eCTHP - eLearnSecurity Threat Hunting Professional

supasecuritybro

Decided to start a thread regarding this certification. I was in the deep with some shellcoding for the eCPPT and decided since the THP course is shorter, to go ahead and start it. I am planning to finish it by the end of January and let you guys know how it is.

Background:
I do a lot of work with SIEM and vulnerability management in my current role. Also my team is focusing now on some hunting as part of our day to day. I went into the PenTesting route since it was something I never knew much about and I wanted to challenge myself. I went through the eJPT (eLearn Junior Pentest), did the GPEN, and have been working through the material with the eCPPT. It has been slower than I hoped since I am learning about a lot of new things I never knew about. I am interested in the red team stuff more our of curiosity than being a full fledged pentester. Would I take a job as a pentester, probably but not the priority. I am more interested in defense and since it has been more expensive to do some of the defensive courses with SANS (SEC555 and SEC511) this course came at the right time and right price.

Day one:
Downloaded all PDFs and will be starting the first module this week.

More to follow...

vynx

hows the content so far?

u1tras

I'm thinking of buying this course before 31th December while discount is valid. Any feedback from you about this course would be great!

supasecuritybro

The content is pretty good so far. Made it through the first two modules in the first section last night. Three sections total in that section. The information is broken up pretty well and it definitely builds on a base of a beginner. They also provide you a lot of the resources in where you should go to study deeper. I like that.

It’s not a lot of content. I think the value comes the one stop place. With the discount and free upgrade I believe it extremely worth it. If you want to get into blue team topics and don’t have a lot of money to invest, getting this at full price it’s a better deal than waiting to get selected for a work study at SANS for one of their blue team courses.

Haven’t done any lab yet.

More to follow

vynx

supasecuritybro wrote: »

The content is pretty good so far. Made it through the first two modules in the first section last night. Three sections total in that section. The information is broken up pretty well and it definitely builds on a base of a beginner. They also provide you a lot of the resources in where you should go to study deeper. I like that.

It’s not a lot of content. I think the value comes the one stop place. With the discount and free upgrade I believe it extremely worth it. If you want to get into blue team topics and don’t have a lot of money to invest, getting this at full price it’s a better deal than waiting to get selected for a work study at SANS for one of their blue team courses.

Haven’t done any lab yet.

More to follow

hows the video ? maybe you can give review 1 - 2 lab first ? since i think many people waiting for your review

chrisone

Hmmm I am on the fence on this one. Looks like you are a week and some into this course. How are you liking it so far? Have you applied anything to your daily job?

supasecuritybro

A week into it and I am almost done with the first topic (done with 3 of 4 sections). I haven't been hitting it too hard since its been the holidays. The material is good. I have a ton of resources (websites / reports) to grow my knowledge in the current threat landscapes. I also learn how to use some of the threat intel out there to build my own.

As far as usefulness for my job; I got some value so far with some of my goals for next year. We are building a threat hunting part to our list of things we do for next year. I am already seeing ways of implementing this into that program.

Opinion: If you wanna do blue team and are getting a discount on it, buy it. If you company is paying for it, buy it. If you are going to pay full price, let it be bc you want to get into a security analyst job and you want some good skillsets for that.

monkykap

Thanks for providing your feedback, i've been on the fence for getting this course, but i think because of your review i will get it after all. with the 40% discount, and a credit card sign up bonus i think it's affordable enough. I think it too closely coincides with the things I am working on implementing in my work. I am still worried about the length of the material, how many hours of coursework would you say there is?

chrisone

I am going to wait on this course. Looks good, but I have to pass PTP4, ARES, and WAPT before I start getting off track onto more courses. Looks like there will be updates to some courses next year and hopefully WAPT is one of them. Since I currently hold a WAPT course I believe I can get the upgrade for $250 hopefully. There are also "new" courses coming out in 2018 as well. see below


Towards the very bottom of this year in review page.

You ain’t seen nothing yet!

If you thought 2017 was good, watch out for the next one. We’re just getting started, and even more exciting things await us these coming months. Here are a few you should look out for:

• a Hack.me overhaul;
• updates to your favorite courses;
• even more brand new training courses;
• the return of the Ethical Hacker Network!

Before the ball drops and the fireworks start, the team would like to thank each and everyone of you for being a part of our eLS community, and for helping us reach new heights, year in and year out.
Have a Happy New Year, everybody!

supasecuritybro

monkykap wrote: »

Thanks for providing your feedback, i've been on the fence for getting this course, but i think because of your review i will get it after all. with the 40% discount, and a credit card sign up bonus i think it's affordable enough. I think it too closely coincides with the things I am working on implementing in my work. I am still worried about the length of the material, how many hours of coursework would you say there is?

roughly 3 1/2 hours and I am still inthe first module. I am also taking some time to read over resources they provide. I am looking forward to the packet analysis.

supasecuritybro

Just finished the first portion. I can say it helped to start off with some of the new goals my team has for this year. I found some value in this first section since we are starting a hunting program at my job. I now feel a little better suited than just talking about the NIST 800-61 and I can now lean on a lot of other resources to build content.

The lab was a little lacking. I felt it could have been a bit more involved but the directions didn't really should you much, you had to go into the solution to know what they wanted from you. They didn't really talk about YARA as much as I would have liked personally. They just covered it in passing and how to use it locally. Not sure if this will circle back when it gets to more of the endpoint portion.

SaSkiller

So lets get into the nuts and bolts. I was watching the launch webinar snippet and was left lacking. Does your organization have the capability to hunt as they mention in the course? Looking at memory of processes? Seems like something the forensics team might be able to do on a specific asset after something caused them to look at it, not something that could be hunted for across the environment. How much are they discussing hunting from a SIEM? Do they give methodologies and advice on how to find things to hunt, and what is needed in your SIEM before you can hunt them?

1point8t

I don't want to hijack supasecuritybro's thread but I think it would be easier to contain all reviews to one thread.

I also purchased this course as it was fairly cheap compared to other courses(SANS) and offered some of the material I was looking to study. In addition, I've purchased the PTS and PTP courses from them in the past and was extremely satisfied. Up to this point I completed the first section, Threat Hunting, and the last section, Endpoint Analysis, and enjoyed the material for the most part. I was happy to see that Redline and Volatility were covered but I felt that they could have went into greater detail in the malware analysis section.

Regarding SIEM, there is a section within Endpoint Analysis that reviews search methodologies and hunting techniques for specific attacks such as mimikatz, code injection and keyloggers. While it does provide specific details for specific attacks, it also provides a general overview on how you should conduct your hunts. The videos reviewed the concepts in better detail and the labs provided great practical experience.

On to the last section, Network Analysis.

Khohezion

So I bought this course as well but I think I'm going to do it after I completed the eCPPT. I wish you guys the best of luck.

supasecuritybro

Went through the network analysis slides and I really enjoyed them. Packet Analysis is a skill set that is extremely helpful in any aspect of IT but more importantly with Security. This really gets into some of the things that are a little confusing. I was very pleased with the details and videos. I am going to do the first lab in the section part of the module and from the lab manual, its pretty good.

renzoncruz

So how was it so far? I'm planning to take buy this stuff but still conducting a survey on how good it was. And also, Digital Forensic is on it's way. Any feedback on those who took this THP course? Is it worth the penny?

supasecuritybro

It is pretty good. If you want to be blue team, its a great starting course. I have a heart for blue team work since I am in the engineering space. I have gone into the Red Team bc of interest and I can see the value in my blue heart. I would recommend this course for intermediate people in the SOC space who want to be better at finding things and looking through logs for an actual incident.

renzoncruz

How was it so far? Have you complete all the labs and the lecture? Trying to figure out what would be my first course since the digital forensic is on sale now. Have you taken the THP certificate exam?

supasecuritybro

Sorry for the delay in posting about the course. We recently had a baby and I have been working on my GWAPT since I was selected for the work study program early January. I am finishing the endpoint part and then go through the labs again. If you want to learn some good basics and foundation to help with analyst work, this is a great course. I haven't done the exam yet but I will continue this thread once I resume in April.

nebula105

Keep it up supa!

I've paused my progress on the threat hunting course as well as I'm starting the GCIH next week!

supasecuritybro

Update:

Finished the GWAPT and I have some time between now and the July COHORT for CCNA CyberOps. I have decided to attempt to complete what I have left with the eTHP which is the endpoint section. This covers, windows process/malware/SIEM/hunting, so I believe I can get through most of it. I am going to update this post as I go further along. Hopefully I can do the exam before the next course starts.

renzoncruz

Great. I am waiting for your final review as I bought eJPT, eCDFP, and eCPPT course. Planning to take eJPT next next week on weekend and will finish the next one. Still looking at your eCTHP review as this is something I do on a daily basis at work. Congrats on GWAPT, how was it? Did you do the work study program of SANS?