Cyber Threat Hunting Training (CCTHP)

Commitment 3 Days, 7-8 hours a day.
Language English
User Ratings Average User Rating 4.8 See what learners said
Price REQUEST
Delivery Options Instructor-Led Onsite, Online, and Classroom Live

COURSE OVERVIEW

Learn how to find, assess and remove threats from your organization in our Certified Cyber Threat Hunting Training (CCTHP) designed to prepare you for the Certified Cyber Threat Hunting Professional (CCTHP) exam.

In this Cyber Threat Hunting Training (CCTHP) course, we will deep dive into “Threat hunting” and searching for threats and mitigating before the bad guy pounce. And we will craft a series of attacks to check the Enterprise security level and hunt for threats. An efficient Threat hunting approach towards Networks, Web, Cloud, IoT Devices, Command & Control channels (c2), Web shell, memory, and OS, which will help you to gain a new level of knowledge and carry out all tasks with complete hands-on.

This Cyber Threat Hunting Training (CCTHP) course focuses on capturing the adversary’s ability to compromise a network, conduct lateral movement, establish command and control, tunnel, and exfiltrate data. Students identify covert communications, malicious activity, and other network data anomalies. Instructors use various open-source and custom-developed remote interrogation techniques to analyze networking devices and supporting systems including logging and alerts. Instructors present students with real-world situations and enable them to perform HUNT operations across a corporate network.

CERTIFICATION DETAILS:

The Certified Cyber Threat Hunting Professional (CCTHP) certification is designed to certify that candidates have expert-level knowledge and skills in cyber threat identification and threat hunting.

The CCTHP body of knowledge consists of five domains covering the responsibilities of a cyber threat hunter. The certification exam is a 50-question, traditional multiple-choice test. Questions are randomly pulled from a master list and must be completed in two hours. The five CCTHP domains are:

  • Cyber threat hunting definition and goals
  • Cyber threat hunting methodologies and techniques
  • Hunting for network-based cyber threats
  • Hunting for host-based cyber threats
  • Cyber threat hunting technologies and tools
WHAT'S INCLUDED?
  • 3 days of expert Certified Cyber Threat Hunting Training (CCTHP) with an expert instructor
  • Certified Cyber Threat Hunting Professional (CCTHP) Training Guide
  • Certified Cyber Threat Hunting (CCTHP) exam voucher
  • 100% Satisfaction Guarantee
RESOURCES
RELATED COURSES

ADDITIONAL INFORMATION

COURSE OBJECTIVES

After attending the Cyber Threat Hunting Training (CCTHP), you will have the knowledge and skills to:

  • Think tactically regarding cyber threat defense
  • Use threat intelligence to form your own hypotheses and begin the hunt
  • Anticipate and hunt down threats in your organization’s systems
  • Inspect network information to identify dangerous traffic
  • Understand the Hunting Maturity Model to measure your organization’s hunting capability
  • Learn how to find and investigate malware, phishing, lateral movement, data exfiltration, and other common threats
CUSTOMIZE IT
  • We can adapt this Cyber Threat Hunting (CCTHP) course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Certified Cyber Threat Hunting Professional (CCTHP) course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Certified Cyber Threat Hunting Professional (CCTHP) course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Cyber Threat Hunting (CCTHP) course in a manner understandable to lay audiences.
AUDIENCE/TARGET GROUP

Understanding the process of threat hunting is useful to any number of different jobs and teams. Our Cyber Threat Hunting Training (CCTHP) would be perfect for anyone who wants to know more about threat hunting and the current threat landscape, such as:

  • Penetration testers
  • Red team members and other white hats
  • Incident-response team members
  • Security analysts
  • Engineers specializing in network security or IT
  • Security consultants and auditors
  • Managers wanting to create threat-hunting teams within their own companies
CLASS PREREQUISITES

The knowledge and skills that a learner must have before attending this Cyber Threat Hunting Training (CCTHP) course are:

  • Understanding of fundamental information security concepts
  • Working knowledge of networking devices and protocols
  • Exposure to pen testing and network monitoring tools and methodologies
  • Basic knowledge of Linux and Windows command line

COURSE SYLLABUS

DAY 1
Introduction to cyber threat hunting
  • What is threat hunting?
  • Assumption of breach
  • The concept of active defense
  • Role of threat hunting in an organizational security program
  • Threat hunting benefits
Threat hunting process
  • Preparing for the hunt: the hunter, the data, the tools
  • Creating a context-based hypothesis
  • Starting the hunt (confirming the hypothesis)
  • Responding to the attack
  • Lessons learned
Threat hunting methodologies
  • The Crown Jewel Analysis (CJA)
  • Cyber threat patterns and signatures
  • Utilizing threat intelligence
  • Cyber Threat Hunting Training (CCTHP)
  • Threat hunting hypotheses: intelligence-driven, awareness-driven, analytics-driven
DAY 2
Threat hunting techniques
  • Searching
  • Cluster analysis
  • Grouping
  • Stack counting
Preparing for the hunt
  • What data do you need and how to get it?
  • Host and network visibility
  • Data gathering and analysis tools
  • Commercial and open-source threat-hunting solutions
The hunt is on
  • What threats can be hunted?
  • Introduction to IOCs and artifacts
  • IOCs and IOAs
  • Cyber kill chain
Hunting for network-based threats
  • Network hunting overview (networking concepts, devices, communications, hunting tools)
  • Hunting for suspicious DNS requests and geographic abnormalities
  • Hunting for DDoS Activity
  • Hunting for suspicious domains, URLs, and HTML responses
  • Cyber Threat Hunting Training (CCTHP)
  • Hunting for irregular traffic: misused protocols,
    port-application mismatches, web shells, and other threats
Hunting for host-based threats
  • Endpoint hunting overview (Windows and Linux processes, file systems, registry, hunting tools)
  • Malware (types, common activities, AV evasion, detection, and analysis tools and methods)
  • Hunting for irregularities in processes
  • Hunting for registry and system file changes
  • Hunting for filenames and hashes
  • Hunting for abnormal account activity (brute-force attacks, privileged accounts)
  • Hunting for swells in database read volume
  • Hunting for unexpected patching of systems
DAY 3
Utilizing system and security event data
  • Event logs and IDs
  • Logging on Windows and Linux
  • SIEM
  • Using event data during hunts
Advanced threat-hunting concepts
  • OODA (Observe, Orient, Decide, Act) loop
  • Going beyond IOCs: hunting for advanced threats
  • Chokepoint monitoring
  • Deceptive technologies
  • Developing an effective threat-hunting program
  • Building customized threat-hunting tools
  • Threat hunting best practices and resources
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP) Course Recap, Q/A, and Evaluations

REQUEST MORE INFORMATION