Certified CyberDefender Level 2
CyberDefenders' intermediate threat-hunting and DFIR certification (formerly CCD). 48-hour practical exam covering threat hunting, disk forensics, memory forensics, and network forensics across enterprise environments. One of the most respected hands-on blue-team certs for SOC L2/L3, threat hunters, and DFIR analysts. Skip the course if you already have practical experience and take the exam-only path.
What you'll prove
- Conduct proactive threat hunts using hypothesis-driven methodology
- Perform disk forensics including timeline analysis and artifact recovery
- Execute memory forensics to identify malware and persistence mechanisms
- Analyze network traffic captures to reconstruct adversary activity
- Correlate evidence across endpoint, network, and SIEM telemetry
- Author professional DFIR reports documenting incident scope and impact
Frequently asked
How much does CCDL2 cost?
$849 USD for the exam-only path or $1,199 USD for the course + exam bundle. Pricing went into effect March 2026 with the rename from CCD to CCDL2.
CCDL2 vs GCFA vs HTB CDSA — which DFIR cert?
GCFA (SANS) has the strongest enterprise and government recognition but costs $8,000+. CCDL2 ($849-$1,199) is the most respected mid-tier hands-on alternative — practitioners rate it technically demanding without the SANS price tag. HTB CDSA targets a similar level at lower cost. CCDL2 is the strongest 'real-engagement' simulation of the three.