CERTIFICATE PROGRAM
HTB Defense Operations Analyst

- ANAB-accredited
- Threat-informed skills development
- Real-word applicable curriculum

Purpose
The Hack The Box certificate programs are designed to elevate participants' professional development by providing hands-on training and real-world simulations. These programs equip participants with the job-ready skills and practical experience needed to excel in the cybersecurity field. By validating technical proficiency, HTB certificates help participants stand out in the job market while contributing to the broader goal of ensuring a highly skilled and capable cybersecurity workforce.
Who is this for:
Junior Penetration Testers
Penetration Testers
Security Analysts
Vulnerability Analysts
Incident Handlers
IT Security Personnel
The certificate program is also aligned with the following DoD Cyber Workforce Framework work roles:
Cyber Defense Analyst
Cyber Defense Forensics Analyst
Cyber Defense Incident Responder
Content includes:
- SOC Processes & Methodologies
- SIEM Operations (ELK/Splunk) & Tactical Analytics
- Log Analysis & Threat HuntingActive Directory Attack Analysis
- Network Traffic Analysis (Incl. IDS/IPS & Malware Analysis & DFIR Operations

Learning Objectives
Apply Elastic as a SIEM tool to analyze incidents and proficiently identify and respond to security breaches within compromised Windows network environments.
Perform memory forensics on Windows systems to effectively detect adversarial actions, applying forensic techniques to uncover hidden or latent threats.
Interpret data derived from Event Tracing for Windows (ETW) to accurately identify adversarial actions during security incidents.
Apply Splunk as a SIEM tool to analyze incidents and proficiently identify and respond to security breaches within compromised Windows network environments.
Evaluate and document adversarial actions critically across different stages of the cyber kill chain, providing a detailed analysis that reflects in-depth understanding of complex attack vectors.
Perform endpoint digital forensics on Windows systems to accurately identify specific adversarial actions, focusing on practical application.
Analyze logs and forensic data to identify and respond to security breaches within compromised Windows network environments, and determine the root cause of incidents resulting from adversarial actions.
Integrate and synthesize evidence from multiple sources and pivot data effectively to uncover adversarial actions, demonstrating advanced analytical skills.
Conduct memory forensics on Windows systems, utilizing YARA rules to detect adversarial actions and uncover hidden or latent threats by applying advanced forensic techniques.
The Coursework
15 Modules · 11 Labs · 1 Final Exam
| Type Of Content | Name |
| Academy Module | Intro to Network Traffic Analysis |
| Academy Module | Intermediate Network Traffic Analysis |
| Academy Module | Working with IDS/IPS |
| Dedicated Lab | Meerkat |
| Dedicated Lab | Superset-D |
| Dedicated Lab | Knock Knock |
| Academy Module | Security Monitoring & SIEM Fundamentals |
| Academy Module | Incident Handling Process |
| Academy Module | Introduction to Threat Hunting & Hunting with Elastic |
| Academy Module | Understanding Log Sources & Investigating with Splunk |
| Dedicated Lab | Nubilum2 |
| Academy Module | Windows Event Logs & Finding Evil |
| Dedicated Lab | Horsepanda-D |
| Academy Module | Detecting Windows Attacks with Splunk |
| Type Of Content | Name |
| Academy Module | Windows Attacks & Defense |
| Academy Module | Introduction to Malware Analysis |
| Dedicated Lab | Einladen |
| Dedicated Lab | Logjammer |
| Academy Module | Introduction to Digital Forensics |
| Dedicated Lab | Jingle Bell |
| Dedicated Lab | BFT |
| Dedicated Lab | Event Horizon |
| Dedicated Lab | RogueOne |
| Academy Module | YARA & Sigma for SOC Analysts |
| Academy Module | Javascript Deobfuscation |
| Academy Module | Security Incident Reporting |
| Final Exam |
Requirements
Requirements to earn the certificate
To successfully earn the HTB Defense Operations Analyst certificate, participants must:
- Complete all coursework (including completing all module content, completing all learning activities such as Sherlocks and challenges)
- Pass the final exam.
Technical requirements
To successfully earn the HTB Defense Operations Analyst certificate, participants must:
- A stable internet connection.
- VPN software to access the required resources.

Participants will be expected to engage in a wide range of cybersecurity tasks, including security analysis, incident handling, and other DFIR operations. These activities will be conducted across real-world, heterogeneous networks hosted on HTB infrastructure, which you can access via VPN through Pwnbox or your own local virtual machine (VM). A letter of engagement, clearly outlining the details, requirements, objectives, and scope, will be provided at the start of the examination process.

Certificate term
3 Years
No maintenance requirements during this period. However, if you wish to continue using the HTB Defense Operations Analyst designation beyond this term, you will need to requalify by meeting the program's current training and testing requirements, which will issue you a new active certificate for another 3-year period.
Continuing professional education
131 CPEs
The HTB Defense Operations Analyst certificate program, in full,is worth 131 CPEs for individuals (certified by ISC).
Why Hack The Box?
Quality
Hack The Box (HTB) is committed to delivering high-quality coursework. Our curriculum developers are seasoned professionals holding a combination of top-tier industry certifications, years of practical field experience, and strong academic backgrounds. Their experience ensures that the learning materials are not only technically sound but also highly relevant to the evolving cybersecurity landscape.
Experience
The Program Director has contributed to prominent cybersecurity frameworks and regulations, such as TIBER-EU (developed by the European Central Bank) and iCAST (by the Hong Kong Monetary Authority). As an informal expert at The European Union Agency for Cybersecurity (ENISA), the Program Director ensures that HTB programs adhere to global best practices and align with the latest regulatory standards.
Accreditation
Hack The Box (HTB) have engaged the technical lead on the ASTM E2659 standard, which is the basis of the ANAB certificate program accreditation program – to guide our programs’ development and to ensure the certificate program industry standards are followed.
Hack The Box has redefined cybersecurity training by launching the first ANAB-accredited certificate program in the industry, ensuring quality, relevance, and consistency in professional upskilling. The HTB Defense Operations Analyst certificate program adheres to established industry standards, offering learners high-quality, expert-validated content that reflects real-world scenarios and enhances job readiness. With a rigorous review process, the program stays aligned with evolving industry needs, equipping professionals with the most relevant, practical skills to tackle modern cyber threats. ANAB accreditation also guarantees training consistency and external validation, reinforcing HTB's commitment to excellence in cybersecurity training.

Pricing

The HTB Defense Operations Analyst Certificate Program provides comprehensive training materials and practical labs, alongside an exam voucher.

FAQs
Why should I purchase the HTB Defense Operations Analyst certificate program?
The certificate is accredited by the ANSI National Accreditation Board (ANAB) and aligned to the Department of Defense Cyber Workforce Qualification Program under the DoD Directive 8140. By completing the certificate program, individuals will be eligible to DoD 8140 job positions and meet the standards to deliver day-to-day operations mapped to the evolving threat landscape.
What is the difference between certifications and a certificate program?
A certificate program is a comprehensive training program that concludes with a test to verify that participants have achieved the learning objectives. Certifications can usually be obtained by purchasing a voucher, without strict requirements to access the exam environment. Upon certificate completion, participants will be able to use the following designation and acronym: HTB Defense Operations Analyst or HTB DOA. It is not appropriate to call yourself certified, certificated, licensed, registered, or accredited.
How can I get access to the HTB Defense Operations Analyst certificate program?
The certificate program is currently part of customized Workforce Development Plans for federal and public sector customers. If you want to get started with this curriculum you will just need to get in touch with our team, which will assist you during the procurement process.
What if I already have access to Hack The Box Enterprise Platform?
The certificate program is currently part of customized Workforce Development Plans for federal and public sector customers, therefore it might not be part of your plan. Feel free to contact your dedicated Customer Success Manager, they will be able to assist you and discuss options to access the certificate program.
Is there a refund policy?
The refund policy outlined in our User Agreement and Refund Policy documents below applies.
Do you provide accommodations for learning disabilities?
If you require an accommodation for any medical or learning disability, contact the program director using the contact information listed here: [email protected]
How can I file a complaint?
If you wish to file an appeal about any decision made concerning your certificate program status or a complaint about any aspect of the program, contact the program director using the contact information listed here: [email protected]
What is your privacy policy?
The Hack The Box privacy policy applies.