The following contains newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training and tools from December, as well as upcoming live training for January. I also list new additions to the Free & Affordable Training Site. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.
Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies mentioned in this post and references to them contain affiliate/partner links: Hack The Box, CyberDefenders, and Pluralsight.
NEWLY RELEASED TRAINING
LetsDefend – USB Forensics
LetsDefend released a free, hands-on USB Forensics Course. You can earn a badge when completed.
Topics Include:
- Introduction to USB Forensics
- USB Registry Key
- USB Event Logs
- Folder Access Analysis via Shellbags
- File Access Analysis via Jumplists
- Automated USB Parser Tools
LinkedIn Learning – Cybersecurity Foundations: Computer Forensics
LinkedIn Learning released a new hands-on Cybersecurity Foundations: Computer Forensics course. You can earn a Certificate of Completion when completed.
Cost: $34.99 – They also offer a 1 month free trial. If you are a student or alumni of WGU, you can access LinkedIn learning for free.
Topics Include:
- Understanding Computer Forensics
- Specializations in Computer Forensics
- Preparing for an Investigation
- File System Fundamentals
- Persisting Data
- Acquiring Data
- Analyzing Data and Generating Reports
Pluralsight – Specialized DFIR: Windows Event Log Forensics
Tyler Hudak released Specialized DFIR: Windows Event Log Forensics on Pluralsight. This course is hands-on (the files to follow along are available to download) and comes with a Certificate of Completion.
Cost: There are subscription options that include thousands of courses ranging from $29/month to $449/year. They also offer a free 10-day trial. WGU students and alumni can get Pluralsight for free.
Topics Include:
- Windows Event Log Concepts
- Triage Analysis of Event Logs
- Running Chainsaw
- Analyzing Chainsaw Output
- Windows Security Events
- Analyzing Windows Authentication Events
- Analyzing Windows Process Execution Events
13Cubed – Hyper-V Memory Forensics
13Cubed released a YouTube video on performing Memory Forensics on Hyper-V.
He also updated the cheat sheets on his website.
Tomorrow is also the last day to get lifetime access to Investigating Windows Endpoints and Investigating Windows Memory courses.
MyDFIR – SOC Automation Project, Velociraptor Tutorial, Event Log Analysis, and More
MyDFIR created several YouTube videos this month including A SOC Automation Home Lab Project involving The Hive, Wazuh, and Shuffle for SOAR, a Velociraptor Step-By-Step Guide and Analyzing Windows Event Logs with Hayabusa.
Cyb_Detective – Linux for OSINT: 21 Day Course for Beginners
Cyb_Detective released a free, hands-on Linux for OSINT: 21-Day Course for Beginners.
AhmedS Kasmani
AhmedS Kasmani released videos on setting up a malware analysis lab and Ghidra UI updates.
Anuj Soni
Anuj Soni released a video on analyzing and identifying API Unhooking.
BlueMonkey 4n6 – Android and iOS Backup Analysis Using *LEAPP Tools and Linux Based Tools
BlueMonkey 4n6 created a video on Android and iOS backup analysis.
Hack The Box – Operation Tinsel Trace
Hack The Box released five DFIR Sherlocks this month. On December 31st, they will move from being free to being part of a VIP or VIP+ plan which ranges from $14/month – $203/year. The VIP plans include CPE credit submission to ISC2.
The Sherlock Investigations Include:
- Insider Threat
- S3 Exposure and Theft
- Memory Forensics
- Printer Compromise
- Ransomware
Blue Team Labs Online – FrostByte
Blue Team Labs Online released five FrostByte labs that are available until January 5th. One is free and the others are part of the Pro subscription ($19/month to $183/year).
The Labs Include:
- Derailed: Threat Intelligence (Pro)
- Winter Stew: Threat Hunting (Free)
- Snowflake: Security Operations (Pro)
- Ice Magic: Reverse Engineering (Pro)
- Little Helper: Incident Response (Pro)
CyberDefenders – New Labs & Challenges, New Student Discount, and New Addition to the CCD Certification
CyberDefenders released several Pro labs and two free challenges. The Pro account costs $20/month – $200/year. Students can now get 20% off BlueYard Subscriptions.
Labs and Challenges released this month include:
- OpenWire: Network Forensics (free challenge)
- WebStrike: Network Forensics (free challenge)
- TheTruth: Endpoint Forensics (Pro lab)
- QBot: Endpoint Forensics (Pro lab)
- LockBit: Endpoint Forensics (Pro lab)
- GoogleCloudHunt: Cloud Forensics (Pro lab)
CyberDefenders added a new Dynamic Analysis topic to the Malware Analysis Module of the Certified CyberDefender (CCD) training this month. The certification is $800. Students can get 20% off.
BlackPerl DFIR – Challenge Bundle
BlackPerl DFIR released a Challenge Bundle that includes Cloud Website Takeover, Registry Deep Dive, and SRUM Analysis challenges. The cost is a about $36.
CSI Linux – Operation OShINT – Shake The Cobwebs CTF
CSI Linux released a CTF, Operation OShINT – Shake The Cobwebs with a chance to win a free CSIL Digital Forensics or OSINT certification voucher by submitting a report by December 31, 2023.
ACE Responder – Intro to Auditd
Ace Responder released an Intro to Auditd Module. This is included in their $17.49/month Analyst subscription.
Pwned Labs – Hunt in the Cloud with Splunk
Pwned Labs released Hunt in the Cloud with Splunk as part of their Premium subscription ($20/month – $200/year).
NEWLY RELEASED TOOLS, SOFTWARE, & PROJECTS
AuthLogParser
AuthLogParser was recently released by Eilay Yosfan who also created Forensic Miner listed in last months blog post.
AuthlogParser Description From GitHub: AuthLogParser is a powerful Digital Forensics and Incident Response tool designed specifically for analyzing Linux authentication logs, commonly known as auth.log. This tool serves as an invaluable asset for Incident Responders, streamlining the process of investigating security incidents on Linux systems. AuthLogParser meticulously scans the auth.log log file, extracting key information such as SSH logins, user creations, event names, IP addresses, and more.
Forensictools
Forensictools was released by Cristian Souza.
Description From GitHub: forensictools is a toolkit designed for digital forensics, offering a wide array of tools. Its primary goal is to simplify the creation of a virtual environment for conducting forensic examinations.
In addition to installing the tools, forensictools seamlessly integrates the programs into the Windows PATH. This integration allows for effortless utilization of these tools directly from the command line, eliminating the need for manual setup or configuration.
UserSearch.org – UserSearch BETA 1.0
UserSearch.org released the OSINT search service UserSearch BETA 1.0 located at usersearch.ai. The cost ranges from Free to $99.97/year.
Linux Incident Response
Linux Incident Response was released by Abdullah.
Description From GitHub and LinkedIn: This repository contains a comprehensive cheatsheet for incident response and live forensics in Linux environments. It’s designed to help system administrators, security professionals, and IT staff quickly reference commands and procedures during an incident.
Alongside the cheatsheet, we’ve developed a handy Bash script. This script automates the execution of various commands from the cheatsheet, outputting the results into an easily digestible format. It’s a time-saver and a great tool for rapid analysis.
DriveFS Sleuth
DriveFS Sleuth was released by Amged Wageh. Check out their blog post about it.
Description From GitHub: DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based on research that has been performed by mounting different scenarios and noting down the changes in the Google Drive File Stream disk artifacts.
DriveFS Sleuth is capable of parsing the disk artifacts and building a filesystem tree-like structure enumerating the synchronized files along with their respective properties. DriveFS Sleuth detects some deleted synchronized items and items that have been shared with the user, compiles information on mirroring folders, and provides insights into connected device configurations along with searching functionality to facilitate the investigations. Additionally, DriveFS Sleuth offers the functionality to generate reports in HTML or CSV formats.
LogBoost
LogBoost was released by Joseph Avanzato.
Description From GitHub: LogBoost is a command-line utility originally designed to enrich IP addresses in CSV files with ASN, Country and City information provided by the freely available MaxMind GeoLite2 DBs. LogBoost can parse and convert a variety of structured and semi-structured log formats to CSV while simultaneously enriching detected IP addresses, including JSON, IIS, W3C, ELF, CLF, CEF, KV, SYSLOG.
The tool can also perform reverse lookups on each IP address detected in the source files to identify currently related domains. If ‘GeoLite2-Domain.mmdb’ is detected in the specified MaxMind DB Dir (CWD by default), the associated TLD of the enriched IP address is provided in the output as well. On top of this, LogBoost can download text-based threat intelligence as configured in feed_config.json and parse these into a local SQLite DB which is then used to further enrich detected IP addresses with the indicator ‘type’.
GeoSpy AI
GeoSpy AI is an OSINT Geolocation tool released by Graylark.io. Upload an image or take a photo and get a location with coordinates.
YARA Forge
Florian Roth released YARA Forge. Check out the blog post about it.
Description from GitHub: YARA Forge is a robust tool designed to streamline the process of sourcing, standardizing, and optimizing YARA rules. It automates the collection of rules from various online repositories, ensures they adhere to a unified standard, conducts thorough quality checks, and eliminates any broken or non-compliant rules.
The tool generates curated rule packages, ready for integration into various security products, with an emphasis on performance and stability.
GootLoader JS Unpacker and C2 Extractor
Karsten Hahn released a GootLoader JS Unpacker and C2 Extractor.
UPCOMING LIVE ONLINE TRAINING
Accelerated Introduction to Intelligence with Joe Gray
Cost: $225
Date: January 12th, 2024
Has a Certificate of Completion
Hexordia Mobile Data Structure Virtual Live Training with Jessica Hyde
Cost: $550 (30% off using code: eoy23 before December 31st)
Date: January 17th, 2024
Has a Certificate of Attendance
Forensic Analysis of Apple IoT Devices (Apple TV, Watch, HomePod, HomeKit) with Mattia Epifani
Cost: Free
Date: January 24th, 2024
Has a Certificate of Attendance
Practical OPSEC for Intelligence & Privacy with Joe Gray
Cost: $310
Date: January 29th, 2024
Has a Certificate of Completion
CURRENT DISCOUNTS
Discounts for Apress/Springer books, ASK Academy, BlackPerl DFIR, Blu Raven, Cyber 5W/Hexordia, CyberWarFareLabs, Hetherington Group, INE, LetsDefend, Cybersecurity ABC’s Book Series, Packt Publishing, Paraben, R-Tools Technology, and Trainsec are ending soon. They are listed on the Current Discounts page.
CHANGES AND ADDITIONS TO THE FREE & AFFORDABLE TRAINING SITE
The following was added to the Free & Affordable Training Site this month:
- Python for OSINT: 21 Day Course for Beginners (Cyb_detective)
- Linux for OSINT: 21 Day Course of Beginners (Cyb_detective)
- Open-Source Intelligence (Basel Institute)
- OSINT Quiz (seintpl)
- Maltego Courses (Spark – Powered by Maltego)
- Cybersecurity Fundamentals (APNIC Academy)
- AWS Security Incident Response Courses (AWS)
- Introduction to Digital Forensics (Truxton Forensics)
- Computer Forensics Specialization (Coursera)
- Digital Forensics Courses (Infosec Institute)
- Mobile Forensics Courses (Infosec Institute)
- Dark Web Cyber Intelligence Practitioner (EPCYBER)
- OSINT Practitioner (EPCYBER)
I also added “Student Discount” and “Payment Plan Available” filters to the site.
I hope everyone has a Happy New Year!
Recent Comments