Certified Threat Hunting Professional

eCTHP Certification

eCTHP is a professional-level certification that proves your threat hunting and threat identification capabilities. Students are tested through real-world scenarios modeled after cutting-edge malware that simulates corporate network vulnerabilities.

Start Learning Buy eCTHP + Premium Bundle

The Exam

INE Security’s eCTHP is the only certification for Threat Hunters that evaluates your abilities inside a fully featured and real-world environment.

About the Certification Exam

Candidates are provided with a real world engagement within INE’s Virtual Labs. Once valid credentials are provided for the certification platform, the candidate can perform the tests from the comfort of their home or office. An Internet connection and VPN software is necessary to carry out the exam.

Network Packet/Traffic Analysis

Memory Analysis/Forensics

Data Enrichment and Correlation

IOC-Based Threat Hunting

Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual threat hunt on a corporate network. The examination is modeled after real-world scenarios and cutting-edge malware. Not only are you expected to use advanced methodologies to conduct a thorough threat hunt, you will also be asked to propose defense strategies as part of your evaluation.

Knowledge Domains

The eCTHP is a certification for individuals with a highly technical understanding of networks, systems and cyber attacks. Everyone can attempt the certification exam, however here are the advised skills necessary for a successful outcome:

eCTHP

Knowledge Domains

Threat Hunting Methodology (15%)

Threat Hunting Strategies (15%)

Cyber Threat Intelligence (15%)

Network Threat Hunting (25%)

Endpoint Threat Hunting (30%)

Threat Hunting Methodology (15%)

Apply foundational threat hunting concepts to evaluate the most effective methods and tools for a given hunting scenario
Apply industry-standard frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain) to identify and categorize adversary behaviors during threat hunts
Analyze organizational readiness and assess the maturity level of threat hunting programs using structured methods

Threat Hunting Strategies (15%)

Evaluate potential threat actors targeting various organizations and analyze common infiltration techniques
Construct valid and actionable hypotheses to initiate different types of threat hunting activities
Determine the most effective hunting technique based on current threat intelligence and context

Cyber Threat Intelligence (15%)

Select the most appropriate type of Cyber Threat Intelligence (CTI) source based on specific hunting scenarios
Evaluate the credibility and accuracy of Indicators of Compromise (IOCs) and other data in intelligence reports
Extract relevant and actionable data from CTI sources for use in active threat hunting
Explain intelligence sharing models and determine appropriate opportunities and methods for sharing threat data

Network Threat Hunting (25%)

Identify and interpret different types of network-based IOCs relevant to specific threat hunts
Demonstrate the use of capture and display filters in tools like Wireshark and tcpdump to collect and analyze network traffic
Use Wireshark to examine packet captures and detect indicators of malicious network activity
Evaluate packet captures to identify anomalous, suspicious, or malicious network traffic patterns

Endpoint Threat Hunting (30%)

Use platforms like Splunk and ELK to construct and execute investigations that identify specific IOCs and TTPs in endpoint logs
Detect hidden malicious processes and behaviors on Windows and Linux endpoints through targeted analysis
Distinguish between legitimate and malicious files, processes, registry entries, and scheduled tasks in Windows environments
Build and optimize queries to trace potential malicious activity across stages of the Cyber Kill Chain

Who It’s For

The eCTHP is a certification for cybersecurity professionals with intermediate experience in defense security (blue or yellow teaming).

Get eCTHP Certified

To take the eCTHP exam, you’ll need both an INE subscription and an exam voucher.

New to INE? Get started with one of these options:

Get Voucher for 50% off

INE Premium Subscription

The INE Premium subscription offers the updated Threat Hunting Professional Learning Path, built for intermediate-level Blue/Yellow Teamers with experience in defensive security. It prepares you to take the eCTHP exam through a blend of expert-led courses and practical lab time. When you’ve completed the learning path, you’re ready for the exam!

Get Certified

eCTHP Voucher Included

eCTHP + Prep Bundle

3 months of access to all INE training to prepare you for the eCTHP and more.

Buy My Voucher

Already a subscriber?

The eCTHP Certification Exam Voucher can only be purchased with an INE Premium Subscription. If you already have a subscription, you can buy your voucher now! We encourage everyone to complete the Threat Hunting Professional Learning Path before attempting the certification exam.

The Process

Whether you are attempting the eCTHP certification exam on your own or after having completed our approved learning path, you will need to follow these steps to get a certificate:

Shop Certification Vouchers

To earn the eCTHP Certification, follow these steps:

Purchase a certification exam voucher

Whether you are attempting the certification exam on your own or after completing one of our approved learning paths, you will need to purchase an exam voucher before you can start your certification process. Once you obtain the voucher you will receive login credentials to our Certification area where you will manage the exam, the VPN credentials, and any other materials related to the certification process.

Begin the certification process

Regular vouchers expire after 180 days from purchase. Before the certification expires, you will have to begin the certification process by clicking on “Begin certification process”. The expiration date will always be available in your certification area and reminder emails are sent to make sure you take advantage of the voucher.

Take your exam

Follow the certification instructions and complete the exam within the allotted time. If technical issues are encountered at any time during the exam, please email support@ine.com for assistance.

Receive your results

Results are on an auto-graded system. This means results will be delivered within a few hours after completing the exam. The eCPPT score report will show performance metrics in each section of the exam, allowing reflection on mastery of each exam objective. All passing score credentials will be valid for three years from the date they were awarded.

The eCTHP certification is valid for three years from the date it is awarded. Stay current with your skills and maintain your credential through flexible renewal options designed to fit your schedule.

Have a eCTHP Voucher Purchased Before: June 19, 2025?

The previous version of the exam is being retired.

Still have a voucher?

You can use your existing eCTHP exam voucher through January 2026.

Take the previous exam now

Want to switch to the new exam?

You may be eligible to exchange your old voucher for a new exam voucher.

Check voucher exchange options