HackTheKnowledge logo
◈ Path Bundle

Threat Hunting

Proactive detection, hypothesis-driven hunting, and adversary behavior analysis across endpoints and networks using SIEM, EDR, and MITRE ATT&CK frameworks.

Save 79 EUR
Join Waitlist →Start with Beginner · 119Go Intermediate →

Lab tools you will use

SplunkLab toolElastic SIEMLab toolVelociraptorLab toolYARADetectionSigmaDetectionOSQueryLab toolSysmonLab toolCrowdStrike FalconLab toolSplunkLab toolElastic SIEMLab toolVelociraptorLab toolYARADetectionSigmaDetectionOSQueryLab toolSysmonLab toolCrowdStrike FalconLab tool
MITRE ATT&CK NavigatorLab toolKibanaLab toolWazuhSIEMChainsawLab toolHayabusaLab toolDeepBlueCLILab toolKapeLab toolEric Zimmerman ToolsLab toolMITRE ATT&CK NavigatorLab toolKibanaLab toolWazuhSIEMChainsawLab toolHayabusaLab toolDeepBlueCLILab toolKapeLab toolEric Zimmerman ToolsLab tool

Courses Included

BEGINNER

Threat Hunting Beginner

Practical threat hunting foundations with guided hands-on labs.

1 guided lab10h

119 EUR

View Beginner Details →
INTERMEDIATE

Threat Hunting Intermediate

Intermediate threat hunting with complex real-world scenarios and professional workflow.

2 guided labs12h

159 EUR

View Intermediate Details →

Why Choose the Full Pack?

Get the Beginner + Intermediate courses bundled together and unlock exclusive extras.

Beginner + Intermediate courses (22h)
All 4 guided labs with isolated VMs
All per-module + certification exams
2 HTK certificates (Beginner + Intermediate)
Extra consolidation lab
Lifetime access + priority support
Access to the HTK community
199278
Save 79
Join Waitlist →

Your Learning Roadmap

Each phase maps to a course module. Scroll to assemble your full progression — from beginner fundamentals to intermediate mastery.

1

Phase 1

Beginner

Threat Hunting Fundamentals & Adversary Behavior

Start your threat hunting journey with Threat Hunting Beginner.

  • Reactive vs. proactive detection: why hunting matters
  • MITRE ATT&CK framework: tactics, techniques, and procedures
  • Threat intelligence-driven vs. hypothesis-driven hunting
2

Phase 2

Beginner

Log Sources & Telemetry Collection

  • Windows event logs: Security, Sysmon, PowerShell logging
  • Network telemetry: DNS, proxy, NetFlow
  • Configuring collection with Sysmon and OSQuery
3

Phase 3

Beginner

Hunting Techniques & Tools

  • Splunk and Elastic SIEM: queries, dashboards, and correlations
  • Sigma rules: writing and converting detection logic
  • Identifying persistence, lateral movement, and C2 patterns
4

Phase 4

Beginner

Reporting & Certification Exam

  • Documenting hunt findings: timelines, IOCs, and recommendations
  • Measuring hunt program maturity and effectiveness
5

Phase 5

Intermediate

Advanced Threat Hunting & APT Analysis

Advance into complex scenarios with Threat Hunting Intermediate.

  • APT campaign decomposition: initial access to exfiltration
  • Living-off-the-land techniques: LOLBins, WMI, PowerShell abuse
  • Memory forensics for threat hunting: detecting injected code
6

Phase 6

Intermediate

Detection Engineering with Sigma & YARA

  • Advanced Sigma rule writing: correlation, aggregation, and near-real-time rules
  • YARA rule development for file and memory scanning
  • Detection-as-code: CI/CD pipelines for detection content
7

Phase 7

Intermediate

Purple Team Exercises

  • Atomic Red Team and MITRE Caldera for controlled adversary simulation
  • Validating detection coverage against ATT&CK techniques
  • Gap analysis and detection backlog prioritization
8

Phase 8

Intermediate

Hunt Report + Intermediate Certification

  • Professional threat hunting report: executive summary, technical findings, ATT&CK heat map
  • Detection improvement roadmap and KPI tracking
Threat Hunting Learning Path: Beginner to Intermediate Cybersecurity Course | HackTheKnowledge