Call 1-800-305-3855 for  more information on available plans and pricing

Study at your own pace

Threat Hunting Professional (THP) is an online, self-paced training course that provides you with the knowledge and skills to proactively hunt for threats in your environment. THP will train you to develop a hunting mentality using different hunting strategies to hunt for various attack techniques and signatures. THP also comes with lifetime access to course materials and flexible access to the most sophisticated virtual labs on threat hunting.

Extremely Hands-on

Practice hunting for different threats using various tools and techniques. THP includes the most sophisticated virtual lab on Network and Web App Security: Hera Lab.

Become Certified

Obtain the eCTHP certification and prove your practical skills with the only 100% practical certification on threat hunting.

Course at a glance
  • Establish a proactive defense mentality
  • Learn how to proactively hunt for threats in your organization’s network or perimeter
  • Learn how to use threat intelligence or hypotheses to hunt for known threats
  • Comfortably inspect network traffic and identify malicious traffic
  • Perform memory analysis using Redline and Volatility to identify malware
  • Use tools such as Sysmon and ELK to analyze Windows events and detect attack patterns
  • Use tools such as PowerShell, Microsoft ATP, and ATA to detect attacks
Course Material
  •     High Definition Videos
  •     Interactive slides
  •     Hands-on challenges in our industry leading virtual labs
Course Delivery
  •     Self-paced / HTML5, PDF, MP4
  •     Off-line access available
  •     Access from PC, Tablet and Smartphone
Syllabus
  • Module 1 : Introduction to Threat Hunting

    In this module, you will take your first dive into the world of threat hunting and learn what threat hunting is and what it is not. You will also learn how threat hunting correlates with incident response and risk assessments.

  • Module 2 : Threat Hunting Terminology

    This module introduces various threat hunting terms. You will learn how to differentiate between having a mindset that relies mostly on threat intelligence during hunts and having a mindset that uses digital forensics techniques during hunts.

  • Module 3 : Threat Intelligence

    In this module, we will tap into threat intelligence by covering how to obtain threat intelligence reports and the latest information on research that you can use during hunts. We will also cover different threat sharing platforms and exchanges. Finally, we will look at indicators of compromise (IOCs), where you will learn how to create and use them in your hunts using Redline and Yara.

  • Module 4 : Threat Hunting Methodology

    You will not be expected to start hunting without a concise plan. In this module, you will learn the recommended steps to start a hunt, as well as how to create hypotheses and hunts based on those guesses. You will also learn how to determine if your hunts are successful and the importance of forming a hunting strategy.

  • Module 5 : Introduction to Network Hunting

    In this module, we will cover network basics as a primer, as well as TCP/IP stack, packets, protocols, networking equipment, and the necessary tools to inspect network traffic.

  • Module 6 : Suspicious Traffic Hunting

    In this module, we will look at each protocol individually. We’ll look at what is normal for a particular protocol and what is not normal for a particular protocol, which will help us identify the misuse of protocol for nefarious purposes.

  • Module 7 : Hunting Web Shells

    In this module, we will look at various common and uncommon web shells. We will also look at tools, such as Loki, and techniques to aid us in hunting for web shells in our environments.

  • Module 8 : Introduction to Endpoint Hunting

    In this module, we will look at the core Windows processes. We will look at the normal behavior of these processes, as well as indicators for when the process is being misused to hide nefarious activities. Also discussed, is the importance of baselines which we can use to flag changes in a particular system.

  • Module 9 : Malware Overview

    In this module, we’ll look at malware. We will discuss the different classifications of malware and how malware uses different techniques to infect our systems; additionally, we will review how malware attempts to evade detection and remain persistent.

  • Module 10 : Hunting Malware

    In this module, we will look at different tools and techniques, such as import hashing and fuzzy hashing, to hunt for malware. We will also discuss memory analysis and how to use different tools, like Volatility, to hunt for malware in memory.

  • Module 11 : Event IDs, Logging, & SIEMs

    In this module, we’ll be looking at event logs. We will discuss what event logs are, as well as important event IDs to monitor to detect specific activities in your environment. We’ll also look at tools, such as Sysmon and PowerShell logging, to enhance the traditional Windows logging capabilities. Lastly, we’ll look at how you can use tools like the ELK stack to aid us during hunts.

  • Module 12 : Hunting with PowerShell

    In this module, we will discuss how to use PowerShell during hunts, as well as look at some existing PowerShell frameworks that were created specifically for incident response and threat hunting at large scale.

Pre-requisites
  • A solid understanding of computer networks: switches, routing, security devices, TCP/IP, typical network applications such as DNS, HTTPS, SMTP, etc. (Recommended)
  • Intermediate understanding of IT security matters
  • Intermediate to advanced understanding of penetration testing tools and methods. (Recommendation: PTP course)
This training course is for…
  • Security Operations Center analysts and engineers
  • Penetration testers/Red team members
  • Network security engineers
  • Incident response team members
  • Information security consultants and IT auditors
  • Managers who want to understand how to create threat hunting teams and intelligence capabilities
Labs

Threat Hunting Professional (THP) is the most practical training course on threat hunting. Being integrated with Hera Lab, the most sophisticated virtual lab on IT Security, it offers an unmatched practical learning experience. Hera is the only virtual lab that provides fully isolated per-student access to each of the real-world network scenarios available on the platform. Students can access Hera Lab from anywhere through VPN.

Lab IDDescriptionCategory
Lab 1Hunting with IoCsEducational
Lab 2Hunting Insider Threats Part 1Educational
Lab 3Hunting Insider Threats Part 2Educational
Lab 4Hunting Web Shells Part 1Educational
Lab 5Hunting Web Shells Part 2Educational
Lab 6Hunting Malware Part 1Educational
Lab 7Hunting Malware Part 2Educational
Lab 8Hunting ResponderEducational
Lab 9Hunting EmpireEducational

Call 1-800-305-3855 for  more information on available plans and pricing