Build Practical Threat Hunting and Detection Engineering Skills

Learn through realistic attack simulations, enterprise telemetry, and hands-on labs designed to help defenders investigate faster, detect adversary behavior earlier, and build more resilient detection capability.

Join 6000+ Learners

Practical Skills for Real Defenders

Learn through realistic attack scenarios

Work with realistic endpoint, identity, and cloud telemetry generated from practical attack simulations.

Build resilient detection capability

Learn to hunt and detect adversary behavior, reason through telemetry gaps, and build detections that remain useful under evasion conditions.

Start with KQL. Go beyond KQL.

Build the analysis foundation with KQL, then apply it to incident response, threat hunting, and advanced detection engineering.

Learners

Organizations

Courses

Our Courses

Trusted by Defenders, Hunters, Red Teamers, and Security Teams

I am thoroughly impressed with the Advanced Hands-On KQL for Threat Hunting and Detection Engineering from Scratch course. It provides an in-depth exploration of anomaly detection and time series analysis, offering practical insights using real-world data. This course has significantly enhanced my KQL skills, and I highly recommend it to anyone looking to improve in this area. Can't wait to explore the upcoming modules!

Adi Dibra, Booz Allen Hamilton

I had the pleasure of taking a sneak peek into the  "Advanced Threat Hunting and Detection Engineering in the Enterprise," and it did not disappoint.

Like Mehmet's other courses, it's hands-on with great labs to try out your newly learned skills and covers a lot of ground. Instead of focusing on one detection for a certain attack, the course teaches you to detect anomalies in behavior or break the attack down to the most general behavior detection approach, making it hard to bypass for attackers.

In my opinion, even seasoned detection engineers will take something out of this course.

Fabian Bader | Microsoft Security MVP

I highly recommend the course "Practical Threat Hunting for Beginners". Not only for beginners but also for seasoned practitioners who want to solidify their threat hunting skills. The fact that the course focuses heavily on methodology rather than tools makes it an excellent choice, no matter what query language you use for your hunts. I can’t wait for the Advanced course!

Paweł Mazur | Detection Engineer, Threat Hunter

The Advanced Threat Hunting & Detection Engineering Enterprise course was excellent and highly practical. It went beyond queries by explaining the tradecraft, tuning, and operational thinking needed to build resilient coverage in real environments.

The course went beyond queries by explaining the tradecraft, tuning, and operational thinking needed to build resilient coverage in real environments, even when attackers tamper with visibility sources like AMSI or ETW.

Dominic Chell, Director at MDSec | Creator of Nighthawk C2

I highly recommend the course "Practical Threat Hunting for Beginners". Not only for beginners but also for seasoned practitioners who want to solidify their threat hunting skills. The fact that the course focuses heavily on methodology rather than tools makes it an excellent choice, no matter what query language you use for your hunts. I can’t wait for the Advanced course!

Paweł Mazur | Detection Engineer, Threat Hunter

The Hands-On KQL for Security Analysts course is truly outstanding!


If you're looking to embark on your KQL learning journey, this is the perfect opportunity to take the first step towards becoming an expert. The flexibility to learn at your own pace, anytime, anywhere, makes it convenient. 

Leonardo Armesto, Accenture

If you’re getting started in threat hunting, Practical Threat Hunting for Beginners is a strong place to begin.

The course is structured as a mix of concise text and hands-on labs with varying difficulty. You learn the concept, then apply it immediately in a realistic KQL environment, which is exactly how this skill should be taught.


You’ll come away better able to form hunt hypotheses, translate them into KQL, and validate findings with evidence.

Mitchell Hoult, Threat Hunter at NCC Group

I highly recommend the course "Practical Threat Hunting for Beginners". Not only for beginners but also for seasoned practitioners who want to solidify their threat hunting skills. The fact that the course focuses heavily on methodology rather than tools makes it an excellent choice, no matter what query language you use for your hunts. I can’t wait for the Advanced course!

Paweł Mazur | Detection Engineer, Threat Hunter

Advanced Hands-on KQL for Threat Hunting and Detection Engineering from Scratch is an awesome course. I have taken a number of tutorials on KQL, followed the savants and experts, read countless articles and books on the subject. I can assure you... This training blows all of that out of the water for biggest bang for the buck. You will walk out of this course confident and knowledgeable, doing KA-RAZY things like Time-series analysis and time traveling, making sets like a boss, and writing well-formed, efficient queries. The examples are reflective of real-world problems to be solved, and clearly has been through technical editing. 


I normally don't like to come out of pocket for training, but this one was well worth it to go after. 

K.C. Yerrid, loanDepot

I had the pleasure of going through the Advanced Hands-on KQL for Threat Hunting and Detection Engineering course. The course dives deep into using KQL for anomaly detection using time-series analysis, using process mining to detect attack flows, and examining process trees using graph semantics - packaged with an ADX lab environment containing realistic data for you to query to your heart's content. My head is swimming with new ideas for detecting bad guys.


If you hunt with KQL in your day-to-day, I can't stress enough how valuable (and affordable) this course is!

Michael Czelen, Canadian Tire

Practical Threat Hunting for Beginners is a perfect course for beginners who wants to start their Threat Hunting journey in KQL, leveraging Microsoft Defender XDR. Having access to a course, dataset and walkthroughs (if needed!) is a great way to learn for people that have an easier time learning by doing, rather than learning by reading or observing. This will also allow you to test out or experiment concepts you'll learn throughout the course, for different hunting scenarios.

Yoan Schinck, Cyber Response Manager | DFIR & Threat Hunting at KPMG-Egyde

I highly recommend the course "Practical Threat Hunting for Beginners". Not only for beginners but also for seasoned practitioners who want to solidify their threat hunting skills. The fact that the course focuses heavily on methodology rather than tools makes it an excellent choice, no matter what query language you use for your hunts. I can’t wait for the Advanced course!

Paweł Mazur | Detection Engineer, Threat Hunter

The Hands-On KQL for Security Analysts course allows you to access the important information you need for every investigation on a silver platter, without wasting time reading numerous documents or learning functions that are not necessary use most of the time.

Ayham Assaf, Wizard Cyber

Since commencing the Hands-On KQL for Security Analysts course, resolution times for the bulk of email and identity alerts has dropped to seconds.

Sean Roberts

I highly recommend the course Practical Threat Hunting for Beginners. Not only for beginners but also for seasoned practitioners who want to solidify their threat hunting skills. The fact that the course focuses heavily on methodology rather than tools makes it an excellent choice, no matter what query language you use for your hunts. I can’t wait for the Advanced course!

Paweł Mazur | Detection Engineer, Threat Hunter

I highly recommend the course "Practical Threat Hunting for Beginners". Not only for beginners but also for seasoned practitioners who want to solidify their threat hunting skills. The fact that the course focuses heavily on methodology rather than tools makes it an excellent choice, no matter what query language you use for your hunts. I can’t wait for the Advanced course!

Paweł Mazur | Detection Engineer, Threat Hunter

The Advanced Threat Hunting & Detection Engineering Enterprise course goes further than techniques since it focuses more on the behavior, which covers many techniques at once.

I can say that some of the content you get out of this course, namely the Entra ID section, actually flagged true positives in real environments and therefore, that what you're going to learn is spot on. 

Yoan Schinck, Cyber Response Manager | DFIR & Threat Hunting at KPMG-Egyde

I highly recommend the course "Practical Threat Hunting for Beginners". Not only for beginners but also for seasoned practitioners who want to solidify their threat hunting skills. The fact that the course focuses heavily on methodology rather than tools makes it an excellent choice, no matter what query language you use for your hunts. I can’t wait for the Advanced course!

Paweł Mazur | Detection Engineer, Threat Hunter

Ready to get started?

Join 6000+ Learners

Meet Your Instructor

Mehmet Ergene

Mehmet brings over 15 years of experience in cybersecurity, with a unique blend of expertise in KQL, threat hunting, detection engineering, and data science to his courses to help others advance their skills. Recognized four times as a Microsoft Security MVP, he is renowned for adapting the RITA beacon analyzer to KQL and for his insightful presentations at key conferences like the SANS DFIR Summit.