CERTIFICATE PROGRAM

HTB Defense Operations Analyst

defense-operations-hero

  • ANAB-accredited
  • Threat-informed skills development
  • Real-word applicable curriculum

Purpose

The Hack The Box certificate programs are designed to elevate participants' professional development by providing hands-on training and real-world simulations. These programs equip participants with the job-ready skills and practical experience needed to excel in the cybersecurity field. By validating technical proficiency, HTB certificates help participants stand out in the job market while contributing to the broader goal of ensuring a highly skilled and capable cybersecurity workforce.

Who is this for:

Junior Penetration Testers

Penetration Testers

Security Analysts

Vulnerability Analysts

Incident Handlers

IT Security Personnel

The certificate program is also aligned with the following DoD Cyber Workforce Framework work roles:

Cyber Defense Analyst

Cyber Defense Forensics Analyst

Cyber Defense Incident Responder

Content includes:

  • SOC Processes & Methodologies
  • SIEM Operations (ELK/Splunk) & Tactical Analytics
  • Log Analysis & Threat HuntingActive Directory Attack Analysis
  • Network Traffic Analysis (Incl. IDS/IPS & Malware Analysis & DFIR Operations
defense-operations-graph

Learning Objectives

Apply Elastic as a SIEM tool to analyze incidents and proficiently identify and respond to security breaches within compromised Windows network environments.

Perform memory forensics on Windows systems to effectively detect adversarial actions, applying forensic techniques to uncover hidden or latent threats.

Interpret data derived from Event Tracing for Windows (ETW) to accurately identify adversarial actions during security incidents.

Apply Splunk as a SIEM tool to analyze incidents and proficiently identify and respond to security breaches within compromised Windows network environments.

Evaluate and document adversarial actions critically across different stages of the cyber kill chain, providing a detailed analysis that reflects in-depth understanding of complex attack vectors.

Perform endpoint digital forensics on Windows systems to accurately identify specific adversarial actions, focusing on practical application.

Analyze logs and forensic data to identify and respond to security breaches within compromised Windows network environments, and determine the root cause of incidents resulting from adversarial actions.

Integrate and synthesize evidence from multiple sources and pivot data effectively to uncover adversarial actions, demonstrating advanced analytical skills.

Conduct memory forensics on Windows systems, utilizing YARA rules to detect adversarial actions and uncover hidden or latent threats by applying advanced forensic techniques.

The Coursework

15 Modules · 11 Labs · 1 Final Exam

Type Of Content  Name
 Academy Module   Intro to Network Traffic Analysis 
 Academy Module   Intermediate Network Traffic Analysis 
 Academy Module   Working with IDS/IPS 
 Dedicated Lab   Meerkat 
 Dedicated Lab   Superset-D 
 Dedicated Lab   Knock Knock 
 Academy Module   Security Monitoring &
 SIEM Fundamentals 
 Academy Module   Incident Handling Process 
 Academy Module   Introduction to Threat Hunting &
 Hunting with Elastic 
 Academy Module   Understanding Log Sources &
 Investigating with Splunk 
 Dedicated Lab   Nubilum2 
 Academy Module   Windows Event Logs & Finding Evil 
 Dedicated Lab   Horsepanda-D 
 Academy Module   Detecting Windows Attacks with Splunk 

 

Type Of Content Name
Academy Module  Windows Attacks & Defense 
Academy Module  Introduction to Malware Analysis 
Dedicated Lab  Einladen 
Dedicated Lab  Logjammer 
Academy Module  Introduction to Digital Forensics 
Dedicated Lab  Jingle Bell 
Dedicated Lab   BFT 
Dedicated Lab   Event Horizon 
Dedicated Lab   RogueOne 
Academy Module  YARA & Sigma for SOC Analysts 
Academy Module   Javascript Deobfuscation 
Academy Module  Security Incident Reporting 
Final Exam 

 

Requirements

blue-shield-icon

Requirements to earn the certificate

To successfully earn the HTB Defense Operations Analyst certificate, participants must:

  • Complete all coursework (including completing all module content, completing all learning activities such as Sherlocks and challenges)
  • Pass the final exam.
blue-cloud-icon

Technical requirements

To successfully earn the HTB Defense Operations Analyst certificate, participants must:

  • A stable internet connection.
  • VPN software to access the required resources.
onboarding-hero

Participants will be expected to engage in a wide range of cybersecurity tasks, including security analysis, incident handling, and other DFIR operations. These activities will be conducted across real-world, heterogeneous networks hosted on HTB infrastructure, which you can access via VPN through Pwnbox or your own local virtual machine (VM). A letter of engagement, clearly outlining the details, requirements, objectives, and scope, will be provided at the start of the examination process.

Embedded Content

Certificate term

3 Years

No maintenance requirements during this period. However, if you wish to continue using the HTB Defense Operations Analyst designation beyond this term, you will need to requalify by meeting the program's current training and testing requirements, which will issue you a new active certificate for another 3-year period.

Continuing professional education

131 CPEs

The HTB Defense Operations Analyst certificate program, in full,is worth 131 CPEs for individuals (certified by ISC).

Why Hack The Box?

defense-operations-verified-green-icon

Quality

Hack The Box (HTB) is committed to delivering high-quality coursework. Our curriculum developers are seasoned professionals holding a combination of top-tier industry certifications, years of practical field experience, and strong academic backgrounds. Their experience ensures that the learning materials are not only technically sound but also highly relevant to the evolving cybersecurity landscape.

defense-operations-verified-green-icon

Experience

The Program Director has contributed to prominent cybersecurity frameworks and regulations, such as TIBER-EU (developed by the European Central Bank) and iCAST (by the Hong Kong Monetary Authority). As an informal expert at The European Union Agency for Cybersecurity (ENISA), the Program Director ensures that HTB programs adhere to global best practices and align with the latest regulatory standards.

defense-operations-verified-green-icon

Accreditation

Hack The Box (HTB) have engaged the technical lead on the ASTM E2659 standard, which is the basis of the ANAB certificate program accreditation program – to guide our programs’ development and to ensure the certificate program industry standards are followed.

Company Logo

Hack The Box has redefined cybersecurity training by launching the first ANAB-accredited certificate program in the industry, ensuring quality, relevance, and consistency in professional upskilling. The HTB Defense Operations Analyst certificate program adheres to established industry standards, offering learners high-quality, expert-validated content that reflects real-world scenarios and enhances job readiness. With a rigorous review process, the program stays aligned with evolving industry needs, equipping professionals with the most relevant, practical skills to tackle modern cyber threats. ANAB accreditation also guarantees training consistency and external validation, reinforcing HTB's commitment to excellence in cybersecurity training.

Dimitrios BougioukasVP of Training, Hack The Box
Embedded Content

Pricing

DOA_Pricing

The HTB Defense Operations Analyst Certificate Program provides comprehensive training materials and practical labs, alongside an exam voucher.

FAQs

Why should I purchase the HTB Defense Operations Analyst certificate program?

The certificate is accredited by the ANSI National Accreditation Board (ANAB) and aligned to the Department of Defense Cyber Workforce Qualification Program under the DoD Directive 8140. By completing the certificate program, individuals will be eligible to DoD 8140 job positions and meet the standards to deliver day-to-day operations mapped to the evolving threat landscape.

What is the difference between certifications and a certificate program?

A certificate program is a comprehensive training program that concludes with a test to verify that participants have achieved the learning objectives. Certifications can usually be obtained by purchasing a voucher, without strict requirements to access the exam environment. Upon certificate completion, participants will be able to use the following designation and acronym: HTB Defense Operations Analyst or HTB DOA. It is not appropriate to call yourself certified, certificated, licensed, registered, or accredited.

How can I get access to the HTB Defense Operations Analyst certificate program?

The certificate program is currently part of customized Workforce Development Plans for federal and public sector customers. If you want to get started with this curriculum you will just need to get in touch with our team, which will assist you during the procurement process.

What if I already have access to Hack The Box Enterprise Platform?

The certificate program is currently part of customized Workforce Development Plans for federal and public sector customers, therefore it might not be part of your plan. Feel free to contact your dedicated Customer Success Manager, they will be able to assist you and discuss options to access the certificate program.

Is there a refund policy?

The refund policy outlined in our User Agreement and Refund Policy documents below applies.

Do you provide accommodations for learning disabilities?

If you require an accommodation for any medical or learning disability, contact the program director using the contact information listed here: [email protected]

How can I file a complaint?

If you wish to file an appeal about any decision made concerning your certificate program status or a complaint about any aspect of the program, contact the program director using the contact information listed here: [email protected]

What is your privacy policy?