INE reposted this
From Raw Packets to Real Threats: eCTHP Certified🎉 I'm thrilled to announce that I have officially earned the Certified Threat Hunting Professional (eCTHP) certification from INE Security! The eCTHP dropped me inside a compromised corporate network and told me: "Find the attacker" requiring a full hands-on threat hunt across packet captures, and endpoint telemetry. No hints, no walkthroughs. Just you, your tools, and a network full of carefully hidden malicious activity. Quick question for fellow threat hunters: Do you ever practice hunting without alerts guiding the investigation? This is exactly how the hunt unfolded across the three stages of the exam: ⛔️ Phase 1 Network Threat Hunting (Advanced Wireshark): The network told a complete story once I knew how to listen: ✔ Detected XOR-encoded ICMP beaconing used to establish covert C2 communication ✔ Traced malicious payload downloads across HTTP sessions & reconstructed malware staging from packet captures ✔ Observed lateral movement via SMB and remote execution techniques ⛔️ Phase 2 Endpoint Threat Hunting (Splunk + ELK): Then I moved to the endpoints, where the attacker had already infiltrated: ✔ Brute-forced account used as initial foothold → Mimikatz executed to dump credentials from memory ✔ Pass-the-Hash used for lateral movement without ever touching a password ✔ Malicious Windows service granting domain-wide persistence + data exfiltrated via PowerShell UploadString ⛔️ Phase 3 MITRE ATT&CK Mapping (ELK + CTI Report): Using threat intelligence reports and log analysis in ELK, I mapped observed activity to known adversary techniques: ✔ Correlated attacker actions with the MITRE ATT&CK framework via targeted Elastic queries ✔ Mapped Initial Access, Ingress Tool Transfer, Persistence and Execution techniques ✔ Identified Scheduled Task persistence and malicious service implanted via Registry What this exam taught me goes beyond any bullet point list. It taught me that threat hunting isn't about alerts, it's about curiosity and asking "why does this packet look slightly different?" and having the patience to follow that thread until it unravels an entire attack chain. 🙏 A very special thank you to my teammate Rayen Gader who was with me every step of the preparation journey. Your support made a real difference. 🙏 Heartfelt thanks to everyone who supported me along the way, with special appreciation to TEK-UP University of Digital Sciences, particularly Mr. Khaled Jerbi for making this journey possible. 🙏 A huge thank you to INE Security for building one of the most realistic and technically demanding Blue Team certifications available today. The platform’s labs, the attack scenarios, and the exam design are genuinely world-class. 🔗 Accredible Verification Link: https://lnkd.in/dgcHwzsd 🔗 To fellow defenders preparing for eCTHP: https://lnkd.in/d-Fqde3m #CyberSecurity #InfoSec #CyberSecurity #IncidentResponse #BlueTeam #SOC #SOAR #INE #INESECURITY