Certified Cyber Threat Hunter

Upskilling Course, 40 Academic Hours

Deep Dive: Threat Hunting Methodologies, Tactics and Techniques

Chances are very high that hidden threats already exist inside your organization’s networks. No matter how thorough and sophisticated your security precautions may be, you cannot assume that such security measures are impenetrable. By themselves, prevention systems are insufficient to counter focused human adversaries who know how to get around today’s advanced security and monitoring tools. It takes highly skilled and focused hunters to defeat these persistent adversaries.

This is a specialist-level course for security professionals involved in network security, security operations, incident response or penetration testing, who want to develop in their role or to enhance their proactive skills in detecting and mitigating threats.

By enrolling in this course, you'll get advanced knowledge on threat hunting methodologies, tactics, and techniques. You'll familiarize yourself with common threat hunting tools and technologies.

Who Is This Course For?

  • Incident responder and team leaders 
  • System administrators 
  • Cyber security practitioners and security architects 
  • Experienced cyber and IT professionals


  • Advanced knowledge of Microsoft Operating Systems 
  • Understanding of networks and protocols 
  • Basic knowledge of monitoring and security devices 
  • A good working knowledge of attack techniques, networking, malware investigations, including network and forensics investigations 
  • Good working knowledge of PowerShell 
  • Online Skill Set Level Exam: Minimum score of 70

Learning Objectives

  • Detect when and how a breach has occurred 
  • Identify compromised and affected systems 
  • Perform damage assessments and determine what was stolen or changed 
  • Hunt down additional breaches using knowledge of the adversary

What You'll Get...

In addition, you may choose to augment your team’s course to include preparation for relevant cybersecurity industry certification tests, at an additional cost. The cybersecurity certifications that this course can be used to prepare for include the GIAC Defending Advanced Threats (GDAT) certification.

cyber certification

Relevant Cybersecurity certifications

Note: An industry certification is neither offered nor guaranteed as part of the course.

Professional Supervisor and Instructors

Supervising all Wawiwa Cyber courses is Mr. Nadav Nachmias, Head of Cybersecurity Programs at Wawiwa.
The course instructors are cybersecurity professionals with hands-on experience as well as training skills. The technical level of the course can be adjusted according to the audience.
Nadav Nachmias Head of Cybersecurity Programs

Nadav Nachmias

Head of Cybersecurity Programs

Nadav is a Cybersecurity Specialist with over 15 years of experience, focusing on Cybersecurity strategies, architecture, and workforce empowerment. His practical experience made it intuitive for him to develop diverse training programs and materials in several Cybersecurity fields (including Cybersecurity Management, Incident Handling and Response, and Cyber Forensics).

What Do Graduates Have to Say?

Course Syllabus

Module 1: Introduction and Reconnaissance (5 Theoretical Hours, 5 Practical Hours)

  • Course Outline and Lab Setup 
    • Course Objectives and Lab Environment 
    • What’s Happening Out There? 
    • Exercise: One Click Is All It Takes 
  • Adversary Emulation and the Purple Team 
    • Introducing the Extended Kill Chain 
    • What Is the Purple Team? 
    • MITRE ATT&CK Framework and “Purple Tools” 
    • Key Controls for Prevention and Detection 
    • Building a Detection Stack 
    • Exercise: Kibana and ATT&CK Navigator 
  • Reconnaissance 
    • Reconnaissance – Getting to Know the Target 
    • Exercise: Automated Reconnaissance Using SpiderFoot

Module 2: Payload Delivery and Execution (3 Theoretical Hours, 1.5 Practical Hours)

  • Common Delivery Mechanisms 
  • Preventing Payload Execution 
  • Initial Execution – Application Whitelisting 
  • Exercise: Configuring AppLocker 
  • Initial Execution – Visual Basic, JS, HTA, and PowerShell 
  • Initial Execution – How to Detect? 
  • Exercise: Detection with Script Block Logging, Sysmon, and SIGMA

Module 3: Exploitation, Persistence and Command and Control (5 Theoretical Hours, 4 Practical Hours)

  • Protecting Applications from Exploitation 
    • Software Development Lifecycle (SDL) and Threat Modeling 
    • Patch Management 
    • Exploit Mitigation Techniques 
    • Exercise: Exploit Mitigation Using Compile-Time Controls 
    • Exploit Mitigation Techniques – ExploitGuard, EMET, and Others 
    • Exercise: Exploit Mitigation Using ExploitGuard 
  • Avoiding Installation 
    • Typical Persistence Strategies 
    • How Do Adversaries Achieve Persistence? 
    • Exercise: Catching Persistence Using Autoruns and OSQuery 
  • Foiling Command and Control 
    • Detecting Command and Control Channels 
    • Exercise: Detecting Command and Control Channels Using Suricata, JA3, and RITA

Module 4: Lateral Movement (4 Theoretical Hours, 4.5 Practical Hours)

  • Protecting Administrative Access 
    • Active Directory Security Concepts 
    • Principle of Least Privilege and UAC 
    • Exercise: Implementing LAPS 
    • Privilege Escalation Techniques in Windows 
    • Exercise: Local Windows Privilege Escalation Techniques 
  • Key Attack Strategies Against the Active Directory (AD) 
    • Abusing Local Admin Privileges to Steal More Credentials 
    • Exercise: Hardening Windows Against Credential Compromise 
  • Kerberos attacks: Kerberoasting, Silver tickets, Over -PtH 
  • How Can We Detect Lateral Movement? 
    • Key Logs to Detect Lateral Movement in AD 
    • Deception – Tricking the Adversary 
    • Exercise: Detecting Lateral Movement in AD

Module 5: Action on Objectives, Threat Hunting and Incident Response (3 Theoretical Hours, 5 Practical Hours)

  • Domain Dominance 
    • Dominating the AD – Basic Strategies 
    • Golden Ticket, Skeleton Key, DCSync, and DCShadow 
    • Detecting Domain Dominance 
    • Exercise: Domain Dominance 
  • Data Exfiltration 
    • Common Exfiltration Strategies 
    • Exercise: Detecting Data Exfiltration 
  • Leveraging Threat Intelligence 
    • Defining Threat Intelligence 
    • Exercise: Leveraging Threat Intelligence with MISP and Loki 
  • Threat Hunting and Incident Response 
    • Proactive Threat Hunting Strategies 
    • Exercise: Hunting Your Environment 
    • Incident Response Process 
    • Exercise: Finding Malware Using Volatility and YarGen

Give your team the edge they need to succeed with our comprehensive courses, tailored to your specific needs.

Interested in more details?

We’d be happy to answer all your questions!

Partner with Wawiwa to offer tech training programs in less than 6 months!

Wawiwa bridges the tech skills gap by reskilling people for tech professions in high demand. There are millions of tech vacancies and not enough tech professionals with the relevant knowledge and skills to fill them. What the industry needs of employees is not taught in long academic degrees. Wawiwa helps partners around the world to reskill, and upskill people for tech jobs through local tech training centers or programs. The company utilizes a proven training methodology, cutting-edge content, digital platforms for learning and assessment, and strong industry relations, to deliver training programs that result in higher employability and graduate satisfaction. This, in turn, also creates a strong training brand and a sustainable business for Wawiwa’s partners.