I think this is going to be a short — because I completed this exam back in November, I actually don’t remember too much for the exam. But! I have some study tips & what I found to be useful about the course and what I didn’t find to be useful.

Background

My day job at least at the time involved a lot of threat hunting and diving deep into incident response. Usually I work with data at the petabyte level, so sifting through mountains of data was not too foreign to me. However! I am mostly a cloud analyst. Pivoting to host based data through the elastic agent really changed my view on how useful that data is.

The course

The course itself is fine. If you took the OSCP and have a decent understanding of the different attack techniques, a lot of the course will feel the same. Emulating the techniques & analyzing them in the data.

The exam

I think if you followed the course and did all the labs, it’ll be fine.

General takes

This course is much cooler than other ones I’ve done. There’s way more data and it really feels like you’re investigating a live incident. From the initial access to the exfiltration portions, it really gives you the vibe of an investigator looking at a breadcrumb trail of bad-guys. Defintely a super fun course!