OffSec recently announced a new 200-level certification—the OffSec Threat Hunter (OSTH). In this blog article, I will give you a detailed breakdown of what this new certification entails and how it fits into the broader cybersecurity certification landscape. This post will help you decide if the OSTH is right for your career progression.
Related Video:
What is the OSTH Certification?
The OSTH is OffSec's foundational threat hunting certification. The goal of this course is to equip you with the practical skills needed to detect and respond to cyber threats within a network. Specifically, it teaches you how to track adversaries like ransomware groups and Advanced Persistent Threats (APTs), using indicators of compromise (IoCs) to identify malicious activity before it can do damage.
Key Course Features
The OSTH course is structured around six learning modules:
Threat Hunting Concepts and Practices: Covers the basics of how to hunt for threats in a network.
Threat Actor Landscape Overview: Gives you a deep dive into who the threat actors are and what tactics they use.
Communication and Reporting for Threat Hunters: Focuses on how to clearly and effectively communicate your findings, a critical skill for threat hunters.
Hunting with Network Data: How to use network-level information to track down threats.
Hunting on Endpoints: Teaches you how to look for malicious activity on individual machines.
Threat Hunting without Indicators of Compromise: Helps you develop skills to find threats even when traditional indicators are absent.
The OSTH Exam
The OSTH certification exam is an eight-hour practical exam, with no multiple-choice questions. After completing the exam, you'll have 24 hours to write and submit a professional threat hunting report. This format is typical for OffSec’s hands-on approach, emphasizing practical skills over theoretical knowledge.
Certification Expiration and Renewals
One notable difference with the OSTH is that it expires after three years—similar to OffSec's other new certifications like the OSCC (OffSec Certified Cybersecurity) and OSCP+ (OffSec Certified Professional+). This is a shift away from OffSec’s traditional "Good For Life" model, where certifications did not expire. Unfortunately, OffSec hasn’t released details about how to renew the OSTH yet, though they’ve indicated that information will come at the end of this year or early next year. At this point, we can only speculate about renewal costs or requirements.
Pricing
In terms of cost, the OSTH is priced similarly to other OffSec certifications at the 200-level. If you're familiar with OffSec pricing, you can expect it to fall in line with what you'd pay for the OSWA (OffSec Web Assessor) or OSDA (OffSec Defense Assessor).
At the time of writing, an OffSec Learn One subscription costs $2,599 for one year lab access to a single course, which includes two exam attempts.
OffSec used to advertise 90-day lab access with one exam attempt for around $1600, but I can't find that anywhere on their site anymore. So either they don't offer it anymore, or it's hidden to get you to purchase the Learn One Subscription. You can also opt-in for the Leran Unlimited, which is $5,799 right now, giving you a year's access to all courses and unlimited exam attempts. Reference: https://www.offsec.com/products/
My Concerns About the OSTH
While the OSTH certification seems promising, I have a few concerns. First, the course is notably shorter than some of OffSec's other offerings. For example, the OSCP has around 25 or 26 learning modules, and even the OSWA, which I’m currently working on, has 17 modules. By comparison, the OSTH has only six.
Charging the same price for what feels like a shorter course doesn't sit right with me. And on top of that, the OSTH course lacks video content—it’s entirely text-based. In OffSec’s other certifications, such as the OSCP, the combination of text and video provides a comprehensive learning experience that I believe is more effective. The absence of videos in the OSTH course is a bit of a red flag for me.
The Threat Hunting Space
OffSec might get away with this because of the lack of competition in the threat-hunting certification space. Currently, the only other notable threat hunting certification is the eCTHP (Certified Threat Hunting Professional) from INE Security. While both certifications are aimed at the same field, OffSec has a much stronger reputation and industry recognition, which may make the OSTH more valuable for career growth.
It’s important to note the distinction between cyber threat intelligence and threat hunting. They complement each other but are fundamentally different. Threat intelligence is passive—you’re watching the landscape for potential threats. Threat hunting is active—you’re searching within your own network for threats that have already infiltrated your environment. Imagine standing atop a castle keep, looking out at the horizon for enemies. That’s cyber threat intelligence. Now imagine turning around and inspecting your castle for intruders. That’s threat hunting.
Who Should Take the OSTH?
I wouldn’t recommend this certification if you’re brand new to cybersecurity or just starting your blue team career. Threat hunting is often considered a higher-level skill, typically something you’d see at a SOC (Security Operations Center) Tier 3 or Tier 4 level. For context, SOC 1 and SOC 2 deal more with entry-level incident response tasks.
If you’re interested in threat hunting, I suggest first getting some more foundational blue team certifications, like Hack The Box’s CDSA (Certified Defensive Security Analyst) or OffSec’s OSDA. Only after obtaining these certifications would I recommend pursuing the OSTH.
Final Thoughts: Is It Worth It?
The cybersecurity certification landscape is crowded, with hundreds of certifications to choose from. It’s tough to say how the OSTH will stack up against the competition or whether it will be in high demand by employers. However, if you’re serious about leveling up your blue team skills and want to specialize in threat hunting, the OSTH is at least worth considering—especially given OffSec’s strong reputation in the cybersecurity world.
That said, my biggest concerns remain the lack of video content and the relatively short length of the course compared to other OffSec certifications. Whether or not that’s a deal-breaker for you depends on your learning style and budget.
If you’re looking to get started with a more beginner-friendly OffSec certification or want to learn about OffSec’s other new offerings, check out my blog article on the OffSec CyberCore Certified (OSCC).
References: