Certified Threat Hunting Professional
eCTHP Certification
eCTHP is a professional-level certification that proves your threat hunting and threat identification capabilities. Students are tested through real-world scenarios modeled after cutting-edge malware that simulates corporate network vulnerabilities.
The Exam
INE Security’s eCTHP is the only certification for Threat Hunters that evaluates your abilities inside a fully featured and real-world environment.
About the Certification Exam
Candidates are provided with a real world engagement within INE’s Virtual Labs. Once valid credentials are provided for the certification platform, the candidate can perform the tests from the comfort of their home or office. An Internet connection and VPN software is necessary to carry out the exam.
Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual threat hunt on a corporate network. The examination is modeled after real-world scenarios and cutting-edge malware. Not only are you expected to use advanced methodologies to conduct a thorough threat hunt, you will also be asked to propose defense strategies as part of your evaluation.
Knowledge Domains
The eCTHP is a certification for individuals with a highly technical understanding of networks, systems and cyber attacks. Everyone can attempt the certification exam, however here are the advised skills necessary for a successful outcome:
eCTHP
Knowledge Domains
Threat Hunting Methodology (15%)
Threat Hunting Strategies (15%)
Cyber Threat Intelligence (15%)
Network Threat Hunting (25%)
Endpoint Threat Hunting (30%)
Threat Hunting Methodology (15%)
- Apply foundational threat hunting concepts to evaluate the most effective methods and tools for a given hunting scenario
- Apply industry-standard frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain) to identify and categorize adversary behaviors during threat hunts
- Analyze organizational readiness and assess the maturity level of threat hunting programs using structured methods
Threat Hunting Strategies (15%)
- Evaluate potential threat actors targeting various organizations and analyze common infiltration techniques
- Construct valid and actionable hypotheses to initiate different types of threat hunting activities
- Determine the most effective hunting technique based on current threat intelligence and context
Cyber Threat Intelligence (15%)
- Select the most appropriate type of Cyber Threat Intelligence (CTI) source based on specific hunting scenarios
- Evaluate the credibility and accuracy of Indicators of Compromise (IOCs) and other data in intelligence reports
- Extract relevant and actionable data from CTI sources for use in active threat hunting
- Explain intelligence sharing models and determine appropriate opportunities and methods for sharing threat data
Network Threat Hunting (25%)
- Identify and interpret different types of network-based IOCs relevant to specific threat hunts
- Demonstrate the use of capture and display filters in tools like Wireshark and tcpdump to collect and analyze network traffic
- Use Wireshark to examine packet captures and detect indicators of malicious network activity
- Evaluate packet captures to identify anomalous, suspicious, or malicious network traffic patterns
Endpoint Threat Hunting (30%)
- Use platforms like Splunk and ELK to construct and execute investigations that identify specific IOCs and TTPs in endpoint logs
- Detect hidden malicious processes and behaviors on Windows and Linux endpoints through targeted analysis
- Distinguish between legitimate and malicious files, processes, registry entries, and scheduled tasks in Windows environments
- Build and optimize queries to trace potential malicious activity across stages of the Cyber Kill Chain
Who It’s For
The eCTHP is a certification for cybersecurity professionals with intermediate experience in defense security (blue or yellow teaming).
Get eCTHP Certified
To take the eCTHP exam, you’ll need both an INE subscription and an exam voucher.
The Process
Whether you are attempting the eCTHP certification exam on your own or after having completed our approved learning path, you will need to follow these steps to get a certificate:
The eCTHP certification is valid for three years from the date it is awarded. Stay current with your skills and maintain your credential through flexible renewal options designed to fit your schedule.
Have a eCTHP Voucher Purchased Before: June 19, 2025?
The previous version of the exam is being retired.