eCTHP Certification

Certified Threat Hunting Professional

eCTHP is a professional-level certification that proves your threat hunting and threat identification capabilities. Students are tested through real-world scenarios modeled after cutting-edge malware that simulates corporate network vulnerabilities.

eCTHP - Certified Threat Hunting Professional
The Exam
INE Security’s eCTHP is the only certification for Threat Hunters that evaluates your abilities inside a fully featured and real-world environment.

Candidates are provided with a real world engagement within INE’s Virtual Labs. Once valid credentials are provided for the certification platform, the candidate can perform the tests from the comfort of their home or office. An Internet connection and VPN software is necessary to carry out the exam.

Why eCTHP ?

Here are some of the ways Here are some of the ways Certified Threat Hunting Professional certification is different from conventional certification:

  • Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual threat hunt on a corporate network. The examination is modeled after real-world scenarios and cutting-edge malware.
  • Not only are you expected to use advanced methodologies to conduct a thorough threat hunt, you will also be asked to propose defense strategies as part of your evaluation. A skillset like this will make you a valuable asset in the corporate sector.
  • You must provide proof of your findings to pass the eCTHP certification. That means identifying any threats and deploying creative, original thinking during your hunt.

Knowledge Domains
By obtaining the eCTHP, your skills in the following areas will be assessed and certified:

  • Network packet/traffic analysis
  • Data enrichment with Threat Intelligence
  • Data correlation
  • In-depth knowledge of tools such as Wireshark, Redline & IOC editor
  • IOC-based threat hunting
  • Memory analysis/forensics
  • Windows/Linux event analysis
  • Log analysis
  • Detection of any stage of the “Cyber Kill Chain” (Information Gathering, Exploitation, Post-exploitation)

The eCTHP is a certification for individuals with a highly technical understanding of networks, systems and cyber attacks. Everyone can attempt the certification exam, however here are the advised skills necessary for a successful outcome:

  • Letter of engagement and the basics related to a threat hunting engagement
  • Advanced networking concepts
  • Threat hunting processes and methodologies
  • Packet/traffic analysis
  • Enriching data with Threat Intelligence
  • Familiarly with tools such as Wireshark, Redline, IOC editor, Sysmon & Volatility
  • How to detect all stages of the “Cyber Kill Chain”
  • Familiarity with IOC-based hunting
  • Ability in analyzing memory dumps
  • Good understanding of Windows events
  • Ability in analyzing logs
  • Manual threat detection through process analysis
  • Ability in correlating data from various sources

The current version of the eCTHP certification does not have an expiration date.

Certification Process

There are two ways to get certified.

Purchase an INE subscription and take the Threat Hunting Professional learning path.

The Threat Hunting Professional path takes you from a basic-intermediate understanding of penetration testing to a professional level. The Learning Path prepares you for the eCTHP exam with the necessary theory and a number of hands-on practical sessions in Hera Lab. Hera virtual lab in VPN, is the same environment in which you will perform your tests for the eCTHP exam.


Attempt the certification without training

Feel confident in your threat hunting capabilities? INE Security offers certification vouchers for cyber security experts who feel as if they do not need the accompanying training. However, studying for the eCTHP exam by purchasing a subscription to INE’s training is highly recommended. If you’re ready for the exam now, click the link below to purchase your test.

Whether you are attempting the eCTHP certification exam on your own or after having completed our approved learning path, you will need to follow these steps to get a certificate:

Whether you are attempting the certification exam on your own or after completing one of our approved learning paths, you will need to purchase an exam voucher before you can start your certification process. Once you obtain the voucher you will receive login credentials to our Certification area where you will manage the exam, the VPN credentials, and any other materials related to the certification process.
Regular vouchers expire after 180 days from purchase. Before the certification expires, you will have to begin the certification process by clicking on “Begin certification process”. The expiration date will always be available in your certification area and reminder emails are sent to make sure you take advantage of the voucher.

Once you click on the “Begin certification process” button, you will receive an email with instructions regarding the scope of engagement. This letter will contain everything you need to know to take your exam.

Once you have completed the exam portion, it’s time to finalize your report. This should be a commercial grade report proving all of your findings and providing remediation steps for your client. You must submit your report within 4 days from the beginning of the certification process (step 2), in PDF format for review. Keep in mind you will have 2 days in the lab environment

You are awarded the certification after an INE Security instructor carefully reviews your findings and deems your work sufficient. Should you fail the first attempt, you will receive valuable feedback from our instructors. You will then have one free attempt to re-take the certification. You will have 14 days to submit a re-take.

This exam is manually graded. Once submitted, it may take up to 30 business days to receive your results.