Free & Affordable Training News Monthly: April – May 2024

The following contains newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training, books, and tools from April, as well as upcoming live online training for May. This also includes things I missed adding to my last blog post at the end of March. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.

Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies mentioned in this post and references to them contain affiliate/partner links: CyberDefenders, Amazon, Humble Bundle.


Brett Shavers – DFIR Investigative Mindset

Image Not Found

The book Placing the Suspect Behind the Keyboard: DFIR Investigative Mindset by Brett Shavers was recently released.

Description: “The DFIR Investigative Mindset guides the practitioner in thinking, acting, and solving computer crimes and computer-facilitated crimes like an expert cybersecurity sleuth. This book goes beyond mere tools and techniques, delving into the very essence of investigative work.”

I was given the opportunity to beta read this book and I highly recommended it to both complete beginners to DFIR and seasoned professionals. It’s full of practical exercises to help enhance your investigative skills.

Brett also has a DFIR Investigative Mindset course for $899.99

Dale Meredith – The OSINT Handbook

Image Not Found

The OSINT Handbook by Dale Meredith was recently released.

The Hitchhiker’s Guide to DFIR

Image Not Found

A new chapter on IoT Forensics was added to the book The Hitchhiker’s Guide to DFIR: Experiences From Beginners to Experts. This book is FREE and has been created by members of the Digital Forensics Discord Server. I highly recommend joining the server. It’s a great community!

Cyber 5W

Cyber 5W released Ransomware Analysis 101 ($150) and Initial Access and Anomaly Hunting ($150). These are hands-on courses with a Certificates of Completion.

Ransomware Analysis 101 Topics Include:

  • Ransomware Families
  • Encryption Algorithms
  • Windows Crypto APIs and How to Analyze Them
  • Windows Internet APIs
  • Ransomware Helper APIs
  • System Enumeration APIs
  • File Manipulation APIs
  • Can We Decrypt Ransomware?

Initial Access and Anomaly Hunting Topics Include:

  • SIEM Lab Setup
  • Initial Access Payloads
  • Detecting Macros
  • Stand Alone Scripts
  • LNK, CHM, Brute Force, HTA, ISO
  • Anomaly Detection
  • Scheduled Tasks
  • Services
  • User Manipulation

The DFIR Report

Image Not Found

The DFIR Report launched DFIR Labs. I was given the opportunity to beta best the BlueSky Ransomware lab and I loved that you get to interact with the data from the report. You get access to an Elasticsearch/Kibana instance containing system logs, network logs, memory logs, and Sigma alerts. The labs range from $14.99 – $29.99 and come with a Certificate of Completion and a Digital Badge upon passing the quiz.

They also released two new reports: From IcedID to Dagon Locker Ransomware in 29 Days and From OneNote to RansomNote: An Ice Cold Intrusion

Xintra Labs

Image Not Found

Xintra launched APT-Level Incident Labs. The price ranges from $45/month – $459/year. There is also a free 7-day trial. Students get a 15% discount.

Blu Raven

Image Not Found

Blu Raven released a free Introduction to KQL for Security Analysis course. 50 seats are made available every week. The course is hands-on and comes with a Certificate of Completion.

Topics Include:

  • Introduction to Databases and Logging
  • KQL Fundamentals and Exploring Data
  • Creating Your First KQL Query and Familiarizing Yourself with the Data
  • Customizing Columns with “project” Operator
  • Searching and Filtering Data
  • Joining and Combining Datasets
  • Aggregating Data
  • Anomaly Detection using KQL

Blu Raven also made a payment plan available for their Hands-On KQL for Security Analysts course.


LetsDefend added free challenges as well as Linux Memory Forensics and Windows Memory Forensics courses. The courses are part of their VIP+ plan ($39.99/month or $359/year).

New Challenges Include:

  • Alternate Data Stream
  • Serpent Stealer
  • DLL Stealer

Blue Cape Security

Image Not Found

Blue Cape Security released a new free course: C2 Attack & Defend. This course is hands-on and comes with a Certificate of Completion.

Topics Include:

  • Lab and Scenario Overview
  • Empire C2 Attack
  • Incident Triage and Analysis
  • Forensic Artifact Analysis

CyberWarFare Labs

Image Not Found

CyberWarFare Labs launched the Cyber Defense Analyst [CCDA] training and certification. The cost is $149. In order to earn the certification, you need to get at least 70% on their 24/hour hands-on exam.

Topics Include:

  • Introduction to Cyber Defense
  • Phishing Investigation and Analysis
  • Web-Based Intrusions: Investigative Strategies and Analysis
  • Unveiling Network Intrusions: Methods and Analytical Approaches
  • Decoding Host-Based Intrusions: Techniques and Analytical Methods


Image Not Found

Cybr released the hands-on course Incident Response with CloudTrail and Athena. This course is part of Cybr’s subscription ($12.99/month or $129/year).

Topics Include:

  • Preparing Your AWS Account
  • Creating the SecurityAnalyst Role
  • Incident Response with CloudTrail Lake
  • Playbook – Compromised IAM Access Key
  • Incident Response with Athena
  • Playbook – Cryptocurrency Mining
  • Incident Response for Multi-Account


TryHackMe released new DFIR Walkthrough Rooms:

The TryHackMe Premium Subscription is $14/month or $126/year.


Image Not Found

13Cubed released The Ultimate Guide to Arsenal Image Mounter on YouTube.

Hack The Box

Hack the Box released the following free DFIR Sherlocks:

  • Brutus
  • Unit42
  • BFT
  • Jingle Bell
  • APTNightmare
  • Subatomic


Image Not Found

CyberExam released a free Incident Analysis Game with three machines that correspond with different MITRE Techniques.


Image Not Found

KC7 released a new free challenge: System Shutdown at Azure Crest

Jai Minton

Image Not Found

Jai Minton released several new malware analysis videos on YouTube.

Dr Josh Stroschein – The Cyber Yeti

Image Not Found

Dr Josh Stroschein livestreamed Malware Mondays Episode 01 and 02 on YouTube. The recordings are available. See The Cyber Yeti website for the malware samples used.

Blue Team Labs Online

Blue Team Labs Online released five new labs in April. Four are part of the Pro subscription ($19/month to $183/year). One is free.

The Labs Include:

  • Anakus: Reverse Engineering (Free)
  • Midnite: Incident Response
  • Flaws: Incident Response
  • Neem: Reverse Engineering
  • Plugout: Incident Response


CyberDefenders released new Free and Pro labs. The Pro account costs $20/month – $200/year. 

New Labs and Challenges:

  • IcedID: Threat Intel
  • XZBackdoor: Endpoint Forensics
  • Phobos: Malware Analysis (Free)
  • PaloAltoRCE: Threat Hunting



Name & Link: Virtual Live Mobile Data Structures Course

Date: May 2nd

Cost: $550

Proof of Completion: Certificate of Attendance

Hakeem Thomas and Marcus Bowie

Name & Link: Digital/Mobile Forensics, and Incident Response Webinar

Date: May 4th

Cost: Free

The OSINTion

Name & Link: Intelligence Investigations: Business

Date: May 6th

Cost: $370


Name & Link: ByteGuard: Cyber Sentinel CTF

Dates: May 6 – 20

Cost: Free


Name & Link: BelkaDay Digital Forensics Conference

Dates: May 13 – 14

Cost: Free

Black Cell

Name & Link: Black Cell CTF

Dates: May 17 – 19

Cost: Free

Antisyphon Training

Name & Link: SOC Core Skills w/ John Strand

Date: May 20th

Cost: Pay What You Can

Proof of Completion: Certificate of Completion


Name & Link: SLEUTHCON

Date: May 24th

Cost: $50 (virtual), $400 (in person)

Digital Trails

Name & Link: Investigating Shadows: Researching Telegram

Date: May 24th

Cost: $372

US Cyber Games

Name & Link: US Cyber Games Kick-Off Celebration and US Cyber Open

Dates: May 30 – June 9

Cost: Free

Cado Security

Name & Link: CTF Challenge: Captured by Cado

Date: May 30th

Cost: Free


Name & Link: SANS Ransomware Summit

Date: May 31

Cost: Free

Have an event you want to submit? Visit:


Usnjrnl Rewind

Image Not Found

CyberCX-DFIR created usnjrnl_rewind. Check out the blog post about it HERE.

Description From GitHub: This script will process the outputs of Eric Zimmerman’s MFTEcmd tool and produce a csv that has the complete and correct path for every file and folder (no more Unknowns).

Cloud Console Cartographer

Image Not Found

Permiso released Cloud Console Cartographer.

Description from GitHub: Released at Black Hat Asia on April 18, 2024, Cloud Console Cartographer is a framework for condensing groupings of cloud events (e.g. CloudTrail logs) and mapping them to the original user input actions in the management console UI for simplified analysis and explainability. This is extremely beneficial for defenders since numerous input actions in management console sessions can generate 10’s and even many 100’s of events originating from a single interactive click by the end user.


This year, I started doing Training Tuesday Highlights on LinkedInTwitter (X), and Facebook using the hashtag #DFIRDivaTTH. Every Tuesday I highlight a training provider, instructor, book, or course listed on the Free & Affordable Training Site related to Digital Forensics, Incident Response, Malware Analysis, or OSINT.

April Highlights:


Get 30% off Cyber 5W courses until May 31st using code: c5w30off24

Get $50 off The Art of Malware Analysis course using code: may2024fun

Get 24 courses for $25 with the Cybersecurity Zero to Hero Humble Bundle

Discounts are tracked year-round on the Current Discounts page


The following was added to the Free & Affordable Training Site this month:

New Threat Hunting, Cyber Threat Intelligence, Detection Engineering, and OSINT & CTI Certification categories were also added. The full list of categories can be found here: