Cyber Threat Hunting Training Boot Camp

The IACRB Certified Cyber Threat Hunting Professional (CCTHP) is designed to certify that candidates have expert level knowledge and skills in cyber threat identification and threat hunting.

Award-Winning Training

For 20 years InfoSec has been one of the most awarded and trusted information security training vendors — 40+ industry awards!

Exam Pass Guarantee

We offer peace of mind with our Exam Pass Guarantee for Flex Pro students.

Track Record of Success

Infosec training courses have received 10,000+ 5-star reviews from our students!

Cyber Threat Hunting Course Overview

The Internet is the new digital frontier, and like any frontier, it has a hundred things waiting to attack you. But sitting quietly and waiting to be jumped isn’t the style of a real professional. Sharpen your skills and learn to hunt the threat on its own turf with Infosec’s Cyber Threat Hunting boot camp.

This immersive three-day course will teach you about the latest tactics and tools used in the fight against hackers and cyber-attackers. Taught by industry professionals who have served as penetration testers, incident responders and computer forensic investigators, the Cyber Threat Hunting boot camp covers security analysis, establishing a secure threat-hunting setup, successful hunt patterns and liaising with security operations center personnel to cover all angles of attack while the threat is ongoing. The Cyber Threat Hunting boot camp course will prepare you for the IACRB Certified Cyber Threat Hunting Professional (CCTHP) certification exam.

Threats are evolving — and so are you. Take your security skills to the next level with Infosec.

Red Team, Blue Team — or Both?

Learn to identify, hunt down and analyze threats in this exclusive Cyber Threat Hunting course.

Learn to attack and think like a criminal in its sister course, Red Team Operations. When combined, you’ll have both an offensive and defensive understanding of security — and a more holistic view of the cyber threat landscape.

Award-winning training that you can trust.

Outstanding Partnership Award

Gold Winner

Best Cybersecurity Education Provider

Publisher's Choice

Security Training for Infosec Professionals

Top 20 Company

IT Training

Watch List Company

Top Online Learning Library

The Most Flexible Training — Guaranteed

Exam Pass Guarantee — If you don’t pass your exam on the first attempt, get a second attempt for free; includes the ability to re-sit the course for free for up to one year

100% Satisfaction Guarantee — If you’re not 100% satisfied with your training at the end of the first day, you may enroll in a different Flex Pro or Flex Classroom course

Knowledge Transfer Guarantee — If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year

What Will You Learn in this Course?

After attending the Cyber Threat Hunting boot camp, you will have sufficient knowledge and skills to be able to:

  • Think tactically regarding cyber-threat defense
  • Use threat intelligence to form your own hypotheses and begin the hunt
  • Anticipate and hunt down threats in your organization’s systems
  • Inspect network information to identify dangerous traffic
  • Understand the Hunting Maturity Model to measure your organization’s hunting capability
  • Learn how to find and investigate malware, phishing, lateral movement, data exfiltration and other common threats
  • Build an effective threat hunting solution based on open-source tools, such as OSQuery and Salt Open

What's Included?

  • Cyber Threat Hunting boot camp – 3 days
  • Infosec custom digital CCTHP courseware (physical textbooks available to purchase)
  • CCTHP exam voucher
  • Detailed reporting on exam readiness via your Flex Center (Flex Pro)
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee (Flex Pro)
  • Add-on: Video replays of daily lessons


  • - Understanding of fundamental information security concepts

  • - Working knowledge of networking devices and protocols

  • - Exposure to pentesting and network monitoring tools and methodologies

  • - Basic knowledge of Linux and Windows command line

Who Should Attend?

Understanding the process of threat hunting is useful to any number of different jobs and teams. Our Cyber Threat Hunting boot camp would be perfect for anyone who wants to know more about threat hunting and the current threat landscape, such as:

  • Penetration testers
  • Red Team members and other white hats
  • Incident-response team members
  • Security analysts
  • Engineers specializing in network security or IT
  • Security consultants and auditors
  • Managers wanting to create threat-hunting teams within their own companies

Infosec Flex Center: Your Personalized Learning Experience

Learn More

Why Choose Infosec?

Industry-Leading Exam Pass Rates — 93% of our students pass their certification exams on their first attempt

Training to Fit Your Schedule — In addition to Flex Pro, the highest-quality live online training in the industry, Infosec offers Flex Classroom training around the country and learn-at-your-own pace Flex Basic courses

Experienced Instructors — Infosec instructors have at least 10 years of industry training experience and are professionals with active roles in the industry

Most Thorough Exam Prep Services Available — Students get free exam readiness testing through as well as advanced access to all course materials

Hands-on Labs and Exercises

Hunt cyber threats with our practical exercises that present realistic attack scenarios. Practice threat hunting on our virtualized environment that simulates a full range of servers and services used in a real company. Learn how to hunt down various network- and host-based threats, gather and analyze logs and event data, capture memory dump and search for malware activity and build your own threat hunting tool. The after-class CTF (Capture The Flag) exercises allow you to put everything you’ve learned together by hunting cyber threats on your own.

CCTHP Certification Details

The IACRB Certified Cyber Threat Hunting Professional (CCTHP) is designed to certify that candidates have expert level knowledge and skills in cyber threat identification and threat hunting.

The CCTHP body of knowledge consists of five domains covering the responsibilities of a cyber threat hunter. The certification exam is a 50-question, traditional multiple-choice test. Questions are randomly pulled from a master list and must be completed in two hours. The five CCTHP domains are:

  1. Cyber threat hunting definition and goals
  2. Cyber threat hunting methodologies and techniques
  3. Hunting for network-based cyber threats
  4. Hunting for host-based cyber threats
  5. Cyber threat hunting technologies and tools

A 70% is the passing score for the CCTHP exam.

What Our Students Are Saying

Without any question, InfoSec has the most gifted individual instructors. Our instructor for this class was both an excellent educator and a premier/world class security expert. He was able to clearly explain and impart to the students, the most complicated security techniques I have ever heard of or imagined. I simply can not find the words to recommend him and Infosec security training more highly.

John Hollan GE

Advanced Ethical Hacking Training Boot Camp

Our Major Clients

Cyber Threat Hunting Course Syllabus

    Our instructors give you 100% of their time and dedication to ensure that your time is well spent. You receive an immersive experience with no distractions! The typical daily schedule is:

    • Module 1 — Introduction to cyber threat hunting
      • What is threat hunting?
      • Assumption of breach
      • The concept of active defense
      • Role of threat hunting in organizational security program
      • Threat hunting benefits
    • Module 2 — Threat hunting process
      • Preparing for the hunt: the hunter, the data, the tools
      • Creating a context-based hypothesis
      • Starting the hunt (confirming the hypothesis)
      • Responding to the attack
      • Lessons learned
    • Module 3 — Threat hunting methodologies
      • The Crown Jewel Analysis (CJA)
      • Cyber threat patterns and signatures
      • Utilizing threat intelligence
      • Threat hunting hypotheses: intelligence-driven, awareness-driven, analytics-driven
    • Module 4 — Threat hunting techniques
      • Searching
      • Cluster analysis
      • Grouping
      • Stack counting
    • Module 5 — Preparing for the hunt
      • What data do you need and how to get it?
      • Host and network visibility
      • Data gathering and analysis tools
      • Commercial and open-source threat-hunting solutions
    • Module 6 — The hunt is on
      • What threats can be hunted?
      • Introduction to IOCs and artifacts
      • IOCs and IOAs
      • Cyber kill chain
    • Module 7 — Hunting for network-based threats
      • Network hunting overview (networking concepts, devices and communications, hunting tools)
      • Hunting for suspicious DNS requests and geographic abnormalities
      • Hunting for DDoS Activity
      • Hunting for suspicious domains, URLs and HTML responses
      • Hunting for irregular traffic: misused protocols, port-application mismatches, web shells and other threats
    • Module 8 — Hunting for host-based threats
      • Endpoint hunting overview (Windows and Linux processes, file systems, registry, hunting tools)
      • Malware (types, common activities, AV evasion, detection and analysis tools and methods)
      • Hunting for irregularities in processes
      • Hunting for registry and system file changes
      • Hunting for filenames and hashes
      • Hunting for abnormal account activity (brute-force attacks, privileged accounts)
      • Hunting for swells in database read volume
      • Hunting for unexpected patching of systems
    • Module 9 — Utilizing system and security event data
      • Event logs and IDs
      • Logging on Windows and Linux
      • SIEM
      • Using event data during hunts
    • Module 10 — Advanced threat hunting concepts
      • OODA (Observe, Orient, Decide, Act) loop
      • Going beyond IOCs: hunting for advanced threats
      • Chokepoint monitoring
      • Deceptive technologies
      • Developing an effective threat-hunting program
      • Building customized threat-hunting tools
      • Threat hunting best practices and resources

    View Pricing

    We will never share any of your information, spam you or annoy you with pushy sales pitches.

    Book your course

      Ready to get started? Get instant pricing for this award-winning boot camp. View course pricing
      View instant course pricing