eLearnSecurity Certified Threat Hunting Professional (eCTHPv2) Review
TL;DR: If you are comfortable in a SIEM, know how to do memory forensics, and have a good grip on attacker TTPs you will be good
The course
The course material for this course was excellent and gave a really nice introduction to the different aspects of threat hunting in an enterprise environment. It acts as a natural follow-up to the eCIR exam and course. I would recommend that you have some knowledge of windows before starting this course. However, with a bit of additional research, you should be able to follow along. Even though the course materials are starting to get a bit dated the course still holds up to more modern courses like GCFA (2022) and the skills and knowledge covered here are applicable in 2023. In particular, what the course did great both via the slides and the labs were:
- Give comprehensive insight into how attacks look in different forms like logs, network traffic, and in memory
- Provide many different examples- examples of everything from empire to rootkits were covered, this also extends to the different phases of the kill chain.
- Provide info and examples of multiple ways of catching attackers - again verity and coverage are the keywords and I really enjoyed the course and materials
A year or so after taking this course I took the GCFA and I must say this course acts as a perfect prep for that course and certification.
For more information regarding the subject and coverage of the different course modules please refer to the syllabus linked below.
Exam:
The exam is similar in format to the eCIR examination but adds in terms of complexity and knowledge required, if you are comfortable with the labs and course material you should be more than good to go. Btw the exam is a blast and really puts everything mentioned above into practice!
Final conclusion:
In conclusion, this was probably one of my favourite courses from eLS, everything was of high quality and the exam was a blast. Even though the course material is getting old it still holds up and gives a great foundation for more advanced courses and skills.
References
- https://dsxte2q2nyjxs.cloudfront.net/Syllabus_THPV2.pdf