Cyber Security25hrs 56min

Threat Hunting Professional (new)

Delivered via Securetain Premium with hands-on labs, expert-led instruction, and eCTHP-focused prep bundles that keep experiments aligned with the certification timeline.

Labs map directly to the July 2025 eCTHP blueprint so finishers can immediately book the practical exam once hunter-level practice is complete.

Instructors: Brian Olliff +2SecuRetain:eCTHP

Talk to an advisor Back to catalog

Path note

Securetain Premium unlocks the path; eCTHP exam vouchers expire 180 days after purchase and include bundled retakes when paired with the prep program.

Snapshot

At a glance

Delivery: Securetain Premium + immersive lab practice
Certification: Securetain eCTHP (Certified Threat Hunting Professional)
Focus: Network & endpoint hunting + reporting

Overview

Path at a glance

Threat Hunting Professional teaches analysts to hypothesis, instrument telemetry, and hunt stealthy adversaries with a hunter’s mindset rather than a responder’s checklist.

Students pair CTI with MITRE ATT&CK reasoning while operating enterprise stacks (Wireshark, Splunk, ELK, EDR) so every discovery can be traced to an enterprise narrative.

Focus

Focus areas

Step 1
Hypothesis-driven hunting mapped to MITRE ATT&CK and the Cyber Kill Chain so defenders can trace adversaries from reconnaissance to exfiltration.
Step 2
Live hunts that blend CTI enrichment, telemetry correlation, and packet/memory analysis so candidates spot dwell-time strategies across network and endpoint layers.
Step 3
Decision-ready communication built on practical labs using Wireshark, Splunk, ELK, and EDR telemetry plus scenario-based reporting.

Delivery

How this path is delivered

Delivered via Securetain Premium with hands-on labs, expert-led instruction, and eCTHP-focused prep bundles that keep experiments aligned with the certification timeline.

Certification

Exam focus

Securetain eCTHP (Certified Threat Hunting Professional) – scenario-heavy, hands-on exam validating threat-hunting methodology, CTI, network hunting, and endpoint hunting domains.

Curriculum

What you'll cover

Threat Hunting Methodology & Hypothesis Building

Frame hunts with intelligence, build hypotheses, and trace actor behavior through the Cyber Kill Chain.

Threat Intelligence & CTI Enrichment

Correlate open-source and proprietary intelligence with enterprise telemetry to elevate context and fine-tune detections.

Network Threat Hunting

Investigate lateral movement, beaconing, and covert C2 traffic using Wireshark, NetFlow, and ELK dashboards.

Endpoint Threat Hunting

Analyze EDR data, memory artifacts, and persistence vectors to uncover modern adversary techniques before they escalate.

Reporting, Playbooks & Decision Making

Document hunts, brief stakeholders, and finalize recommendations that align with MITRE ATT&CK, CTI narratives, and executive expectations.

Labs

Hands-on practice

Run live hunts inside simulated enterprise environments, correlate alerts to telemetry, and propose containment strategies across the kill chain.
Use Splunk, ELK, and Wireshark to validate detections, tune hunting queries, and spot dwell-time reduction opportunities.
Package findings into eCTHP-style reports that include CTI enrichment, TTP mapping, and actionable remediation.

Skills

Skills you practice

MITRE ATT&CK / Cyber Kill Chain reasoningSIEM/query optimization with Splunk & ELKNetwork telemetry analysis with Wireshark/NetFlowEndpoint telemetry and memory artifact investigationThreat reporting, stakeholder communication, and hunting playbook design

Audience

Ideal learners

Blue or Yellow Team analysts who already understand defensive tooling
SOC analysts and cybersecurity engineers expanding into proactive hunting
Incident responders seeking structured hunting workflows
Security leaders embedding data-driven hunting into SOC playbooks

Availability

What to expect

Securetain Premium unlocks the path; eCTHP exam vouchers expire 180 days after purchase and include bundled retakes when paired with the prep program.