CERTIFICATE PROGRAM
HTB Defense Operations Analyst
ANAB-accredited
Threat-informed skills development
Real-word applicable curriculum
Purpose
The Hack
The
Box certificate programs are designed to elevate participants'
professional
development by providing hands-on training and real-world
simulations. These programs equip
participants with the job-ready skills and practical experience needed to excel in the
cybersecurity field.
By validating technical proficiency, HTB certificates help participants stand out in the job
market while contributing to the broader goal of ensuring a highly skilled and capable
cybersecurity workforce.
Who is this for:
Junior Penetration Testers
Penetration Testers
Security Analysts
Vulnerability Analysts
Incident Handlers
IT Security Personnel
The certificate program is also aligned with the following DoD Cyber Workforce Framework work roles:
Cyber Defense Analyst
Cyber Defense Forensics Analyst
Cyber Defense Incident Responder
Content includes:
- SOC Processes & Methodologies
- SIEM Operations (ELK/Splunk) & Tactical Analytics
- Log Analysis
- Threat Hunting
- Active Directory Attack Analysis
- Network Traffic Analysis (Incl. IDS/IPS
- Malware Analysis
- DFIR Operations
Learning Objectives
Apply Elastic as a SIEM tool to analyze incidents and proficiently identify and respond to security breaches within compromised Windows network environments.
Perform memory forensics on Windows systems to effectively detect adversarial actions, applying forensic techniques to uncover hidden or latent threats.
Interpret data derived from Event Tracing for Windows (ETW) to accurately identify adversarial actions during security incidents.
Apply Splunk as a SIEM tool to analyze incidents and proficiently identify and respond to security breaches within compromised Windows network environments.
Evaluate and document adversarial actions critically across different stages of the cyber kill chain, providing a detailed analysis that reflects in-depth understanding of complex attack vectors.
Perform endpoint digital forensics on Windows systems to accurately identify specific adversarial actions, focusing on practical application.
Analyze logs and forensic data to identify and respond to security breaches within compromised Windows network environments, and determine the root cause of incidents resulting from adversarial actions.
Integrate and synthesize evidence from multiple sources and pivot data effectively to uncover adversarial actions, demonstrating advanced analytical skills.
Conduct memory forensics on Windows systems, utilizing YARA rules to detect adversarial actions and uncover hidden or latent threats by applying advanced forensic techniques.
The Coursework
15 Modules · 11 Labs · 1 Final Exam
Type Of Content
Name
Academy Module
Intro to Network Traffic Analysis
Academy Module
Intermediate Network Traffic Analysis
Academy Module
Working with IDS/IPS
Dedicated Lab
Meerkat
Dedicated Lab
Superset-D
Dedicated Lab
Knock Knock
Academy Module
Security Monitoring & SIEM Fundamentals
Academy Module
Incident Handling Process
Academy Module
Introduction to Threat Hunting & Hunting with Elastic
Academy Module
Understanding Log Sources & Investigating with Splunk
Dedicated Lab
Nubilum2
Academy Module
Windows Event Logs & Finding Evil
Dedicated Lab
Horsepanda-D
Academy Module
Detecting Windows Attacks with Splunk
Academy Module
Windows Attacks & Defense
Academy Module
Introduction to Malware Analysis
Dedicated Lab
Einladen
Dedicated Lab
Logjammer
Academy Module
Introduction to Digital Forensics
Dedicated Lab
Jingle Bell
Dedicated Lab
BFT
Dedicated Lab
Event Horizon
Dedicated Lab
RogueOne
Academy Module
YARA & Sigma for SOC Analysts
Academy Module
Javascript Deobfuscation
Academy Module
Security Incident Reporting
Final Exam
Type Of Content
Name
Academy Module
Windows Attacks & Defense
Academy Module
Introduction to Malware Analysis
Dedicated Lab
Einladen
Dedicated Lab
Logjammer
Academy Module
Introduction to Digital Forensics
Dedicated Lab
Jingle Bell
Dedicated Lab
BFT
Dedicated Lab
Event Horizon
Dedicated Lab
RogueOne
Academy Module
YARA & Sigma for SOC Analysts
Academy Module
Javascript Deobfuscation
Academy Module
Security Incident Reporting
Final Exam
Requirements
Requirements to earn the certificate
To successfully earn the HTB Defense Operations Analyst certificate, participants must:
- Complete all coursework (including completing all module content, completing all learning activities such as Sherlocks and challenges)
- Pass the final exam.
Technical requirements
To successfully earn the HTB Defense Operations Analyst certificate, participants must:
- A stable internet connection.
- VPN software to access the required resources.
Participants will be expected to engage in a wide range of
cybersecurity tasks,
including security analysis, incident handling, and other DFIR
operations.
These
activities will be conducted across real-world, heterogeneous networks hosted on HTB
infrastructure, which you can access via VPN through Pwnbox or your own local virtual
machine (VM). A letter of engagement, clearly outlining the details, requirements,
objectives, and scope will be provided at the start of the examination process.
Certificate
term
3 Years
No maintenance requirements during this period.
However, if you wish to continue using the HTB Defense Operations Analyst designation beyond this term, you will need to requalify by meeting the program's current training and testing requirements, which will issue you a new active certificate for another 3-year period.
Continuing professional education
131 CPEs
The HTB Defense Operations Analyst certificate program, in full,
is worth 131 CPEs for
individuals (certified by ISC).
Why Hack The Box?
Quality
Hack The Box (HTB) is committed to delivering high-quality coursework. Our curriculum developers are seasoned professionals holding a combination of top-tier industry certifications, years of practical field experience, and strong academic backgrounds. Their experience ensures that the learning materials are not only technically sound but also highly relevant to the evolving cybersecurity landscape.
Experience
The Program Director has contributed to prominent cybersecurity frameworks and regulations, such as TIBER-EU (developed by the European Central Bank) and iCAST (by the Hong Kong Monetary Authority). As an informal expert at The European Union Agency for Cybersecurity (ENISA), the Program Director ensures that HTB programs adhere to global best practices and align with the latest regulatory standards.
Accreditation
Hack The Box (HTB) have engaged the technical lead on the ASTM E2659 standard, which is the basis of the ANAB certificate program accreditation program – to guide our programs’ development and to ensure the certificate program industry standards are followed.
Hack The Box has redefined cybersecurity training by launching the first ANAB-accredited certificate program in the industry, ensuring quality, relevance, and consistency in professional upskilling. The HTB Defense Operations Analyst certificate program adheres to established industry standards, offering learners high-quality, expert-validated content that reflects real-world scenarios and enhances job readiness. With a rigorous review process, the program stays aligned with evolving industry needs, equipping professionals with the most relevant, practical skills to tackle modern cyber threats. ANAB accreditation also guarantees training consistency and external validation, reinforcing HTB's commitment to excellence in cybersecurity training.
Dimitrios Bougioukas
VP of Training, Hack The Box
Pricing
The HTB Defense Operations Analyst Certificate Program provides comprehensive training materials and practical labs, alongside an exam voucher.
Starting at
$4,558
per user
FAQs
Inside the Benchmark: How the Best Cyber Teams Measure Up
See what the Cyber Skills Benchmark 2025 revealed about technical gaps, performance trends, and team development strategies.
