The Certified Threat Hunting Professional (CTHP) is an advanced, industry-aligned certification designed for cybersecurity professionals who want to master proactive threat detection and hunting in modern enterprise environments.

Unlike traditional defensive certifications that focus on alerts and reactive incident response, CTHP validates the ability to think like an attacker, build hunting hypotheses, analyze large-scale telemetry, and uncover stealthy threats that evade automated controls.

The CTHP exam is a 12-hour, scenario-driven assessment consisting of 1200 advanced MCQs, simulating real-world threat hunting operations across endpoints, networks, identities, cloud platforms, and SIEM environments. Candidates are evaluated on their analytical thinking, investigation logic, ATT&CK mapping skills, and detection engineering mindset.

This certification is vendor-neutral, role-based, and built to reflect how professional threat hunters operate inside SOCs, MDR teams, and blue teams today.

CTHP is ideal for professionals who want to demonstrate hands-on threat hunting capability, not just theoretical knowledge.

🎯 Who Should Take CTHP

• SOC Analysts (Tier 2 / Tier 3)

• Threat Hunters & Detection Engineers

• Blue Team & Purple Team Professionals

• Incident Responders

• Security Engineers & DFIR Analysts

⚠️ This is not a beginner-level exam. Prior experience with logs, endpoints, or SOC operations is strongly recommended.

🧠 Exam Format Overview

• Exam Duration: 12 Hours

• Total Questions: 1200 MCQs

• Question Type: Scenario-based & analytical

• Exam Style: Proctored / Individual

• Certification Type: Vendor-neutral, industry-focused

📚 CTHP Exam Syllabus (30 Modules)

Domain 1: Threat Hunting Foundations

1. Threat Hunting Concepts & Mindset

2. Reactive vs Proactive Security Operations

3. Threat Hunting Lifecycle & Frameworks

4. Hypothesis-Driven Hunting Techniques

Domain 2: Adversary Tradecraft

5. Understanding Modern Threat Actors

6. Living-off-the-Land (LOLBins) Techniques

7. Fileless & Stealthy Attacks

8. Malware vs Post-Exploitation Behavior

Domain 3: MITRE ATT&CK Mastery

9. MITRE ATT&CK Framework Overview

10. Mapping Tactics, Techniques & Procedures (TTPs)

11. ATT&CK for Detection & Hunting

12. ATT&CK for Cloud & Identity

Domain 4: Endpoint Threat Hunting

13. Endpoint Telemetry & Process Analysis

14. Persistence, Privilege Escalation & Lateral Movement

15. Memory, Registry & File System Artifacts

16. EDR & Endpoint Investigation Logic

Domain 5: Network Threat Hunting

17. Network Traffic Analysis Fundamentals

18. DNS, Proxy & Web Traffic Hunting

19. Command-and-Control Detection

20. Lateral Movement & Exfiltration Patterns

Domain 6: SIEM & Log Analytics

21. Log Sources & Data Normalization

22. Query Logic & Advanced Log Correlation

23. Behavioral Analytics & Anomaly Detection

24. False Positives, Noise Reduction & Context

Domain 7: Cloud & Identity Hunting

25. Cloud Threat Hunting Concepts

26. Identity Attacks & Credential Abuse

27. SaaS, IAM & API Abuse Scenarios

Domain 8: Detection Engineering & Response

28. Detection Engineering Principles

29. Validation, Tuning & Purple Teaming

30. Reporting, Metrics & Threat Hunt Outcomes