MTH - Certified Threat Hunter


MCSI Certification Programs are truly worldclass with cutting-edge content that offers you uniquely-designed, hands-on practical and challenging exercises that teach skills immediately applicable in the field towards benefiting career advancement.

This Certification has no expiry date, no renewal fees, no hidden fees, and is accessible with no time limits.

MCSI Certified Threat Hunter:
  • Capture digital forensics artefacts in large-scale enterprise networks and index them for threat hunting
  • Hunt for cyber adversaries that have bypassed/avoided/defeated enterprise security solutions using Python and YARA
  • Rapidly analyse suspicious binaries to confirm whether they are malware or not
  • Align your approach and methodology to the MITRE ATT&CK Matrix
  • Practice threat hunting against thousands of machines and gigabytes worth of malware samples

Career Outcomes

Students who have successfully achieved their MTH Certification can apply for Threat Hunter jobs worldwide, with the confidence that they have the competencies the industry is seeking for these roles.

Training Curriculum and Online Assessment

Students must successfully complete 100 practical exercises in MCSI's Online Learning Platform (OLP) prior to undertaking the Final Online Assessment to obtain this Certification.

As an MCSI Certified Threat Hunter you will be fully capable of performing the following::

  1. Capture digital forensics logs in large-scale computer networks:
    • Using open-source tools to capture snapshots of workstations and servers
    • Capturing the physical memory (RAM)
    • Capturing Windows Event Logs
    • Configuring Windows systems to log key security event courses for digital forensics purposes
    • Extracting malicious payloads from Microsoft Office and PDF documents
    • Knowledge of the key Windows components: processes, registry keys, services, scheduled tasks, event logs, etc.
  2. Using Python to hunt for indicators of compromise at scale:
    • 15 practical threat hunting exercises of various difficulties: novice, advanced beginner, competent and proficient
    • Hundreds of IOCs to detect across the entire MITRE ATT&CK Matrix:
      • Initial Entry
      • Execution
      • Persistence
      • Privilege Escalation
      • Defence Evasion
      • Credential Access
      • Discovery
      • Lateral Movement
      • Collection
      • Command and Control
      • Exfiltration
  3. Use YARA to hunt for malicious binaries at scale:
    • Build a “goodware” dataset and a malware dataset
    • Learn how to use YARA’s professionally and many of its pattern matching techniques
    • Detect obfuscated binaries
    • Detect exploits, vulnerabilities, shellcode and zero-days
    • Identify new malware samples based on features
    • Increase the speed of incident response
    • Build your own private anti-virus software using retro-hunting
  4. Perform deep-dive digital forensics investigations and write rapid incident response reports:
    • Investigating suspicious SSH tunnels
    • Investigating privilege escalation attacks
    • Detecting persistence techniques and entries
    • Investigating multiple password dumping attack techniques


"Finding good Threat Hunting training is more difficult than actual Threat Hunting. I discovered MCSI and the MTH Certification which included quite challenging exercises. It was well worth it! My team has produced world-class outcomes with the advanced skills gained from MCSI’s practical Threat Hunting training."

Head of Threat Hunting, Financial Services

"The best Threat Hunting training I have done! I am an experienced Threat Hunter, and the MTH still found a way to advance my existing skillset. The exercises get progressively more difficult with each more challenging than the next, but each teaches a new skill that I use in my job. Thank you, MCSI."

Senior Threat Hunter, Retail Industry

“The MTH is the best way to continually train my team to detect unknown APTs on a network. I went through the training myself, so I can say that the curriculum is quite challenging in the best way. It’s self-paced, with quick instructor answers to any questions. This course allowed us as a team to grow at a pace that is suited to our environment. The exercises are world-class at teaching techniques that can be transferred from the training to our daily operations.”

Threat Hunting Lead, Financial Services

Why MCSI’s Red Teamer Certification is World Class

  • World-Class Requirements Met Are Above Standard: Holders of the MTH Certification have completed 100 practical online exercises thus demonstrating that they have the skills and knowledge required to perform professional threat hunting engagements in any network environment – no matter the scale. Students take an average of 6 months to complete these exercises.
  • Data Science Focused: Students who have obtained this Certification have demonstrated that they have a full understanding of the threat hunting process and methodology using data science techniques. These techniques are 100% convertible to any enterprise security solution.
  • Programming Oriented: Many of the challenges that students must pass to obtain this certification require students to write software in Python, YARA and PowerShell. This guarantees that threat hunter certified by MCSI understand how exactly how threat hunting works and do not solely require on automated tools.

Course Overview