HUNT Certification – Methodology

HUNT Certification – Methodology provides a baseline level of knowledge designed to train cybersecurity professionals to actively defend critical computer systems. The course exposes students to a “think like the adversary” mindset to actively detect sophisticated and tailored adversary attacks. This course prepares cybersecurity professionals to HUNT within their network for evidence of adversary presence not previously detected by automated enterprise security devices and software.

Rather than simply reacting to network attacks, students of this cyber threat hunting methodology training learn methods to proactively and remotely interrogate systems and analyze data. This empowers the students to proactively identify systems targeted by an adversary. Students learn how to identify malicious code, evidence of adversary presence, and lateral movement within a network. Throughout the program, instructors share their experience in cybersecurity, operations, and tool development. This provides students an appreciation of the challenges they face in countering the cyber adversary.

The HUNT Certification – Methodology course begins with the concepts of real-time detection and identification of adversary attacks using popular technologies. Instructors expose students to operating system concepts, with emphasis on adversary file manipulation and persistence techniques used to bypass cybersecurity systems and infrastructure. Students will also analyze network traffic to discover what an attack looks like as it passes through the network and how to defend against them. Students will also complete a capstone scenario that requires the them to leverage the configured tools and root9B HUNT methodology to handle a network intruder and develop a report on their findings.


• Module 1: Introduction to HUNT Tools
• Module 2: Introduction to HUNT Methodology
• Module 3: Review Indicators of Compromise
• Module 4: Environment Collection
• Module 5: Discover Indicators of Compromise
• Module 6: Targeted Collection and Analysis
• Module 7: Active Adversary Engagement
• Module 8: Capstone and Final Report


Cyber professionals preparing to enter positions or advanced training in the fields of pen testing, red teaming, or HUNT operations with existing system administration, networking, and/or cybersecurity backgrounds


Basic understanding of computer networks and exploitation techniques as well as basic scripting experience.


40 hours of course work, ideally to take place over 5 consecutive business days.


Course includes a certificate of attendance and a certification upon successful completion of the capstone event.