TH-200: Foundational Threat Hunting (OSTH)

  • Learn threat hunting basic concepts and skills, including using common tools like CrowdStrike Falcon and Splunk to detect network and endpoint Indicators of Compromise (IoCs) and respond to threats
  • Earn the OffSec Threat Hunter (OSTH) certification upon passing the exam
Google 4.8/5 Average Rating
800+ Learners
Industry Recognized
Certification Body Offensive Security
Delivery Profice
Lowest price guaranteed
Slef Paced Learning - 90 Days Access
€1950
Excl. VAT
Self Paced Learning - 365 Days Access
€3000
Excl. VAT
  • Exam voucher
  • Hands-on labs
  • Certificate
  • Lifetime support
  • Official courseware

Flexible payment — invoice, card or PayPal

About This Course

TH-200: Foundational Threat Hunting equips learners with the essential skills and mindset to operate on the defensive side of cybersecurity. In today’s threat landscape, defenders must go beyond reactive security measures. Threat hunting is a proactive practice where security professionals seek out and identify threats before they can cause harm.

This course introduces the core concepts, tools, and methodologies used by enterprise defenders to detect, track, and respond to adversaries within networks and endpoints.

Learners will develop key capabilities, including:

  • Understanding the threat actor landscape, with a focus on ransomware and Advanced Persistent Threats (APTs)
  • Utilizing both network and endpoint Indicators of Compromise (IoCs) for proactive threat detection
  • Highlighting the role of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), like Suricata, in monitoring for suspicious activities
  • Explorations of various ransomware groups, including LockBit, CLOP, and BlackCat/ALPHV, with examples of how they exploit specific vulnerabilities
  • Recognizing custom threat hunting, focusing on behavioral analysis and data correlation to detect advanced threats, using tools like CrowdStrike Falcon

TH-200 is organized into 7 modules with associated hands-on lab experiences and assessment questions. After completion of the content modules and labs, learners can work on a comprehensive Challenge Lab, which brings all of the skills they have learned in the course together and prepares them for the OSTH exam.

TH-200 is for anyone looking to build a strong foundation in threat hunting, including SOC analysts, IT security specialists, and those aiming to transition into specialized cybersecurity roles. While there are no course prerequisites, it is encouraged that learners have some experience in cybersecurity, a solid foundation in TCP/IP networking, and a familiarity with Linux and Windows operating systems.

Course Information

Course Code OSTH
Duration Self Paced
Delivery Self Paced
Exam Voucher Included
Certification Body Offensive Security
Certification OSTH

What You Will Learn

Understand foundational concepts and practices of threat hunting
Analyze the threat actor landscape to identify potential risks
Learn to hunt for threats using network data and traffic analysis
Conduct endpoint-based threat hunting to detect malicious activity
Explore advanced hunting techniques without relying on indicators of compromise (IoCs)
Gain hands-on experience with CrowdStrike Falcon and Splunk tools
Create structured threat hunting strategies for enterprise environments

Course Curriculum

Learn about the different stages and types of threat hunts that enterprises use through an overview of basic objectives, concepts, and practices

Get an overview of various threat actors, with a focus on ransomware groups and Advanced Persistent Threats (APTs), and review in-depth discussions of several well-known actors

Discover how threat hunters use the Traffic Light Protocol to receive and use threat intelligence to create reports

Use Network Indicators of Compromise (IoCs) with IDS/IPS tools like Suricata to monitor for suspicious activity, identify network compromises, and build practical threat-detection skills

Hunt for threats with Endpoint IoCs and use intelligence- and hypothesis-based approaches to make your hunts more effective

Hunt for threats without relying on known IoCs and focus on behavioral analysis and data correlation to detect advanced threats with tools like CrowdStrike Falcon

Get the Full Syllabus as a PDF

Curriculum, exam format & everything included — sent straight to your inbox.

All You Need to Know

Who Should Attend

TH-200 is ideal for:

  • Individuals looking to build a strong foundation in threat hunting
  • Those aiming to transition into specialized security roles
  • SOC Analysts
  • IT Security Specialists
Prerequisites

While there are no formal prerequisites, it’s strongly encouraged that you have:

  • A solid foundation in TCP/IP networking
  • Familiarity with Linux and Windows operating systems
  • Basic understanding of cybersecurity concepts

Premium training, now at the lowest price.

Slef Paced Learning - 90 Days Access €1950 excl. VAT
Self Paced Learning - 365 Days Access €3000 excl. VAT
4.8/5 Official Offensive Security partner Exam included 800+ alumni
Lowest price guaranteed Ready to enrol?

No payment now — reserve your seat and we'll send the invoice.

Under a minute · invoice, card or PayPal
How it works: 1 Submit your details 2 Receive your invoice 3 Pay & get access