CCTH
Training of Cyber Threat Hunting
The course aims to develop participants’ skills in proactive cyber threat hunting
40 Hours
Cloud Environment
Instructor Led
Virtual Labs & Simulation
This course is designed to equip participants with the knowledge and skills needed to proactively detect and identify cybersecurity threats within organization's network. The curriculum covers the fundamentals of threat hunting, including hunting types, processes, objectives, and strategies for improving organizational maturity. It also explores advanced techniques for endpoint and network-level hunting—such as identifying malware obfuscation methods, detecting internal reconnaissance and lateral movement, and applying effective data acquisition techniques.
WHO IS IT FOR
IT and Cybersecurity juniors
Cybersecurity Analysts and Practitioners
Security Operations (SecOps) professionals
GOALS
Fundamentals of Cyber Threat Hunting:
Gain a comprehensive understanding of the threat hunting process, its various types, and how to design effective hunt missions and build mature hunting programs
Endpoint-Focused Threat Hunting:
Master techniques for identifying threats on endpoints, including operating system analysis, detecting malware obfuscation, internal reconnaissance, and lateral movement
Network-Focused Threat Hunting:
Develop practical skills for network-based threat hunting, such as analyzing network architectures, detecting tunneling techniques, and identifying suspicious HTTP traffic
Requirements
Profound knowledge in IT infrastructures (both networks and operating systems, i.e. file systems, windows registry, common network protocols)
Advanced knowledge and experience in SOC infrastructures, workflows and processes, and in Incident Response techniques
- Definitions of Threat Hunting
- Identifying Goals and Missions
- Understanding the Process Workflow
- Establishing a Threat Hunting Process
- Overview of Threat Hunting in Operating Systems
- Deep Dive into Malware Behaviors
- Detecting Lateral Movements through Operating Systems
- Overview of Threat Hunting in Networks
- Detecting Reconnaissance
- Understanding and Detecting Tunneling (i.e. DNS, ICMP, SSH)
- Detecting Anomalous and Suspicious Traffic (i.e. HTTP, DNS)
- Practical Exercise for Threat Hunters
27 Hours of hands-on activities
Total amount of practical experience during this course.