The following contains newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training, books, and tools from April, as well as upcoming live online training for May. This also includes things I missed adding to my last blog post at the end of March. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.
Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies mentioned in this post and references to them contain affiliate/partner links: CyberDefenders, Amazon, Humble Bundle.
NEWLY RELEASED TRAINING, BOOKS, LABS & CHALLENGES
Brett Shavers – DFIR Investigative Mindset
The book Placing the Suspect Behind the Keyboard: DFIR Investigative Mindset by Brett Shavers was recently released.
Description: “The DFIR Investigative Mindset guides the practitioner in thinking, acting, and solving computer crimes and computer-facilitated crimes like an expert cybersecurity sleuth. This book goes beyond mere tools and techniques, delving into the very essence of investigative work.”
I was given the opportunity to beta read this book and I highly recommended it to both complete beginners to DFIR and seasoned professionals. It’s full of practical exercises to help enhance your investigative skills.
Brett also has a DFIR Investigative Mindset course for $899.99
Dale Meredith – The OSINT Handbook
The OSINT Handbook by Dale Meredith was recently released.
The Hitchhiker’s Guide to DFIR
A new chapter on IoT Forensics was added to the book The Hitchhiker’s Guide to DFIR: Experiences From Beginners to Experts. This book is FREE and has been created by members of the Digital Forensics Discord Server. I highly recommend joining the server. It’s a great community!
Cyber 5W
Cyber 5W released Ransomware Analysis 101 ($150) and Initial Access and Anomaly Hunting ($150). These are hands-on courses with a Certificates of Completion.
Ransomware Analysis 101 Topics Include:
- Ransomware Families
- Encryption Algorithms
- Windows Crypto APIs and How to Analyze Them
- Windows Internet APIs
- Ransomware Helper APIs
- System Enumeration APIs
- File Manipulation APIs
- Can We Decrypt Ransomware?
Initial Access and Anomaly Hunting Topics Include:
- SIEM Lab Setup
- Initial Access Payloads
- Detecting Macros
- Stand Alone Scripts
- LNK, CHM, Brute Force, HTA, ISO
- Anomaly Detection
- Scheduled Tasks
- Services
- User Manipulation
The DFIR Report
The DFIR Report launched DFIR Labs. I was given the opportunity to beta best the BlueSky Ransomware lab and I loved that you get to interact with the data from the report. You get access to an Elasticsearch/Kibana instance containing system logs, network logs, memory logs, and Sigma alerts. The labs range from $14.99 – $29.99 and come with a Certificate of Completion and a Digital Badge upon passing the quiz.
They also released two new reports: From IcedID to Dagon Locker Ransomware in 29 Days and From OneNote to RansomNote: An Ice Cold Intrusion
Xintra Labs
Xintra launched APT-Level Incident Labs. The price ranges from $45/month – $459/year. There is also a free 7-day trial. Students get a 15% discount.
Blu Raven
Blu Raven released a free Introduction to KQL for Security Analysis course. 50 seats are made available every week. The course is hands-on and comes with a Certificate of Completion.
Topics Include:
- Introduction to Databases and Logging
- KQL Fundamentals and Exploring Data
- Creating Your First KQL Query and Familiarizing Yourself with the Data
- Customizing Columns with “project” Operator
- Searching and Filtering Data
- Joining and Combining Datasets
- Aggregating Data
- Anomaly Detection using KQL
Blu Raven also made a payment plan available for their Hands-On KQL for Security Analysts course.
LetsDefend
LetsDefend added free challenges as well as Linux Memory Forensics and Windows Memory Forensics courses. The courses are part of their VIP+ plan ($39.99/month or $359/year).
New Challenges Include:
- Alternate Data Stream
- Serpent Stealer
- DLL Stealer
Blue Cape Security
Blue Cape Security released a new free course: C2 Attack & Defend. This course is hands-on and comes with a Certificate of Completion.
Topics Include:
- Lab and Scenario Overview
- Empire C2 Attack
- Incident Triage and Analysis
- Forensic Artifact Analysis
CyberWarFare Labs
CyberWarFare Labs launched the Cyber Defense Analyst [CCDA] training and certification. The cost is $149. In order to earn the certification, you need to get at least 70% on their 24/hour hands-on exam.
Topics Include:
- Introduction to Cyber Defense
- Phishing Investigation and Analysis
- Web-Based Intrusions: Investigative Strategies and Analysis
- Unveiling Network Intrusions: Methods and Analytical Approaches
- Decoding Host-Based Intrusions: Techniques and Analytical Methods
Cybr
Cybr released the hands-on course Incident Response with CloudTrail and Athena. This course is part of Cybr’s subscription ($12.99/month or $129/year).
Topics Include:
- Preparing Your AWS Account
- Creating the SecurityAnalyst Role
- Incident Response with CloudTrail Lake
- Playbook – Compromised IAM Access Key
- Incident Response with Athena
- Playbook – Cryptocurrency Mining
- Incident Response for Multi-Account
TryHackMe
TryHackMe released new DFIR Walkthrough Rooms:
- Expediting Registry Analysis (Free)
- Windows User Account Forensics (Subscription)
- Windows User Activity Analysis (Subscription)
- Windows Applications Forensics (Subscription)
- IR Difficulties and Challenges (Subscription)
The TryHackMe Premium Subscription is $14/month or $126/year.
13Cubed
13Cubed released The Ultimate Guide to Arsenal Image Mounter on YouTube.
Hack The Box
Hack the Box released the following free DFIR Sherlocks:
- Brutus
- Unit42
- BFT
- Jingle Bell
- APTNightmare
- Subatomic
CyberExam
CyberExam released a free Incident Analysis Game with three machines that correspond with different MITRE Techniques.
KC7
KC7 released a new free challenge: System Shutdown at Azure Crest
Jai Minton
Jai Minton released several new malware analysis videos on YouTube.
Dr Josh Stroschein – The Cyber Yeti
Dr Josh Stroschein livestreamed Malware Mondays Episode 01 and 02 on YouTube. The recordings are available. See The Cyber Yeti website for the malware samples used.
Blue Team Labs Online
Blue Team Labs Online released five new labs in April. Four are part of the Pro subscription ($19/month to $183/year). One is free.
The Labs Include:
- Anakus: Reverse Engineering (Free)
- Midnite: Incident Response
- Flaws: Incident Response
- Neem: Reverse Engineering
- Plugout: Incident Response
CyberDefenders
CyberDefenders released new Free and Pro labs. The Pro account costs $20/month – $200/year.
New Labs and Challenges:
- IcedID: Threat Intel
- XZBackdoor: Endpoint Forensics
- Phobos: Malware Analysis (Free)
- PaloAltoRCE: Threat Hunting
UPCOMING ONLINE TRAINING, CTFS, AND CONFERENCES
Hexordia
Name & Link: Virtual Live Mobile Data Structures Course
Date: May 2nd
Cost: $550
Proof of Completion: Certificate of Attendance
Hakeem Thomas and Marcus Bowie
The OSINTion
INE
Belkasoft
Black Cell
Antisyphon Training
Name & Link: SOC Core Skills w/ John Strand
Date: May 20th
Cost: Pay What You Can
Proof of Completion: Certificate of Completion
SLEUTHCON
Digital Trails
US Cyber Games
Name & Link: US Cyber Games Kick-Off Celebration and US Cyber Open
Dates: May 30 – June 9
Cost: Free
Cado Security
SANS
Have an event you want to submit? Visit: https://events.dfirdiva.com/
NEWLY RELEASED TOOLS
Usnjrnl Rewind
CyberCX-DFIR created usnjrnl_rewind. Check out the blog post about it HERE.
Description From GitHub: This script will process the outputs of Eric Zimmerman’s MFTEcmd tool and produce a csv that has the complete and correct path for every file and folder (no more Unknowns).
Cloud Console Cartographer
Permiso released Cloud Console Cartographer.
Description from GitHub: Released at Black Hat Asia on April 18, 2024, Cloud Console Cartographer is a framework for condensing groupings of cloud events (e.g. CloudTrail logs) and mapping them to the original user input actions in the management console UI for simplified analysis and explainability. This is extremely beneficial for defenders since numerous input actions in management console sessions can generate 10’s and even many 100’s of events originating from a single interactive click by the end user.
TRAINING TUESDAY HIGHLIGHTS
This year, I started doing Training Tuesday Highlights on LinkedIn, Twitter (X), and Facebook using the hashtag #DFIRDivaTTH. Every Tuesday I highlight a training provider, instructor, book, or course listed on the Free & Affordable Training Site related to Digital Forensics, Incident Response, Malware Analysis, or OSINT.
April Highlights:
- April 2nd: Embee Research
- April 9th: The DFIR Report
- April 16th: Security Blue Team/Blue Team Labs Online
- April 23rd: Splunk
- April 30th: 13Cubed
CURRENT DISCOUNTS
Get 30% off Cyber 5W courses until May 31st using code: c5w30off24
Get $50 off The Art of Malware Analysis course using code: may2024fun
Get 24 courses for $25 with the Cybersecurity Zero to Hero Humble Bundle
Discounts are tracked year-round on the Current Discounts page
ADDITIONS AND CHANGES TO THE TRAINING SITE
The following was added to the Free & Affordable Training Site this month:
- Malware Analysis & Reverse Engineering (Embee Research) Free
- Effective Threat Investigation for SOC Analysts (Mostafa Yahia)
- C5W Certified Malware Analyst (Cyber 5W)
- Enterprise Security Fundamentals (Blue Cape Security)
- Blue Team Fundamentals [BTF] (CyberWarFare Labs)
- OpenText Encase Digital Forensics (CyDig Cyber Security Digital Forensics Education) Free
- Malware Analysis & Reverse Engineering (Anuj Soni) Free
- Getting Started in Cybersecurity (Safer Internet Project) Free
- Defensive Security Pathway (Safer Internet Project)
- Detection Engineering Path (LetsDefend)
- AppTotal Free
- DFIR Labs (The DFIR Report)
- ATT&CK Cyber Threat Intelligence Certification (MAD20)
- Detection Engineering 100 (Level Effect)
- Cybersecurity Foundations Training Pathway (Level Effect) Free
- Introduction to Malware Binary Triage (Invoke Reversing)
- Threat Hunting Learning Path (Pluralsight)
- MTIA-Certified Threat Intelligence Analyst (Mossé Cyber Security Institute)
- Detection Engineering Masterclass: Part 1 & 2 (Udemy)
- Cyber Threat Intelligence Training (arcX) Free/Paid
- Intro to Cyber Threat Intelligence (Cybrary)
- Advanced Cyber Threat Intelligence (Cybrary)
- Introduction to EASY Framework for Threat Intelligence (AttackIQ Academy) Free
- CTI Fundamentals (Curated Intel) Free
- CTI Resources, Blog Posts and CTFs (BushidoToken) Free
- Placing the Suspect Behind the Keyboard: DFIR Investigative Mindset (Brett Shavers)
- Malware Analysis Skill Path (LetsDefend)
- Incident Responder Learning Path (LetsDefend)
- Windows Internals (TrainSec)
- Xintra Labs
- Constructing Defense
- Foundations of Detection Engineering (LinkedIn Learning)
- Digital Forensics and Incident Response (Gerard Johansen)
New Threat Hunting, Cyber Threat Intelligence, Detection Engineering, and OSINT & CTI Certification categories were also added. The full list of categories can be found here: https://training.dfirdiva.com/free-affordable-training-categories