Indicators of Compromise (IOCs) in formats such as YARA and STIX/TAXII
  • Understand and exploit adversary tactics, techniques, and procedures, and leverage frameworks such as the Kill Chain, Diamond Model, and MITRE ATT&CK
  • Establish structured analytical techniques to be successful in any security role

It is common for security practitioners to call themselves analysts. But how many of us have taken structured analysis training instead of simply attending technical training? Both are important, but very rarely do analysts focus on training on analytical ways of thinking. This course exposes analysts to new mindsets, methodologies, and techniques to complement their existing knowledge and help them establish new best practices for their security teams. Proper analysis skills are key to the complex world that defenders are exposed to on a daily basis.

The analysis of an adversary's intent, opportunity, and capability to do harm is known as cyber threat intelligence. Intelligence is not a data feed, nor is it something that comes from a tool. Intelligence is actionable information that addresses an organization's key knowledge gaps, pain points, or requirements. This collection, classification, and exploitation of knowledge about adversaries gives defenders an upper hand against adversaries and forces defenders to learn and evolve with each subsequent intrusion they face.

Cyber threat intelligence thus represents a force multiplier for organizations looking to establish or update their response and detection programs to deal with increasingly sophisticated threats. Malware is an adversary's tool, but the real threat is the human one, and cyber threat intelligence focuses on countering those flexible and persistent human threats with empowered and trained human defenders.

Knowledge about the adversary is core to all security teams. The red team needs to understand adversaries' methods in order to emulate their tradecraft. The Security Operations Center needs to know how to prioritize intrusions and quickly deal with those that need immediate attention. The incident response team needs actionable information on how to quickly scope and respond to targeted intrusions. The vulnerability management group needs to understand which vulnerabilities matter most for prioritization and the risk that each one presents. The threat hunting team needs to understand adversary behaviors to search out new threats.

In other words, cyber threat intelligence informs all security practices that deal with adversaries. FOR578: Cyber Threat Intelligence will equip you, your security team, and your organization with the level of tactical, operational, and strategic cyber threat intelligence skills and tradecraft required to better understand the evolving threat landscape and accurately and effectively counter those threats.

Business Takeaways:

  • Understand the everchanging cyber threat landscape and what it means for your organization
  • Practice analytic techniques to inform key business leaders on how to most effectively defend themselves and the organization against targeted threats
  • Identify cost-effective ways of leveraging open-source and community threat intelligence tools, along with familiarity with some of the most impactful commercial tools available.
  • Effectively communicate threat intelligence at tactical, operational, and strategic levels
  • Become a force multiplier for other core business functions, including security operations, incident response, and business operations.

Syllabus (36 CPEs)

Download PDF
  • Overview

    Cyber threat intelligence is a rapidly growing field. However, intelligence was a profession long before the word "cyber" entered the lexicon. Understanding the key points regarding intelligence terminology, tradecraft, and impact is vital to understanding and using cyber threat intelligence. This section introduces students to the most important concepts of intelligence, analysis tradecraft, and levels of threat intelligence, as well as the value they can add to organizations. It also focuses on getting your intelligence program off to the right start with planning, direction, and the generation of intelligence requirements. As with all sections, this course section includes immersive hands-on labs to ensure that students have the ability to turn theory into practice.

    Exercises
    • Using Structured Analytical Techniques
    • Enriching and Understanding Limitations
    • Strategic Threat Modeling

    Topics
    • Case Study: MOONLIGHT MAZE
    • Understanding Intelligence
      • Intelligence Lexicon and Definitions
      • Traditional Intelligence Cycle
      • Richards Heuer, Jr., Sherman Kent, and Intelligence Tradecraft
      • Structured Analytical Techniques
    • Case Study: Operation Aurora
    • Understanding Cyber Threat Intelligence
      • Defining Threats
      • Understanding Risk
      • Cyber Threat Intelligence and Its Role
      • Expectation of Organizations and Analysts
      • Diamond Model and Activity Groups
      • Four Types of Threat Detection
    • Threat Intelligence Consumption
      • Sliding Scale of Cybersecurity
      • Consuming Intelligence for Different Goals
      • Enabling Other Teams with Intelligence
    • Positioning the Team to Generate Intelligence
      • Building an Intelligence Team
      • Positioning the Team in the Organization
      • Prerequisites for Intelligence Generation
    • Planning and Direction (Developing Requirements)
      • Intelligence Requirements
      • Priority Intelligence Requirements
      • Beginning the Intelligence Lifecycle
      • Threat Modeling

  • Overview

    Intrusion analysis is at the heart of threat intelligence. It is a fundamental skillset for any security practitioner who wants to use a more complete approach to addressing security. Three of the most commonly used models for assessing adversary intrusions are the Kill Chain, the Diamond Model, and MITRE ATT&CK. These models serve as a framework and structured scheme for analyzing intrusions and extracting patterns such as adversary behaviors and malicious indicators. In this section students will be walked through and participate in multi-phase intrusions from initial notification of adversary activity to the completion of analysis of the event. The section also highlights the importance of this process in terms of structuring and defining adversary campaigns.

    Exercises
    • Collecting Indicators from Reconnaissance and Delivery
    • Pivoting to Network Data with Indicators
    • Pivoting to Memory with Indicators
    • Understanding the Actions on Objective in an Intrusion
    • Satisfying Priority Intelligence Requirements

    Topics
    • Primary Collection Source: Intrusion Analysis
      • Intrusion Analysis as a Core Skillset
      • Methods to Performing Intrusion Analysis
      • Intrusion Kill Chain
      • MITRE ATT&CK
      • Diamond Model
    • Kill Chain Courses of Action
      • Passively Discovering Activity in Historical Data and Logs
      • Detecting Future Threat Actions and Capabilities
      • Denying Access to Threats
      • Delaying and Degrading Adversary Tactics and Malware
    • Kill Chain Deep Dive
      • Scenario Introduction
      • Notification of Malicious Activity
      • Pivoting Off of a Single Indicator to Discover Adversary Activity
      • Identifying and Categorizing Malicious Actions
      • Using Network and Host-Based Data
      • Interacting with Incident Response Teams
      • Interacting with Malware Reverse Engineers
      • Effectively Leveraging Requests for Information
    • Handling Multiple Kill Chains
      • Identifying Different Simultaneous Intrusions
      • Managing and Constructing Multiple Kill Chains
      • Linking Related Intrusions
      • Extracting Knowledge from the Intrusions for Long-Term Tracking

  • Overview

    Cyber threat Intelligence analysts must be able to interrogate and fully understand their collection sources. As an example, analysts do not have to be malware reverse engineers, but they must at least understand that work and know what data can be sought. This section continues from the previous one in identifying key collection sources for analysts. The considerable amount of what is commonly referred to as open-source intelligence (OSINT) is also presented. In this section students will learn to seek and exploit information from domains, external datasets, malware, Transport Layer Security/Secure Sockets Layer (TLS/SSL) Certificates, and more. Students will also structure the data to be exploited for purposes of sharing internally and externally.

    Exercises
    • Aggregating and Pivoting in Excel with Malware Samples
    • Open-Source Intelligence and Domain Pivoting in DomainTools
    • Maltego Pivoting and Open-Source Intelligence
    • Sifting Through Massive Amounts of Open-Source Intelligence in RecordedFuture
    • TLS Certificate Pivoting

    Topics
    • Case Study: HEXANE
    • Collection Source: Malware
        • Data from Malware Analysis
        • Key Data Types to Analyze and Pivot On
        • VirusTotal and Malware Parsers
        • Identifying Intrusion Patterns and Key Indicators
    • Collection Source: Domains
      • Domain Deep Dive
      • Different Types of Adversary Domains
      • Pivoting Off of Information in Domains
    • Case Study: GlassRAT
    • Collection Source: External Datasets
        • Building Repositories from External Datasets
        • Open-Source Intelligence Collection Tools and Frameworks
    • Collection Source: TLS Certificates
      • TLS/SSL Certificates
      • Tracking New Malware Samples and C2 with TLS
      • Pivoting off of Information in TLS Certificates
    • Case Study: Trickbots

  • Overview

    With great data comes great analysis expectations. Now that students are familiar with different sources of intrusions and collection, it is important to apply analytical rigor to how this information is used in order to satisfy intelligence requirements for long-term analysis. Taking a single intrusion and turning it into a group, and tracking the adversary’s campaigns, are critical to staying ahead of adversaries. In this section students will learn how to structure and store their information over the long term using tools such as MISP; how to leverage analytical tools to identify logical fallacies and cognitive biases; how to perform structured analytic techniques in groups such as analysis of competing hypotheses; and how to cluster intrusions into threat groups.

    Exercises
    • Storing Threat Data in MISP
    • Identifying Types of Biases
    • Analysis of Competing Hypotheses
    • Visual Analysis in Maltego
    • The Rule of 2 and Threat Groups

    Topics
    • Case Study: Human-Operated Ransomware
    • Exploitation: Storing and Structuring Data
      • Storing Threat Data
      • Threat Information Sharing
      • MISP as a Storage Platform
    • Analysis: Logical Fallacies and Cognitive Biases
      • Logical Fallacies
      • Cognitive Biases
      • Common Cyber Threat Intelligence Informal Fallacies
    • Analysis: Exploring Hypotheses
      • Analysis of Competing Hypotheses
      • Hypotheses Generation
      • Understanding and Identifying Knowledge Gaps
    • Analysis: Different Types of Analysis
      • Visual Analysis
      • Data Analysis
      • Temporal Analysis
      • Case Study: Panama Papers
      • Analysis: Clustering Intrusions
      • Style Guide
      • Names and Clustering Rules
    • ACH for Intrusions
    • Activity Groups and Diamond Model for Clusters
      • Style Guide
      • Names and Clustering Rules
      • ACH for Intrusions
      • Activity Groups and Diamond Model for Clusters

  • Overview

    Intelligence is useless if not disseminated and made useful to the consumer. In this section students will learn about dissemination at the various tactical, operational, and strategic levels. Labs will expose students to creating YARA rules, leveraging STIX/TAXII, building campaign heat maps for tracking adversaries over the long term, and analyzing intelligence reports. Students will also learn about state adversary attribution, including when it can be of value and when it is merely a distraction. We’ll cover state-level attribution from previously identified campaigns, and students will take away a more holistic view of the Cyber Threat Intelligence industry to date. The section will finish with a discussion on consuming threat intelligence and actionable takeaways so that students will be able to make significant changes in their organizations once they complete the course.

    Exercises
    • Developing IOCs in YARA
    • Working with STIX
    • Building a Campaign Heatmap
    • Analysis of Intelligence Reports
    • Building an Attribution Intelligence Model

    Topics
    • Logical Fallacies and Cognitive Biases
      • Identifying and Defeating Bias
      • Logical Fallacies and Examples
      • Common Cyber Threat Intelligence Informal Fallacies
      • Cognitive Biases and Examples
    • Dissemination: Tactical
      • Understanding the Audience and Consumer
      • Threat Data Feeds and Their Limitations
      • YARA
      • YARA Concepts and Examples
    • Dissemination: Operational
      • Different Methods of Campaign Correlation
      • Understanding Perceived Adversary Intentions
      • Leveraging the Diamond Model for Campaign Analysis
      • STIX and TAXII
      • Government and Partner Collaboration
    • Dissemination: Strategic
      • Report Writing Pitfalls
      • Report Writing Best Practices
      • Different Types of Strategic Output
    • Case Study: APT10 and Cloud Hopper
    • A Specific Intelligence Requirement: Attribution
      • Identifying and Remedying New Intelligence Requirements
      • Tuning the Collection Management Framework
      • Types of Attribution
      • Building an Attribution Model
      • Conducting Attribution Assessments
    • Case Study: Lazarus Group

  • Overview

    The FOR578 capstone focuses on analysis. Students will be placed on teams, given outputs of technical tools and cases, and work to piece together the relevant information from a single intrusion that enables them to unravel a broader campaign. Students will get practical experience satisfying intelligence requirements ranging from helping the incident response team to satisfying state-level attribution goals. This analytical process will put the students' minds to the test instead of placing a heavy emphasis on using technical tools. At the end of the day the teams will present their analyses on the multi-campaign threat they have uncovered.

GIAC Cyber Threat Intelligence

The GIAC Cyber Threat Intelligence (GCTI) certification validates practitioners have demonstrated requisite fundamental strategic, operational, and tactical cyber threat intelligence knowledge and skills.

  • Strategic, operational, and tactical cyber threat intelligence application & fundamentals
  • Open source intelligence and campaigns
  • Intelligence applications and intrusion analysis
  • Analysis of intelligence, attribution, collecting and storing data sets
  • Kill chain, diamond model, and courses of action matrix
  • Malware as a collection source, pivoting, and sharing intelligence
More Certification Details

Prerequisites

FOR578 is a good course for anyone who has had security training or prior experience in the field. Students should be comfortable with using the command line in Linux for a few labs (though a walkthrough is provided) and be familiar with security terminology.

Some of the courses that lead in to FOR578:

Students who have not taken any of the above courses but have real-world experience or have attended other security training, such as any other SANS class, will be comfortable in the course. New students and veterans will be exposed to new concepts given the unique style of the class focused on analysis training.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

MANDATORY FOR578 SYSTEM HARDWARE REQUIREMENTS
  • CPU: 64-bit Intel i5/i7 (8th generation or newer), or AMD equivalent. A x64 bit, 2.0+ GHz or newer processor is mandatory for this class.
  • CRITICAL: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot in any way be used for this course.
  • BIOS settings must be set to enable virtualization technology, such as "Intel-VTx" or "AMD-V" extensions. Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.
  • 16GB of RAM or more is required.
  • 100GB of free storage space or more is required.
  • At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.
  • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.
MANDATORY FOR578 HOST CONFIGURATION AND SOFTWARE REQUIREMENTS
  • Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
  • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.
  • Local Administrator Access is required. (Yes, this is absolutely required. Don't let your IT team tell you otherwise.) If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.
  • You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. Many of our courses require full administrative access to the operating system and these products can prevent you from accomplishing the labs.
  • Any filtering of egress traffic may prevent accomplishing the labs in your course. Firewalls should be disabled or you must have the administrative privileges to disable it.
  • Microsoft Office (any version) installed on your host. Note that you can download Office Trial Software online (free for 30 days).
  • Download and install VMware Workstation Pro 16.2.X+ or VMware Player 16.2.X+ (for Windows 10 hosts), VMware Workstation Pro 17.0.0+ or VMware Player 17.0.0+ (for Windows 11 hosts), or VMWare Fusion Pro 12.2+ or VMware Fusion Player 11.5+ (for macOS hosts) prior to class beginning. If you do not own a licensed copy of VMware Workstation Pro or VMware Fusion Pro, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their website. Also note that VMware Workstation Player offers fewer features than VMware Workstation Pro. For those with Windows host systems, Workstation Pro is recommended for a more seamless student experience.
  • On Windows hosts, VMware products might not coexist with the Hyper-V hypervisor. For the best experience, ensure VMware can boot a virtual machine. This may require disabling Hyper-V. Instructions for disabling Hyper-V, Device Guard, and Credential Guard are contained in the setup documentation that accompanies your course materials.
  • Download and install 7-Zip (for Windows Hosts) or Keka (for macOS hosts). These tools are also included in your downloaded course materials.

Your course media is delivered via download. The media files for class can be large. Many are in the 40-50GB range, with some over 100GB. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Do not wait until the night before class to start downloading these files.

Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions.

Your class uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping class materials visible while you are working on your course's labs.

If you have additional questions about the laptop specifications, please contact customer service.

Author Statement

The author team of Mike Cloppert, Chris Sperry, and Robert M. Lee originally developed FOR578: Cyber Threat Intelligence with the understanding that the community was in need of a single concise collection of tradecraft. Cloppert and Sperry initiated the development of the course with the understanding that their schedules would not permit them to be able to constantly teach it. However, it was through their thought leadership that the class has become what it is today. Their influence on the development of the course remains relevant today, and SANS thanks them for their leadership.

"When considering the value of threat intelligence, most individuals and organizations ask themselves three questions: What is threat intelligence? When am I ready for it? How do I use it? This class answers these questions and more at a critical point in the development of the field of threat intelligence in the wider community. The course will empower analysts of any technical background to think more critically and be prepared to face persistent and focused threats."

- Robert M. Lee

"Threat intelligence is a powerful tool in the hands of a trained analyst. It can provide insight to all levels of a security program, from security analysts responding to tactical threats against the network to executives reporting strategic-level threats to the Board of Directors. This course will give students an understanding of the role of threat intelligence in security operations and how it can be leveraged as a game-changing resource to combat an increasingly sophisticated adversary."

- Rebekah Brown

"This has been one of the most interesting and exciting courses I've taken as a student-turned-professional of cyber security. Rob M. Lee does a fantastic job of getting one prepared for the role of a CTI analyst, and having recently read the book "Sandworm," I'm geeking out really hard knowing that he's the one teaching this course. I enjoy the fact that not only does he provide insight into the world of CTI, but he provides case studies to identify both the pitfalls and big victories of threat analysis. I could not be more excited to continue this course." - James H, US State Gov

Ways to Learn

  • OnDemand

Cybersecurity learning – at YOUR pace! OnDemand provides unlimited access to your training wherever, whenever. All labs, exercises, and live support from SANS subject matter experts included.

Register Now
  • Live Online

The full SANS experience live at home! Get the ultimate in virtual, interactive SANS courses with leading SANS instructors via live stream. Following class, plan to kick back and enjoy a keynote from the couch.

View Available Dates & Time Zones
  • In Person (6 days)

Did someone say ALL-ACCESS? On-site immersion via in-classroom course sessions led by world-class SANS instructors fill your day, while bonus receptions and workshops fill your evenings.

View Available Dates & Locations

Who Should Attend FOR578?

  • Security Practitioners, should attend. This course is perfect match to any security skill set from red teamers to incident responders. The course is focused on analysis skills.
  • Incident Response Team Members who respond to complex security incidents/intrusions and need to know how to detect, investigate, remediate, and recover from compromised systems across an enterprise.
  • Threat Hunters who are seeking to understand threats more fully and how to learn from them to be able to more effectively hunt threats and counter the tradecraft behind them.
  • Security Operations Center Personnel and Information Security Practitioners who support hunting operations that seek to identify attackers in their network environments.
  • Digital Forensic Analysts and Malware Analysts who want to consolidate and expand their understanding of filesystem forensics, investigations of technically advanced adversaries, incident response tactics, and advanced intrusion investigations.
  • Federal Agents and Law Enforcement Officials who want to master advanced intrusion investigations and incident response, as well as expand their investigative skills beyond traditional host-based digital forensics.
  • Technical Managers who are looking to build intelligence teams or leverage intelligence in their organizations building off of their technical skillsets.
  • SANS Alumni looking to take their analytical skills to the next level.

NICE Framework Work Roles:

  • Data Analyst (OPM 422)
  • Cyber Defense Analyst (OPM 511)
  • Cyber Defense Incident Responder (OPM 531)
  • Threat/Warning Analyst (OPM 141)
  • All-Source Analyst (OPM 111)
  • Mission Assessment Specialist (OPM 112)
  • Target Network Analyst (OPM 132)
  • All Source-Collection Manager (OPM 311)
  • All Source-Collection Requirements Manager (OPM 312)
  • Cyber Intel Planner (OPM 331)
  • Partner Integration Planner (OPM 333)
  • Cyber Operator (OPM 321)
  • Cyber Crime Investigator (OPM 221)
  • Law Enforcement /CounterIntelligence Forensics Analyst (OPM 211)

See prerequisites

Need to justify a training request to your manager?

Use this justification letter template to share the key details of this training and certification opportunity with your boss.

Download the Letter

Reviews

This course is terrific! Class discussion and relevant case studies are extremely helpful for better understanding the content.
Larci Robertson
Epsilon
Threat intelligence analysis has been an art for too long, now it can finally become a science at SANS. Mike Cloppert and Robert M. Lee are the industry 'greybeards' who have seen it all. They are the thought leaders who should be shaping practitioners for years to come.
Rich Barger
ThreatConnect
Cyber Threat Intelligence is an entire discipline, not just a feed. This course will propel you along the path to understanding this rapidly maturing field of study.
Bertha Marasky
Verizon
    Africa/Abidjan
    Africa/Accra
    Africa/Addis Ababa
    Africa/Algiers
    Africa/Asmara
    Africa/Asmera
    Africa/Bamako
    Africa/Bangui
    Africa/Banjul
    Africa/Bissau
    Africa/Blantyre
    Africa/Brazzaville
    Africa/Bujumbura
    Africa/Cairo
    Africa/Casablanca
    Africa/Ceuta
    Africa/Conakry
    Africa/Dakar
    Africa/Dar es Salaam
    Africa/Djibouti
    Africa/Douala
    Africa/El Aaiun
    Africa/Freetown
    Africa/Gaborone
    Africa/Harare
    Africa/Johannesburg
    Africa/Juba
    Africa/Kampala
    Africa/Khartoum
    Africa/Kigali
    Africa/Kinshasa
    Africa/Lagos
    Africa/Libreville
    Africa/Lome
    Africa/Luanda
    Africa/Lubumbashi
    Africa/Lusaka
    Africa/Malabo
    Africa/Maputo
    Africa/Maseru
    Africa/Mbabane
    Africa/Mogadishu
    Africa/Monrovia
    Africa/Nairobi
    Africa/Ndjamena
    Africa/Niamey
    Africa/Nouakchott
    Africa/Ouagadougou
    Africa/Porto-Novo
    Africa/Sao Tome
    Africa/Timbuktu
    Africa/Tripoli
    Africa/Tunis
    Africa/Windhoek
    America/Adak
    America/Anchorage
    America/Anguilla
    America/Antigua
    America/Araguaina
    America/Argentina/Buenos Aires
    America/Argentina/Catamarca
    America/Argentina/ComodRivadavia
    America/Argentina/Cordoba
    America/Argentina/Jujuy
    America/Argentina/La Rioja
    America/Argentina/Mendoza
    America/Argentina/Rio Gallegos
    America/Argentina/Salta
    America/Argentina/San Juan
    America/Argentina/San Luis
    America/Argentina/Tucuman
    America/Argentina/Ushuaia
    America/Aruba
    America/Asuncion
    America/Atikokan
    America/Atka
    America/Bahia
    America/Bahia Banderas
    America/Barbados
    America/Belem
    America/Belize
    America/Blanc-Sablon
    America/Boa Vista
    America/Bogota
    America/Boise
    America/Buenos Aires
    America/Cambridge Bay
    America/Campo Grande
    America/Cancun
    America/Caracas
    America/Catamarca
    America/Cayenne
    America/Cayman
    America/Chicago
    America/Chihuahua
    America/Ciudad Juarez
    America/Coral Harbour
    America/Cordoba
    America/Costa Rica
    America/Creston
    America/Cuiaba
    America/Curacao
    America/Danmarkshavn
    America/Dawson
    America/Dawson Creek
    America/Denver
    America/Detroit
    America/Dominica
    America/Edmonton
    America/Eirunepe
    America/El Salvador
    America/Ensenada
    America/Fort Nelson
    America/Fort Wayne
    America/Fortaleza
    America/Glace Bay
    America/Godthab
    America/Goose Bay
    America/Grand Turk
    America/Grenada
    America/Guadeloupe
    America/Guatemala
    America/Guayaquil
    America/Guyana
    America/Halifax
    America/Havana
    America/Hermosillo
    America/Indiana/Indianapolis
    America/Indiana/Knox
    America/Indiana/Marengo
    America/Indiana/Petersburg
    America/Indiana/Tell City
    America/Indiana/Vevay
    America/Indiana/Vincennes
    America/Indiana/Winamac
    America/Indianapolis
    America/Inuvik
    America/Iqaluit
    America/Jamaica
    America/Jujuy
    America/Juneau
    America/Kentucky/Louisville
    America/Kentucky/Monticello
    America/Knox IN
    America/Kralendijk
    America/La Paz
    America/Lima
    America/Los Angeles
    America/Louisville
    America/Lower Princes
    America/Maceio
    America/Managua
    America/Manaus
    America/Marigot
    America/Martinique
    America/Matamoros
    America/Mazatlan
    America/Mendoza
    America/Menominee
    America/Merida
    America/Metlakatla
    America/Mexico City
    America/Miquelon
    America/Moncton
    America/Monterrey
    America/Montevideo
    America/Montreal
    America/Montserrat
    America/Nassau
    America/New York
    America/Nipigon
    America/Nome
    America/Noronha
    America/North Dakota/Beulah
    America/North Dakota/Center
    America/North Dakota/New Salem
    America/Nuuk
    America/Ojinaga
    America/Panama
    America/Pangnirtung
    America/Paramaribo
    America/Phoenix
    America/Port-au-Prince
    America/Port of Spain
    America/Porto Acre
    America/Porto Velho
    America/Puerto Rico
    America/Punta Arenas
    America/Rainy River
    America/Rankin Inlet
    America/Recife
    America/Regina
    America/Resolute
    America/Rio Branco
    America/Rosario
    America/Santa Isabel
    America/Santarem
    America/Santiago
    America/Santo Domingo
    America/Sao Paulo
    America/Scoresbysund
    America/Shiprock
    America/Sitka
    America/St Barthelemy
    America/St Johns
    America/St Kitts
    America/St Lucia
    America/St Thomas
    America/St Vincent
    America/Swift Current
    America/Tegucigalpa
    America/Thule
    America/Thunder Bay
    America/Tijuana
    America/Toronto
    America/Tortola
    America/Vancouver
    America/Virgin
    America/Whitehorse
    America/Winnipeg
    America/Yakutat
    America/Yellowknife
    Antarctica/Casey
    Antarctica/Davis
    Antarctica/DumontDUrville
    Antarctica/Macquarie
    Antarctica/Mawson
    Antarctica/McMurdo
    Antarctica/Palmer
    Antarctica/Rothera
    Antarctica/South Pole
    Antarctica/Syowa
    Antarctica/Troll
    Antarctica/Vostok
    Arctic/Longyearbyen
    Asia/Aden
    Asia/Almaty
    Asia/Amman
    Asia/Anadyr
    Asia/Aqtau
    Asia/Aqtobe
    Asia/Ashgabat
    Asia/Ashkhabad
    Asia/Atyrau
    Asia/Baghdad
    Asia/Bahrain
    Asia/Baku
    Asia/Bangkok
    Asia/Barnaul
    Asia/Beirut
    Asia/Bishkek
    Asia/Brunei
    Asia/Calcutta
    Asia/Chita
    Asia/Choibalsan
    Asia/Chongqing
    Asia/Chungking
    Asia/Colombo
    Asia/Dacca
    Asia/Damascus
    Asia/Dhaka
    Asia/Dili
    Asia/Dubai
    Asia/Dushanbe
    Asia/Famagusta
    Asia/Gaza
    Asia/Harbin
    Asia/Hebron
    Asia/Ho Chi Minh
    Asia/Hong Kong
    Asia/Hovd
    Asia/Irkutsk
    Asia/Istanbul
    Asia/Jakarta
    Asia/Jayapura
    Asia/Jerusalem
    Asia/Kabul
    Asia/Kamchatka
    Asia/Karachi
    Asia/Kashgar
    Asia/Kathmandu
    Asia/Katmandu
    Asia/Khandyga
    Asia/Kolkata
    Asia/Krasnoyarsk
    Asia/Kuala Lumpur
    Asia/Kuching
    Asia/Kuwait
    Asia/Macao
    Asia/Macau
    Asia/Magadan
    Asia/Makassar
    Asia/Manila
    Asia/Muscat
    Asia/Nicosia
    Asia/Novokuznetsk
    Asia/Novosibirsk
    Asia/Omsk
    Asia/Oral
    Asia/Phnom Penh
    Asia/Pontianak
    Asia/Pyongyang
    Asia/Qatar
    Asia/Qostanay
    Asia/Qyzylorda
    Asia/Rangoon
    Asia/Riyadh
    Asia/Saigon
    Asia/Sakhalin
    Asia/Samarkand
    Asia/Seoul
    Asia/Shanghai
    Asia/Singapore
    Asia/Srednekolymsk
    Asia/Taipei
    Asia/Tashkent
    Asia/Tbilisi
    Asia/Tehran
    Asia/Tel Aviv
    Asia/Thimbu
    Asia/Thimphu
    Asia/Tokyo
    Asia/Tomsk
    Asia/Ujung Pandang
    Asia/Ulaanbaatar
    Asia/Ulan Bator
    Asia/Urumqi
    Asia/Ust-Nera
    Asia/Vientiane
    Asia/Vladivostok
    Asia/Yakutsk
    Asia/Yangon
    Asia/Yekaterinburg
    Asia/Yerevan
    Atlantic/Azores
    Atlantic/Bermuda
    Atlantic/Canary
    Atlantic/Cape Verde
    Atlantic/Faeroe
    Atlantic/Faroe
    Atlantic/Jan Mayen
    Atlantic/Madeira
    Atlantic/Reykjavik
    Atlantic/South Georgia
    Atlantic/St Helena
    Atlantic/Stanley
    Australia/ACT
    Australia/Adelaide
    Australia/Brisbane
    Australia/Broken Hill
    Australia/Canberra
    Australia/Currie
    Australia/Darwin
    Australia/Eucla
    Australia/Hobart
    Australia/LHI
    Australia/Lindeman
    Australia/Lord Howe
    Australia/Melbourne
    Australia/NSW
    Australia/North
    Australia/Perth
    Australia/Queensland
    Australia/South
    Australia/Sydney
    Australia/Tasmania
    Australia/Victoria
    Australia/West
    Australia/Yancowinna
    Brazil/Acre
    Brazil/DeNoronha
    Brazil/East
    Brazil/West
    CET
    CST6CDT
    Canada/Atlantic
    Canada/Central
    Canada/Eastern
    Canada/Mountain
    Canada/Newfoundland
    Canada/Pacific
    Canada/Saskatchewan
    Canada/Yukon
    Chile/Continental
    Chile/EasterIsland
    Cuba
    EET
    EST
    EST5EDT
    Egypt
    Eire
    Etc/GMT
    Etc/GMT+0
    Etc/GMT+1
    Etc/GMT+10
    Etc/GMT+11
    Etc/GMT+12
    Etc/GMT+2
    Etc/GMT+3
    Etc/GMT+4
    Etc/GMT+5
    Etc/GMT+6
    Etc/GMT+7
    Etc/GMT+8
    Etc/GMT+9
    Etc/GMT-0
    Etc/GMT-1
    Etc/GMT-10
    Etc/GMT-11
    Etc/GMT-12
    Etc/GMT-13
    Etc/GMT-14
    Etc/GMT-2
    Etc/GMT-3
    Etc/GMT-4
    Etc/GMT-5
    Etc/GMT-6
    Etc/GMT-7
    Etc/GMT-8
    Etc/GMT-9
    Etc/GMT0
    Etc/Greenwich
    Etc/UCT
    Etc/UTC
    Etc/Universal
    Etc/Zulu
    Europe/Amsterdam
    Europe/Andorra
    Europe/Astrakhan
    Europe/Athens
    Europe/Belfast
    Europe/Belgrade
    Europe/Berlin
    Europe/Bratislava
    Europe/Brussels
    Europe/Bucharest
    Europe/Budapest
    Europe/Busingen
    Europe/Chisinau
    Europe/Copenhagen
    Europe/Dublin
    Europe/Gibraltar
    Europe/Guernsey
    Europe/Helsinki
    Europe/Isle of Man
    Europe/Istanbul
    Europe/Jersey
    Europe/Kaliningrad
    Europe/Kiev
    Europe/Kirov
    Europe/Kyiv
    Europe/Lisbon
    Europe/Ljubljana
    Europe/London
    Europe/Luxembourg
    Europe/Madrid
    Europe/Malta
    Europe/Mariehamn
    Europe/Minsk
    Europe/Monaco
    Europe/Moscow
    Europe/Nicosia
    Europe/Oslo
    Europe/Paris
    Europe/Podgorica
    Europe/Prague
    Europe/Riga
    Europe/Rome
    Europe/Samara
    Europe/San Marino
    Europe/Sarajevo
    Europe/Saratov
    Europe/Simferopol
    Europe/Skopje
    Europe/Sofia
    Europe/Stockholm
    Europe/Tallinn
    Europe/Tirane
    Europe/Tiraspol
    Europe/Ulyanovsk
    Europe/Uzhgorod
    Europe/Vaduz
    Europe/Vatican
    Europe/Vienna
    Europe/Vilnius
    Europe/Volgograd
    Europe/Warsaw
    Europe/Zagreb
    Europe/Zaporozhye
    Europe/Zurich
    GB
    GB-Eire
    GMT
    GMT+0
    GMT-0
    GMT0
    Greenwich
    HST
    Hongkong
    Iceland
    Indian/Antananarivo
    Indian/Chagos
    Indian/Christmas
    Indian/Cocos
    Indian/Comoro
    Indian/Kerguelen
    Indian/Mahe
    Indian/Maldives
    Indian/Mauritius
    Indian/Mayotte
    Indian/Reunion
    Iran
    Israel
    Jamaica
    Japan
    Kwajalein
    Libya
    MET
    MST
    MST7MDT
    Mexico/BajaNorte
    Mexico/BajaSur
    Mexico/General
    NZ
    NZ-CHAT
    Navajo
    PRC
    PST8PDT
    Pacific/Apia
    Pacific/Auckland
    Pacific/Bougainville
    Pacific/Chatham
    Pacific/Chuuk
    Pacific/Easter
    Pacific/Efate
    Pacific/Enderbury
    Pacific/Fakaofo
    Pacific/Fiji
    Pacific/Funafuti
    Pacific/Galapagos
    Pacific/Gambier
    Pacific/Guadalcanal
    Pacific/Guam
    Pacific/Honolulu
    Pacific/Johnston
    Pacific/Kanton
    Pacific/Kiritimati
    Pacific/Kosrae
    Pacific/Kwajalein
    Pacific/Majuro
    Pacific/Marquesas
    Pacific/Midway
    Pacific/Nauru
    Pacific/Niue
    Pacific/Norfolk
    Pacific/Noumea
    Pacific/Pago Pago
    Pacific/Palau
    Pacific/Pitcairn
    Pacific/Pohnpei
    Pacific/Ponape
    Pacific/Port Moresby
    Pacific/Rarotonga
    Pacific/Saipan
    Pacific/Samoa
    Pacific/Tahiti
    Pacific/Tarawa
    Pacific/Tongatapu
    Pacific/Truk
    Pacific/Wake
    Pacific/Wallis
    Pacific/Yap
    Poland
    Portugal
    ROC
    ROK
    Singapore
    Turkey
    UCT
    US/Alaska
    US/Aleutian
    US/Arizona
    US/Central
    US/East-Indiana
    US/Eastern
    US/Hawaii
    US/Indiana-Starke
    US/Michigan
    US/Mountain
    US/Pacific
    US/Samoa
    UTC
    Universal
    W-SU
    WET
    Zulu
    Filters:
    Training Formats
          Location
          Dates

          Register for FOR578

          Learn about Group Pricing

          Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.

          Loading...