TH-200: Foundational Threat Hunting
OffSec’s Foundational Threat Hunting (TH-200) equips cybersecurity professionals with the practical skills and knowledge needed to effectively detect and respond to threats. This course covers core threat hunting concepts, exploring the methodologies used by enterprises to track and mitigate adversaries. Key areas include understanding the threat actor landscape, with a focus on ransomware and Advanced Persistent Threats (APTs), and utilizing both network and endpoint Indicators of Compromise (IoCs) for proactive threat detection.
Upon successfully completing the rigorous hands-on exam, participants earn the OSTH – OffSec’s threat hunting certification. This credential demonstrates proficiency in foundational threat hunting practices, positioning certified professionals as valuable assets for roles in threat hunting, SOC analysis, and incident response teams.
Hunt for threats, defend with precision
Topics covered in the Foundational Threat Hunting Course (TH-200)
-
Threat Hunting Concepts and Practices
This module provides an overview of the basic objectives, concepts and practices of cyber threat hunting. It covers how enterprises implement threat hunting and the different stages and types of threat hunts.
-
Threat Actor Landscape Overview
This module provides an overview of different types of threat actors with an emphasis on ransomware actors and Advanced Persistent Threats (APTs). It includes a number of more in-depth discussions of well-known threat actors.
-
Communication and Reporting for Threat Hunters
This module introduces the way in which threat hunters receive and use threat intelligence, and create threat reports. It covers the concept of the Traffic Light Protocol but does not cover IoCs.
-
Hunting with Network Data
This module explores using Network Indicators of Compromise (IoCs) for proactive threat hunting. It highlights the role of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), like Suricata, in monitoring for suspicious activities. Practical methods to identify signs of compromise in networks are covered, followed by hands-on exercises to develop threat detection skills.
-
Hunting on Endpoints
This module provides an introduction to cyber threat hunting utilizing Endpoint IoCs. It covers intelligence-based and hypothesis-based threat hunting as well as considerations that improve the effectiveness of a hunt.
-
Threat Hunting without IoCs
This module teaches threat hunting techniques that don’t rely on known IoCs. It covers custom threat hunting, focusing on behavioral analysis and data correlation to detect advanced threats. Tools like CrowdStrike Falcon are used to apply these methods in practical scenarios.
*Course duration with associated exam: 41 hours
How to enroll
More information
# of Courses
1
Days of lab access
90
# of Exam attempts included
1
20% off for a limited time
More information
# of Courses
1
1
All
Days of lab access
90
365
365
# of Exam attempts included
1
Fundamental content
N/A
PEN-103 & KLCP Exam
N/A
Included
Included
PEN-210 & OWSP Exam
N/A
Included
Included
N/A
Included
Included
Supercharge your cybersecurity career with the OSTH
Kickstart your cybersecurity career with in-demand skills
-
Enhance your cybersecurity expertise TH-200 Foundational Threat Hunting
Equip yourself with the skills top employers demand. Through hands-on labs and expert-led instruction, OffSec’s threat hunting certification builds the essential competencies needed for effective threat hunting, positioning you to excel in roles like SOC analysis, threat hunting, and incident response.
-
Validate your expertise with an industry-recognized certification created by experts in the field
The OffSec Threat Hunting Certified (OSTH) certification verifies your expertise in foundational threat hunting practices, ensuring you stand out in the competitive cybersecurity field and are well-prepared to meet the demands of top employers.
-
Secure your place in the cybersecurity field
With OffSec’s TH-200, you’ll gain the specialized skills needed to address today’s most pressing cyber threats. This course opens doors to advanced roles in threat hunting, security operations, and incident response.
-
Build expertise that makes an impact
Whether you’re advancing in your cybersecurity career or specializing in threat hunting, the OSTH certification equips you with the skills to make a meaningful difference in defending organizations against cyber threats.
Open doors to exciting cybersecurity roles
-
Junior Threat Hunter
Support threat hunting activities, helping to identify and mitigate vulnerabilities within systems.
-
Security Operations Center (SOC) Analyst
Operate within a Security Operations Center, focusing on monitoring and responding to potential security threats.
-
Incident Responder
Investigate security incidents, determine the scope of a breach, contain threats, and lead remediation efforts.
-
IT Security Specialist
Implement and manage security measures, ensuring systems and networks remain secure against threats.
-
Security Consultant (Junior Level)
Assist in security assessments and provide recommendations to enhance organizational defenses.
OffSec certification expiration policy
Starting with certifications new to the market in 2024, OffSec certifications will expire after 3 years, reflecting our commitment to maintaining industry relevance and up-to-date skills. This ensures that certified professionals are always equipped with current knowledge to handle evolving cybersecurity threats.
FAQ
-
What is the OSTH exam?
The OffSec Threat Hunter (OSTH) exam is a proctored, 8-hour hands-on assessment of your foundational threat hunting knowledge and practical skills. You’ll demonstrate your ability to identify, investigate, and respond to security threats in a simulated environment, focusing on real-world scenarios.
-
What format is the OSTH exam in?
The OSTH exam is entirely hands-on. You will be given access to a lab environment and tasked with defending against simulated attacks, showcasing your practical defensive capabilities.
-
Does the OSTH certification expire?
Yes, the OSTH certification expires three years after being awarded. Learners can maintain their OSTH designation by taking the recertification exam or completing the OffSec CPE program.
-
Who is the TH-200 course for?
The TH-200 course is designed for individuals looking to build a strong foundation in threat hunting, including SOC analysts, IT security specialists, and those aiming to transition into specialized cybersecurity roles. It provides comprehensive training in threat hunting methodologies and practical skills.
-
What are the prerequisites for TH-200?
While there are no formal prerequisites, it’s strongly recommended that you have:
- A solid foundation in TCP/IP networking
- Familiarity with Linux and Windows operating systems
- Basic understanding of cybersecurity concepts
All of the above can be found in our Security Operations Essentials Learning Path, available in Learn Enterprise, Learn Unlimited, Learn One, Learn Fundamentals or a Course & Certification Bundle.
-
What competencies will I gain?
Upon completing TH-200 and successfully passing the OSTH exam, you’ll gain a strong foundation in:
- Threat hunting concepts and practices
- Network and endpoint security
- Incident response and threat analysis
- Practical skills for roles in SOC analysis, threat hunting, and IT security
-
How does OffSec support my online journey?
Throughout the online training course, you’ll have access to:
- A virtual lab environment for hands-on practice
- Extensive course information and materials, including videos and exercises
- A vibrant online community of students and OffSec professionals
-
When can I schedule my TH-200 exam?
You can schedule your exam now, but the first available exam dates start on October 15th, 2024.
-
What is the exam retake policy?
For details on exam retakes, please refer to OffSec’s official policies.
-
Can I extend my lab time?
For information on lab extensions, please refer to OffSec’s official policies.
Advance your cybersecurity career with OffSec
-
Establish your foundation
OffSec’s TH-200 equips you with the essential skills and knowledge to excel in threat hunting roles. Whether you’re focused on defending networks or seeking to sharpen your offensive security capabilities, this course is your foundational step in the cybersecurity field.
-
Continue to specialize
If you’re looking to strengthen your blue team capabilities, SOC-200 will build on your threat hunting skills with a focus on security operations and incident response. For those interested in red team roles, such as penetration testing, PEN-200 is the ideal next step, focusing on offensive security techniques.
You can find more information about OffSec’s Learning Paths and Courses at www.offsec.com/learning/paths/ or www.offsec.com/courses-and-certifications/.
-
Hone your cybersecurity skills
Sharpen your skills and stay ahead of the curve by practicing in OffSec’s virtual labs, exploring additional learning paths, and engaging with the OffSec community.
-
Become a cybersecurity expert
Advance into specialized roles like security analyst, penetration tester, security engineer, or security architect by mastering the diverse domains of cybersecurity. With OffSec’s comprehensive training and certifications, you’ll be well-equipped to tackle the ever-evolving challenges of the cybersecurity landscape.
Start learning with OffSec
popular
Course + Cert
Exam Bundle
$1,649/once
The bundle includes 90 days of access to a single course, the associated labs and a single exam attempt.
off
Learn
One
$2,599/year*
$2,079/year*
One year of lab access alongside a single course plus two exam attempts.
access
Learn
Unlimited
$5,799/year*
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.
Learn
Enterprise
Get a quote
Flexible terms and volume discounts available.
New to cybersecurity want to get educated on fundamental content before signing up?
Check out Cyberversity - our free resource library covering essential cybersecurity topics.
Learn more