TH-200: Foundational Threat Hunting

TH-200: Foundational Threat Hunting equips learners with the essential skills and mindset to operate on the defensive side of cybersecurity. In today’s threat landscape, defenders must go beyond reactive security measures. Threat hunting is a proactive practice where security professionals seek out and identify threats before they can cause harm.

This course introduces the core concepts, tools, and methodologies used by enterprise defenders to detect, track, and respond to adversaries within networks and endpoints.

Learners will develop key capabilities, including:

• Understanding the threat actor landscape, with a focus on ransomware and Advanced Persistent Threats (APTs)
• Utilizing both network and endpoint Indicators of Compromise (IoCs) for proactive threat detection
• Highlighting the role of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), like Suricata, in monitoring for suspicious activities
• Explorations of various ransomware groups, including LockBit, CLOP, and BlackCat/ALPHV, with examples of how they exploit specific vulnerabilities
• Recognizing custom threat hunting, focusing on behavioral analysis and data correlation to detect advanced threats, using tools like CrowdStrike Falcon

TH-200 is organized into 7 modules with associated hands-on lab experiences and assessment questions. After completion of the content modules and labs, learners can work on a comprehensive Challenge Lab, which brings all of the skills they have learned in the course together and prepares them for the OSTH exam.

TH-200 is for anyone looking to build a strong foundation in threat hunting, including SOC analysts, IT security specialists, and those aiming to transition into specialized cybersecurity roles. While there are no course prerequisites, it is encouraged that learners have some experience in cybersecurity, a solid foundation in TCP/IP networking, and a familiarity with Linux and Windows operating systems.