eCTHPV2 Review
Since I passed the eCTHPv2 from eLearnSecurity, I would like to do a review of my experience with the training itself.
The eCTHPV2 (Certified Threat Hunting Professional) covers a wide range of topics in the threat hunting domain. The course is divided into three modules. The first module focus on the theoretical side of threat hunting includes but not limited to TTP, Mitre ATTACK, IOC, and tools for collecting IOC. I learned how to utilized Redline and Opensource Threat Intelligence platform to collect IOC. The Second Module of the course focus on network traffic and web shell hunting. I learned how to use several tools introduced in the course to hunt insiders, as well as hunting unknown and hidden web shells on the systems. The last module of the course, the most meat part in my opinion, mainly focuses on the SIEM. Both Splunk and ELK with their use cases are heavily covered. The third module also covers hunting in the memory (Volatility and some other tools are introduced), malware hunting, and the methodology of hunting several popular hacking tools (Empire, Responder, WMI abusing, Process Injection, etc.). I really enjoyed the labs in module three. They taught me how to effectively use ELK and Splunk, as well as use tools such as Redline and Volatility to hunt malware in memory. The tool OSQuery is introduced in module three as well. Each lab will have a corresponding solution to guide you through the labs. I really like this kind of setting because some tools and topics I am not familiar with, I can quickly reference the solution. To me, the solution in the labs is more served as an educational purpose. There are much more covered throughout the course and labs besides what I mentioned, and I highly recommend you to explore this amazing course yourself if threat hunting is something that excited you! For a complete list of what’s covered in the course, visit here to get more detail.
Throughout the course, there will be external links that will lead you to the other resources, which will give you a deeper understanding of the particular topic you are learning. I recommend you to go through these external links both in the slides and in the labs. Not only some of them helped me to gain a deeper understanding of the topics, but as well helped my exam.
My favorite part about the eCTHPV2 perhaps is its very practical exam. The exam is challenging yet very fun to play with. You will be given some realistic scenarios to hunt with. You will have 2 days to take the exam and 2 days to write the report. I can’t say much here but I could assure you if you go through all the slides and labs, you will be more than ready to knock the exam out. Especially focus on the labs and some of the external links you see in the course material, they will prepare you well to knock out the exam. Some tips I have for you to be successful in the exam:
- Go through all the course material, labs, and the external links you see
- Read the letter of engagement carefully after the exam starts, at least read twice, and understanding all the requirements
- Take good notes and lots of screenshots
- Format the report nicely
- Google a bit if there is something you are not sure
- Take some good rest if necessary, I had a nice 7 hours sleep after I finished my day 1 hunting :)
Now, I am happy to say I am eCTHPv2 certified. It is not an easy yet rewarding course. I bought this course when eCTHPv2 launched back in March 2020 and nine months later, this will be my last certificate for the year 2020. Thank you eLearnSecurity, Dimitrios Bougioukas, and Slavi Parpulev for this amazing course and the fun exam!
