THP Exam

Hello there,

I am almost done with all the modules and actually preparing to take the THP exam soon. I don’t see any information mentioned elsewhere, but is there a guide that we need to follow to setup our machine?

Do we need to have all tools installed locally or will they be provided on the machines we’re working on?

Is there a report format that we’re supposed to follow? I’ve written Red Team reports, but I am not sure how to write out one of these, is there a sample?

I would appreciate any advice!

CC. @jalvarado-b7fe8d1ade - I was hoping you could help :slight_smile:

Any helpful response here?

@sparpulev-8dc005c0c8 - I do see that you’re the instructor, so I hope you don’t mind me tagging you.

Still have my fingers crossed here guys lol

@jalvarado-b7fe8d1ade - I hope you get a chance to maybe help with this!

@rene-af9f7c3f227d4c0 - I somehow missed the previous tags on this issue, sorry about that. I’ll look into it for you.

No worries @jalvarado-b7fe8d1ade ! I will really appreciate your feedback!


I did a run-through on the exam environments. To answer your questions, beyond setting up a functional environment and ensuring that you have proper remote access tools setup and configured–OpenVPN, RDP, ssh-- all tools are provided on the systems you will be accessing. If you have worked through the Threat Hunting Learning path, you will be familiar with all the needed tools.

In your letter of engagement, you will receive report expectations. My recommendation is to mold those expectations into the Lenny Zeltzer style report mentioned in the Intro to Threat Hunting resources. You can find the tempalte at

Hope this helps --Jason

1 Like

This is perfect @jalvarado-b7fe8d1ade ! If it’s only okay to ask, is there a sort of scope for the exam? Maybe even a high level? If you can’t share, I will just revise everything to be safe :slight_smile:

Sorry @jalvarado-b7fe8d1ade ! Just to check once again, is a rough scope asking for a bit much? Like would it best to go through everything from Redline in the first module to Splunk and OSQuery in the last modules?

As always, I appreciate any feedback!

If you’re feeling comfortable with all the topics on the course, you should be fine taking the exam. In the real world, you’ll know when you see something out of line; if not, you at least know where to go to research on it.

1 Like

Thank you @shoreditch ! There’s a part of me that is, but there are also other parts that are a bit OCD, so I am going to go through things a few more times before taking the exam.

I appreciate your feedback :blush: !

1 Like