TH-200: Foundational Threat Hunting

TH-200: Foundational Threat Hunting

OffSec’s Foundational Threat Hunting (TH-200) equips cybersecurity professionals with the practical skills and knowledge needed to effectively detect and respond to threats. This course covers core threat hunting concepts, exploring the methodologies used by enterprises to track and mitigate adversaries. Key areas include understanding the threat actor landscape, with a focus on ransomware and Advanced Persistent Threats (APTs), and utilizing both network and endpoint Indicators of Compromise (IoCs) for proactive threat detection.

Upon successfully completing the rigorous hands-on exam, participants earn the OffSec Threat Hunter (OSTH) certification. This credential demonstrates proficiency in foundational threat hunting practices, positioning certified professionals as valuable assets for roles in threat hunting, SOC analysis, and incident response teams.

OSTH Certification Badge

Hunt for threats, defend with precision

Develop the practical skills essential for a successful role in threat hunting with TH-200. Master the ability to identify malicious activity, analyze attack patterns, and detect sophisticated threats in complex environments. Learn to cut through the noise and act decisively to protect critical systems.

Topics covered in the Foundational Threat Hunting Course (TH-200)

  • Threat Hunting Concepts and Practices

    This modules provides an overview of the basic objectives, concepts and practices of threat hunting. It covers how enterprises implement threat hunting and the different stages and types of threat hunts.

  • Threat Actor Landscape Overview

    This module provides an overview of different types of threat actors with an emphasis on ransomware actors and Advanced Persistent Threats (APTs). It includes a number of more in-depth discussions of well-known threat actors.

  • Communication and Reporting for Threat Hunters

    This module introduces the way in which threat hunters receive and use threat intelligence, and create threat reports. It covers the concept of the Traffic Light Protocol but does not cover IoCs.

  • Hunting with Network Data

    This module explores using Network Indicators of Compromise (IoCs) for proactive threat hunting. It highlights the role of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), like Suricata, in monitoring for suspicious activities. Practical methods to identify signs of compromise in networks are covered, followed by hands-on exercises to develop threat detection skills.

  • Hunting on Endpoints

    This module provides an introduction to threat hunting utilizing Endpoint IoCs. It covers intelligence-based and hypothesis-based threat hunting as well as considerations that improve the effectiveness of a hunt.

  • Threat Hunting with IoCs

    This module teaches threat hunting techniques that don’t rely on known IoCs. It covers custom threat hunting, focusing on behavioral analysis and data correlation to detect advanced threats. Tools like CrowdStrike Falcon are used to apply these methods in practical scenarios.

*Course duration with associated exam: 41 hours

How to enroll today

Most
popular

Course + Certification Exam Bundle

Course + Cert
Exam Bundle

$1,649

One-time payment

More information

# of Courses

1

Days of lab access

90

# of Exam attempts included

1

Best
value

Learn One

Learn
One

$2,599/year

Billed annually*

More information

# of Courses

1

Days of lab access

365

# of Exam attempts included

2

Fundamental content

Unlimited

Fundamental learning paths and assessments

Included

PEN-103 & KLCP Exam

Included

PEN-210 & OWSP Exam

Included

All
access

Learn Unlimited

Learn
Unlimited

$5,799/year

Billed annually*

More information

Recommended # of learners

2-9

# of Exam attempts included

Unlimited

Subscription Term

Annual

OffSec Learning Library Access

All access

Labs for every course

Included

# of Courses

All

Days of lab access

365

Fundamental content

Unlimited

PEN-103 & KLCP Exam

Included

PEN-210 & OWSP Exam

Included

# of Courses

1

1

All

Days of lab access

90

365

365

# of Exam attempts included

1

2

Fundamental content

N/A

PEN-103 & KLCP Exam

N/A

Included

Included

PEN-210 & OWSP Exam

N/A

Included

Included

N/A

Included

Included

Financing is now available through Climb Credit with as little as 0% APR and up to 36 monthly payments, excluding Learn Unlimited. State exclusions may apply. Learn more.

Once started, 90 day lab access cannot be paused.

Buying for a team?

Supercharge your cybersecurity career with the OSTH

Kickstart your cybersecurity career with in-demand skills

  • Enhance your cybersecurity expertise TH-200 Foundational Threat Hunting

    Equip yourself with the skills top employers demand. Through hands-on labs and expert-led instruction, OffSec’s TH-200 builds the essential competencies needed for effective threat hunting, positioning you to excel in roles like SOC analysis, threat hunting, and incident response.

  • Validate your expertise with an industry-recognized certification created by experts in the field

    The OffSec Threat Hunting Certified (OSTH) certification verifies your expertise in foundational threat hunting practices, ensuring you stand out in the competitive cybersecurity field and are well-prepared to meet the demands of top employers.

  • Secure your place in the cybersecurity field

    With OffSec’s TH-200, you’ll gain the specialized skills needed to address today’s most pressing cyber threats. This course opens doors to advanced roles in threat hunting, security operations, and incident response.

  • Build expertise that makes an impact

    Whether you’re advancing in your cybersecurity career or specializing in threat hunting, the OSTH certification equips you with the skills to make a meaningful difference in defending organizations against cyber threats.

Open doors to exciting cybersecurity roles

  • Junior Threat Hunter

    Support threat hunting activities, helping to identify and mitigate vulnerabilities within systems.

  • Security Operations Center (SOC) Analyst

    Operate within a Security Operations Center, focusing on monitoring and responding to potential security threats.

  • Incident Responder

    Investigate security incidents, determine the scope of a breach, contain threats, and lead remediation efforts.

  • IT Security Specialist

    Implement and manage security measures, ensuring systems and networks remain secure against threats.

  • Security Consultant (Junior Level)

    Assist in security assessments and provide recommendations to enhance organizational defenses.

OffSec certification expiration policy

Starting with certifications new to the market in 2024, OffSec certifications will expire after 3 years, reflecting our commitment to maintaining industry relevance and up-to-date skills. This ensures that certified professionals are always equipped with current knowledge to handle evolving cybersecurity threats.

FAQ

  • What is the OSTH exam?

    The OffSec Threat Hunter (OSTH) exam is a proctored, 8-hour hands-on assessment of your foundational threat hunting knowledge and practical skills. You’ll demonstrate your ability to identify, investigate, and respond to security threats in a simulated environment, focusing on real-world scenarios.

  • What format is the OSTH exam in?

    The OSTH exam is entirely hands-on. You will be given access to a lab environment and tasked with defending against simulated attacks, showcasing your practical defensive capabilities.

  • Does the OSTH certification expire?

    Yes, the OSTH certification expires three years after being awarded. Learners can maintain their OSTH designation by taking the recertification exam or completing the OffSec CPE program.

  • Who is the TH-200 course for?

    The TH-200 course is designed for individuals looking to build a strong foundation in threat hunting, including SOC analysts, IT security specialists, and those aiming to transition into specialized cybersecurity roles. It provides comprehensive training in threat hunting techniques and practical skills.

  • What are the prerequisites for TH-200?

    While there are no formal prerequisites, it’s strongly recommended that you have:

    • A solid foundation in TCP/IP networking
    • Familiarity with Linux and Windows operating systems
    • Basic understanding of cybersecurity concepts

    All of the above can be found in our Security Operations Essentials Learning Path, available in Learn Enterprise, Learn Unlimited, Learn One, Learn Fundamentals or a Course & Certification Bundle.

  • What competencies will I gain?

    Upon completing TH-200 and successfully passing the OSTH exam, you’ll gain a strong foundation in:

    • Threat hunting concepts and practices
    • Network and endpoint security
    • Incident response and threat analysis
    • Practical skills for roles in SOC analysis, threat hunting, and IT security
  • How does OffSec support my online journey?

    Throughout the online training course, you’ll have access to:

    • A virtual lab environment for hands-on practice
    • Extensive course information and materials, including videos and exercises
    • A vibrant online community of students and OffSec professionals
  • When can I schedule my TH-200 exam?

    You can schedule your exam now, but the first available exam dates start on October 15th, 2024.

  • What is the exam retake policy?

    For details on exam retakes, please refer to OffSec’s official policies.

  • Can I extend my lab time?

    For information on lab extensions, please refer to OffSec’s official policies.

Advance your cybersecurity career with OffSec

  • Establish your foundation

    OffSec’s TH-200 equips you with the essential skills and knowledge to excel in threat hunting roles. Whether you’re focused on defending networks or seeking to sharpen your offensive security capabilities, this course is your foundational step in the cybersecurity field.

  • Continue to specialize

    If you’re looking to strengthen your blue team capabilities, SOC-200 will build on your threat hunting skills with a focus on security operations and incident response. For those interested in red team roles, such as penetration testing, PEN-200 is the ideal next step, focusing on offensive security techniques.
    You can find more information about OffSec’s Learning Paths and Courses at www.offsec.com/learning/paths/ or www.offsec.com/courses-and-certifications/.

  • Hone your cybersecurity skills

    Sharpen your skills and stay ahead of the curve by practicing in OffSec’s virtual labs, exploring additional learning paths, and engaging with the OffSec community.

  • Become a cybersecurity expert

    Advance into specialized roles like security analyst, penetration tester, security engineer, or security architect by mastering the diverse domains of cybersecurity. With OffSec’s comprehensive training and certifications, you’ll be well-equipped to tackle the ever-evolving challenges of the cybersecurity landscape.

Most
popular

Course & Cert <br /> Exam Bundle Course & Cert <br /> Exam Bundle

Course & Cert
Exam Bundle

$1,649/once

The bundle includes 90 days of access to a single course, the associated labs and a single exam attempt.

Best
value

Learn <br/>One Learn <br/>One

Learn
One

$2,599/year*

One year of lab access alongside a single course plus two exam attempts.

All
access

Learn <br/>Unlimited Learn <br/>Unlimited

Learn
Unlimited

$5,799/year

Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.

Large teams

Learn <br/>Enterprise Learn <br/>Enterprise

Learn
Enterprise

Get a quote

Flexible terms and volume discounts available.

learn-one

Learn One is an annual subscription for individuals and organizations who want to enroll in a single course and ultimately earn an OffSec certification. Learn One includes one course of your choice, two cert exam attempts, hands-on lab access, and all Learn Fundamentals content.

What’s included

1 year of access to the course of your choice

2 exam attempts during your subscription

365 days of lab access

1 year of unlimited access to all fundamental content and OffSec curated Learning Paths

PEN-103 + 1 KLCP exam attempt

PEN-210 + 1 OSWP exam attempt

1 download of course material

Financing for Learn Fundamentals and Learn One now available through Climb Credit with as little as 0% APR and up to 36 monthly payments.

State exclusions may apply. Learn more.

Graduation cap icon colored in with a gradient fading from purple to teal

New to cybersecurity want to get educated on fundamental content before signing up?

Check out Cyberversity - our free resource library covering essential cybersecurity topics.

Learn more