MTH - Certified Threat Hunter

Overview:

  • Capture digital forensics artefacts in large-scale enterprise networks and index them for threat hunting
  • Hunt for cyber adversaries that have bypassed/avoided/defeated enterprise security solutions using Python and YARA
  • Rapidly analyse suspicious binaries to confirm whether they are malware or not
  • Align your approach and methodology to the MITRE ATT&CK Matrix
  • Practice threat hunting against thousands of machines and gigabytes worth of malware samples

Threat Hunter Certification Programme:

Students must successfully complete MCSI’s Threat Hunting Fusion Course and its 100 practical exercises in our Online Learning Platform prior to undertaking the Final Online Assessment to obtain this certification:

Final Online Assessment:

The final assessment is a set of online challenges.

Career Outcomes:

Students who have successfully achieved their MTH Certification can apply for Junior and Intermediate Threat Hunter jobs worldwide, with the confidence that they have the competencies the industry is seeking for these roles.

As an MSCI Certified Threat Hunter you will be ready to perform the following:

  1. Capture digital forensics logs in large-scale computer networks:
    • Using open-source tools to capture snapshots of workstations and servers
    • Capturing the physical memory (RAM)
    • Capturing Windows Event Logs
    • Configuring Windows systems to log key security event courses for digital forensics purposes
    • Extracting malicious payloads from Microsoft Office and PDF documents
    • Knowledge of the key Windows components: processes, registry keys, services, scheduled tasks, event logs, etc.
  2. Using Python to hunt for indicators of compromise at scale:
    • 15 practical threat hunting exercises of various difficulties: novice, advanced beginner, competent and proficient
    • Hundreds of IOCs to detect across the entire MITRE ATT&CK Matrix:
      • Initial Entry
      • Execution
      • Persistence
      • Privilege Escalation
      • Defence Evasion
      • Credential Access
      • Discovery
      • Lateral Movement
      • Collection
      • Command and Control
      • Exfiltration
  3. Use YARA to hunt for malicious binaries at scale:
    • Build a “goodware” dataset and a malware dataset
    • Learn how to use YARA’s professionally and many of its pattern matching techniques
    • Detect obfuscated binaries
    • Detect exploits, vulnerabilities, shellcode and zero-days
    • Identify new malware samples based on features
    • Increase the speed of incident response
    • Build your own private anti-virus software using retro-hunting
  4. Perform deep-dive digital forensics investigations and write rapid incident response reports:
    • Investigating suspicious SSH tunnels
    • Investigating privilege escalation attacks
    • Detecting persistence techniques and entries
    • Investigating multiple password dumping attack techniques

Why MCSI’s Red Teamer Certification is World Class:

  • World-Class Requirements Met Are Above Standard: Holders of the MTH Certification have completed 100 practical online exercises thus demonstrating that they have the skills and knowledge required to perform professional threat hunting engagements in any network environment – no matter the scale. Students take an average of 6 months to complete these exercises.
  • Data Science Focused: Students who have obtained this Certification have demonstrated that they have a full understanding of the threat hunting process and methodology using data science techniques. These techniques are 100% convertible to any enterprise security solution.
  • Programming Orientated: Many of the challenges that students must pass to obtain this certification require students to write software in Python, YARA and PowerShell. This guarantees that threat hunter certified by MCSI understand how exactly how threat hunting works and do not solely require on automated tools.

Threat Hunting Fusion Course