Threat Hunting Professional

Curious about this course?

Enroll now and get access to all of our material and labs!

Plans and Pricing


View enrollment fees for individual students.


Purchase eLearnSecurity courses for your company.

Study at your own pace

Threat Hunting Professional (THP) is an online, self-paced training course that provides you with the knowledge and skills to proactively hunt for threats in your environment. THP will train you to develop a hunting mentality using different hunting strategies to hunt for various attack techniques and signatures. THP also comes with lifetime access to course materials and flexible access to the most sophisticated virtual labs on threat hunting.

Discover Contents

Extremely Hands-on

Practice hunting for different threats using various tools and techniques. THP includes the most sophisticated virtual lab on Network and Web App Security: Hera Lab.

Discover Labs

Become Certified

Obtain the eCTHP certification and prove your practical skills with the only 100% practical certification on threat hunting.

Discover eCTHP

Course at a glance

  • Establish a proactive defense mentality
  • Learn how to proactively hunt for threats in your organization’s network or perimeter
  • Learn how to use threat intelligence or hypotheses to hunt for known threats
  • Comfortably inspect network traffic and identify malicious traffic
  • Perform memory analysis using Redline and Volatility to identify malware
  • Use tools such as Sysmon and ELK to analyze Windows events and detect attack patterns
  • Use tools such as PowerShell, Microsoft ATP, and ATA to detect attacks

Course material

  • High Definition Videos
  • Interactive slides
  • Hands-on challenges in our industry leading virtual labs

Course delivery

  • Self-paced, HTML5, PDF, MP4
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Test drive this course for free

I agree to receive emails from Caendra Inc.


  • Module 1 : Introduction to Threat Hunting

    In this module, you will take your first dive into the world of threat hunting and learn what threat hunting is and what it is not. You will also learn how threat hunting correlates with incident response and risk assessments.

  • Module 2 : Threat Hunting Terminology

    This module introduces various threat hunting terms. You will learn how to differentiate between having a mindset that relies mostly on threat intelligence during hunts and having a mindset that uses digital forensics techniques during hunts.

  • Module 3 : Threat Intelligence

    In this module, we will tap into threat intelligence by covering how to obtain threat intelligence reports and the latest information on research that you can use during hunts. We will also cover different threat sharing platforms and exchanges. Finally, we will look at indicators of compromise (IOCs), where you will learn how to create and use them in your hunts using Redline and Yara.

  • Module 4 : Threat Hunting Methodology

    You will not be expected to start hunting without a concise plan. In this module, you will learn the recommended steps to start a hunt, as well as how to create hypotheses and hunts based on those guesses. You will also learn how to determine if your hunts are successful and the importance of forming a hunting strategy.

  • Module 5 : Introduction to Network Hunting

    In this module, we will cover network basics as a primer, as well as TCP/IP stack, packets, protocols, networking equipment, and the necessary tools to inspect network traffic.

  • Module 6 : Suspicious Traffic Hunting

    In this module, we will look at each protocol individually. We’ll look at what is normal for a particular protocol and what is not normal for a particular protocol, which will help us identify the misuse of protocol for nefarious purposes.

  • Module 7 : Hunting Web Shells

    In this module, we will look at various common and uncommon web shells. We will also look at tools, such as Loki, and techniques to aid us in hunting for web shells in our environments.

  • Module 8 : Introduction to Endpoint Hunting

    In this module, we will look at the core Windows processes. We will look at the normal behavior of these processes, as well as indicators for when the process is being misused to hide nefarious activities. Also discussed, is the importance of baselines which we can use to flag changes in a particular system.

  • Module 9 : Malware Overview

    In this module, we’ll look at malware. We will discuss the different classifications of malware and how malware uses different techniques to infect our systems; additionally, we will review how malware attempts to evade detection and remain persistent.

  • Module 10 : Hunting Malware

    In this module, we will look at different tools and techniques, such as import hashing and fuzzy hashing, to hunt for malware. We will also discuss memory analysis and how to use different tools, like Volatility, to hunt for malware in memory.

  • Module 11 : Event IDs, Logging, & SIEMs

    In this module, we’ll be looking at event logs. We will discuss what event logs are, as well as important event IDs to monitor to detect specific activities in your environment. We’ll also look at tools, such as Sysmon and PowerShell logging, to enhance the traditional Windows logging capabilities. Lastly, we’ll look at how you can use tools like the ELK stack to aid us during hunts.

  • Module 12 : Hunting with PowerShell

    In this module, we will discuss how to use PowerShell during hunts, as well as look at some existing PowerShell frameworks that were created specifically for incident response and threat hunting at large scale.

Download PDF Syllabus


  • A solid understanding of computer networks: switches, routing, security devices, TCP/IP, typical network applications such as DNS, HTTPS, SMTP, etc. (Recommended)
  • Intermediate understanding of IT security matters
  • Intermediate to advanced understanding of penetration testing tools and methods. (Recommendation: PTP course)

This training course is for...

  • Security Operations Center analysts and engineers
  • Penetration testers/Red team members
  • Network security engineers
  • Incident response team members
  • Information security consultants and IT auditors
  • Managers who want to understand how to create threat hunting teams and intelligence capabilities


Threat Hunting Professional (THP) is the most practical training course on threat hunting. Being integrated with Hera Lab, the most sophisticated virtual lab on IT Security, it offers an unmatched practical learning experience. Hera is the only virtual lab that provides fully isolated per-student access to each of the real-world network scenarios available on the platform. Students can access Hera Lab from anywhere through VPN.

Lab IDDescriptionCategory
Lab 1 Hunting with IoCs Educational
Lab 2 Hunting Insider Threats Part 1 Educational
Lab 3 Hunting Insider Threats Part 2 Educational
Lab 4 Hunting Web Shells Part 1 Educational
Lab 5 Hunting Web Shells Part 2 Educational
Lab 6 Hunting Malware Part 1 Educational
Lab 7 Hunting Malware Part 2 Educational
Lab 8 Hunting Responder Educational
Lab 9 Hunting Empire Educational


Get the eCTHP Certification

eLearnSecurity's eCTHP (Certified Threat Hunting Professional) certification is the most practical and professionally oriented certification you can obtain in threat hunting and threat identification in general. Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual threat hunt on a corporate network. This threat hunt is modeled after real-world scenarios and cutting-edge malware.

Learn more


  • Dimitrios Bougioukas
    Dimitrios Bougioukas

    Dimitrios Bougioukas is a Senior IT Security researcher and instructor at eLearnSecurity and holds a B.Sc. in Computer Science from the Athens University of Economics and Business. For the past 4 years, he has worked as a Business Information Security Engineer and Information Security Analyst for a major financial institution and as a penetration tester within EY's practice. Dimitrios specializes in advanced cyber threat simulation, threat intelligence and purple team tactics. He has been engaged on numerous penetration testing activities against critical infrastructure, web applications and mobile applications. In terms of research, Dimitrios has presented at information security conferences such as BSides and has received acknowledgements from security, telecom and other major companies for finding and reporting vulnerabilities in their web applications, in a responsible manner (IBM Trusteer, LG etc.). In the context of his professional career, his work led to international and regional information security awards in prestigious and highly competitive contests such as Retail Banker International Awards.

  • Sam Vega
    Sam Vega

    Sam Vega is a Senior IT Security Researcher and Trainer at eLearnSecurity. Sam has been fiddling with computers for over 20 years but has been officially an IT professional since 2008. Sam lives by the hacker spirit and learns by RTFM and reverse engineering. In his previous role, Sam was a Senior Technical Systems Analyst for a nationally recognized hospital and was working in the capacity of a Senior Desktop Engineer, securing thousands of endpoints from being compromised. Sam has written several articles for the security community and is no stranger to being a security trainer. He holds current industry standard security certifications. He enjoys threat hunting, writing & reverse engineering code, analyzing malware, performing PoCs, and figuring out complex problems. His mindset is a defender by day, attacker by night, which makes him part of the Purple Team by design and a lover of all things infosec by nature.

Enroll now and get access to all of our material and labs!


The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen

Denis Hancock
Manager Consulting Pty Ltd

Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.

Steven Collins

eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools.

Timothy E. Everson
Novell inc

Go to top of page