Foundational threat hunting equips learners with the essential skills and mindsets to operate on the defensive side of cybersecurity.
In today’s threat landscape, defenders must go beyond reactive security measures. Threat hunting is a proactive practice where security experts track down and identify threats before they can cause damage.
This course provides the core concepts, tools, and methods used by enterprise defenders to detect, track, and respond to attackers in networks and endpoints.
Learners Develop Important Skills, Including:
- Understanding the threat landscape with a focus on ransomware and Advanced Persistent Threats (APTs)
- Leveraging network and endpoint Indicators of Compromise (IoCs) to proactively detect threats
- Highlighting the role of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) such as Suricata in monitoring suspicious activity
- Examining various ransomware groups, including LockBit, CLOP, and BlackCat/ALPHV, with examples of how they exploit specific vulnerabilities
- Detecting tailored threats with a focus on behavioral analysis and data correlation to detect complex threats using tools such as CrowdStrike Falcon
Structured Learning, Practical Application: TH-200 Threat Hunting Course
TH-200 is divided into 7 modules with associated hands-on lab exercises and assessment questions. After completing the content modules and lab exercises, learners can work on a comprehensive Challenge Lab where they can bring together all the skills learned in the course and prepare for the OSTH exam.
TH-200 is aimed at anyone who wants to build a solid foundation in threat hunting, including SOC analysts, IT security specialists, and individuals seeking a specialization in cybersecurity. While there are no course prerequisites, it is recommended that learners have some experience in cybersecurity, solid knowledge of TCP/IP networks, and familiarity with the Linux and Windows operating systems.