The following contains newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training and books from February, as well as upcoming live online training for March. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.
Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies mentioned in this post and references to them contain affiliate/partner links: CyberDefenders, Blue Cape Security, TCM Security, Amazon and INE.
NEWLY RELEASED TRAINING, LABS, BOOKS & CHALLENGES
Cyber 5W
The on-demand courses: Investigating Linux Systems and C5W-500 Malware Analysis from Cyber 5W are now available.
I took the live version of Investigating Linux Systems which grants access to the on-demand version as well and highly recommend it. It’s great for beginners to Linux forensics! The main topics for both courses are as follows:
Investigating Linux Systems – On-Demand ($600)
- Introduction to Linux
- Essential Tools and Techniques
- System Analysis
- File Systems and Log Analysis
- GUI & USB Forensics
- Writing Forensic Reports
- Hands-On Labs
C5W-500 Malware Analysis – On-Demand ($600)
- Introduction to Malware Analysis
- Static Malware Analysis
- Dynamic Malware Analysis
- Analyzing Managed Code (readable/uncompiled)
- Extracting IOCs and Writing YARA Rules
- Hands-On Labs
TCM Security
TCM Security released the Practical Junior OSINT Researcher (PJOR) Certification. This hands-on certification includes training and costs $199.
Topics Include:
- Effective Notekeeping
- Creating Sock Puppet Accouts
- Basic and Advanced Search Engine OSINT
- Image OSINT
- Email Address, Phone Number, and Breached Data OSINT
- People OSINT
- Username and Social Media OSINT
- Wireless Network OSINT
- OSINT with Tools
- Automating OSINT
- Report Writing
13Cubed
13Cubed released a new YouTube video about Login Events vs Account Logons.
Description: In this episode, we’ll learn about the difference between “Logon Events” and “Account Logons” and explore a scenario in which communication occurs between two domain-joined workstations. Where will we find Event ID 4624 and other account-related Event IDs of interest?
Embee Research
Embee Research released several new malware analysis YouTube videos including:
- Advanced CyberChef Techniques – (Flow Control, AES Decryption, Regular Expressions, Registers)
- StealC Loader Analysis – Decoding Powershell Malware with CyberChef
- Guloader – Malware Decoding With CyberChef
- Cobalt Strike Decoding and C2 Extraction – 3 Minute Malware Analysis
Dr Josh Stroschein
Dr Josh Stroschein released new videos on YouTube: Building a VM for Reverse Engineering and Malware Analysis! Installing the FLARE-VM and From Word Document to Ransomware? Investigate how Template Injection is Used to Execute Macros.
Filipi Pires
Filipi Pires recently created a YouTube channel and added the video Malware Hunting: Discovering Techniques in Malicious PDF
Ganesh Ramakrishnan and Mansoor Haqanee
Cloud Forensics Demystified by Ganesh Ramakrishnan and Mansoor Haqanee was published on February 22nd. It is also available on Amazon. It covers AWS, Azure, and Google Cloud.
Topics Include:
- Cloud Fundamentals
- Forensic Readiness: Tools, Techniques, and Preparation for Cloud Forensics
- DFIR Investigations – Logs in AWS, Azure, and GCP
- Common Attack Vectors and TTPs
- Cloud Forensic Analysis – Responding to an Incident in the Cloud
- Cloud Evidence Acquisition
- Analyzing Compromised Containers
- Analyzing Compromised Cloud Productivity Suites
Damien Van Robaeys
Learn KQL in One Month by Damien Van Robaeys was published on February 24th and is available on Amazon.
LetsDefend
LetsDefend released a new AWS Incident Manager – System Manager course. The course is part of their VIP+ plan ($39.99/month or $359/year). They also released two free challenges: Lockbit and PCAP Analysis.
CyberDefenders
CyberDefenders released new Free and Pro labs. The Pro account costs $20/month – $200/year.
New Labs and Challenges:
- ConfluenceRCE: Endpoint Forensics (Pro)
- SpottedInTheWild: Endpoint Forensics (Free)
- GhostDetect: Threat Intel (Pro)
- Ramnit: Endpoint Forensics (Free)
Blue Team Labs Online
Blue Team Labs Online released four new labs in February. They are part of the Pro subscription ($19/month to $183/year).
The Labs Include:
- Brute: Incident Response
- Cyberpunk: Incident Response
- KiKipass: Digital Forensics
- Take a Lap: Digital Forensics
Hack The Box
Hack The Box released two new free DFIR Shirlocks: Jinkies and Recollection
Antisyphon Cyber Range
Antisyphon added more forensics challenges to their Cyber Range. The Cyber Range costs $30/month. It is also included in Antisyphon training courses costing $295 or more.
Pwned Labs
Pwned Labs released the new Detect Threats in the Cloud with ELK Stack lab. This is part of their $20/month or $200/year Pro subscription.
UPCOMING ONLINE TRAINING
Do More With Less: Essential Skills to Combat Ransomware Attacks
Date: March 6th
Cost: Free
Description: In this workshop you will learn about essential skills and gain the knowledge you need to address cyber attacks within enterprise environments, completely based on a real Ransomware scenario. There will also be a bonus at the end!
Getting Started with Elastic Stack for the Security Analyst
Date: March 7th
Description: In this free one-hour Black Hills Information Security (BHIS) webcast, with Dave Hoff – SOC Engineer, he’ll dive into best practices for dashboard creation and data visualization in Elastic. Dave will demonstrate how to use Kibana’s tools to display relevant and actionable information as well as theory around dashboard structure and layout.
4-Hour Hands-On IR Workshop: Rapid Windows Endpoint Triage
Date: March 8th
Cost: Free
Description: In this free 4-hour hands-on Black Hills Information Security (BHIS) incident response workshop, Patterson Cake and members of our SOC and IR teams will outline a rapid endpoint triage plan, from methodology to tactical steps. Training will run 11-3pm EST, show up at 10:00am for hands-on labs preparations.
Date: March 13th
Cost: $550
Description: Learn how to dive deep into data structures commonly found on mobile phones. This one day (8 hours) class is intended for Intermediate and Advanced mobile forensics practitioners. We will delve into database formats for both SQLite and LevelDB. In addition we will explore the PList and Protocol Buffer (Protobuf) formats. Course is taught using Open Source and freeware tools to ensure that participants can utilize the skills learned in their lab without additional budgetary requirements. Course is hands-on with labs covering each data format.
Date: March 13th
Cost: $750
Description: At the completion of this live training, you will possess the necessary know-how to effectively and efficiently investigate a compromised Linux system, learn where to find system and application artifacts, and recover deleted data.
Enterprise Forensics and Response
Dates: March 14 – 15
Cost: $575
Description: The Enterprise Forensics and Response course is designed to provide students with both an investigative construct and techniques that allow them to scale incident response activities in an enterprise environment. The focus of the lecture portion of the course work is understanding the incident investigation process, objective oriented analysis and response, intrusion analysis and an exploration of attacker Tactics and Techniques.
Network Forensics and Incident Response
Dates: March 14 – 15
Cost: $575
Description: This course uses an assortment of network data acquisition tools and techniques with a focus on open-source, vendor-neutral solutions. Students who take this course will learn how to perform network traffic and protocol analysis that ultimately supports cybersecurity incident response efforts. From reconnaissance to data exfiltration, network traffic scales to provide a bird’s-eye view of attacker activity. Leveraging the vantage point of key network traffic chokepoints, this course explores nearly every phase of an attacker’s methodology. Students will learn network traffic analysis concepts and work through hands-on lab exercises that reinforce the course material using real-world attack scenarios.
Dates: March 14 – 15
Cost: $575
Description: The goal of this course is to provide the core components that make up a successful Incident Response program. Students will learn how to get started on their IR journey, what to prioritize, and why boring stuff like policies and procedures are just as important as technical digital forensics skills.
Advanced Network Threat Hunting
Dates: March 14 – 15
Cost: $575
Description: We will spend most of this class analyzing PCAP files for Command and Control (C2) communications in order to identify malware back channels. It is assumed that the student will already understand the basics of network threat hunting, so we can immediately jump into applying that knowledge. The goal will be to create a threat hunting runbook that you can use within your own organization in order to identify systems that have been compromised.
Ransomware Attack Simulation and Investigation for Blue Teamers
Dates: March 14 – 15
Cost: $575
Description: In this workshop, participants will learn how attackers operate, set up a C2
infrastructure with Empire, and execute a simulated attack, step-by-step, from initial access all
the way throughout post-exploitation phases, each student in their own Active Directory
enabled lab environment. Following, we will perform a full investigation of the scenario at hand, covering log and endpoint analysis at scale as well as data collection and digital forensics concepts. For this, the
tools we are going to use are Splunk, Velociraptor and several industry-established digital
forensic utilities.
Threat Hunting with Velociraptor
Date: March 20th
Cost: Free
Description: In this free one-hour Antisyphon Anti-Cast with Eric Capuano and Whitney Champion, they’ll share tips and tricks for getting instant value with Velociraptor, as well as updates they have planned for their next THVR course at Wild West Hackin’ Fest!
Threat Hunting Workshop: Hunting for Initial Access
Date: March 20th
Cost: Free
Description: Get ready to elevate your threat hunting skills with Cyborg Security’s exhilarating and interactive workshop, focusing on the pivotal MITRE ATT&CK Tactic: Initial Access. This isn’t just another workshop; it’s an opportunity to immerse yourself in the world of advanced threat hunting, guided by the expertise of Cyborg Security’s seasoned hunters.
Critical Thinking for Investigators
Dates: March 21 – 22
Cost: $499.99
Description: In this course, tools and approaches to optimize mental processes will be discussed and practitioners will come away with an enhanced understanding of how their own personality and habits of mind influence the collection and processing of information.
Image Intelligence (IMINT), Optical Character Recognition (OCR), and Video Analysis
Date: March 25th
Cost: $225
Description: In this 4-hour course, students will dive deeper into reverse image searching and EXIF analysis and learn about Image Intelligence (IMINT), Optical Character Recognition (OCR), and Video Analysis. The course begins with a primer on IMINT, followed by an exploration of metadata types such as EXIF, XMP, and IPTC. Students will use both command-line and web-based tools to analyze metadata and understand the considerations for using each. In cases where metadata is unavailable, students will learn techniques for attempting reverse image searches and introductory photo forensics. Next, students will learn how to enhance images, extract and download videos, and use OCR tools for text recognition.
Dates: March 29 – 30
Cost: $35 – Get $5 off using code: ROBIN
Description: Wicked6 2024 promises to be our best cyber games event yet! We’re generating buzz, like Black Hat MEA’s article calling it “A game that could improve global cybersecurity.” And our goal is to attract thousands of women in cybersecurity, from all over the globe, to come boost their skills, learn and advance in their careers, and have fun with a community of women during this 24-hour event.
TRAINING TUESDAY HIGHLIGHTS
This year, I started doing Training Tuesday Highlights on LinkedIn, Twitter (X), and Facebook using the hashtag #DFIRDivaTTH. Every Tuesday I highlight a training provider, instructor, book, or course listed on the Free & Affordable Training Site related to Digital Forensics, Incident Response, Malware Analysis, or OSINT.
February’s Highlights:
- February 6th: DFIR Science
- February 13th: Cyber Triage/Sleuth Kit Labs
- February 20th: Antisyphon Training
- February 27th: SANS
CURRENT DISCOUNTS
Blu Raven: Get 30% off KQL Courses using code LEAPYEAR24 until March 4th.
Paraben Corporation: Get 20% off Mobile Training Courses using code: L3ARN (this includes the vendor neutral Digital Forensics Fundamentals course)
ASK Academy: Get $50 off The Art of Malware Analysis course using code: LeapYear2024
INE: INE is having a Leap Year Sale that includes $500 off INE Premium/1 Free Certification/50% off 1 Certification, $100 off INE Fundamentals, and 50% off Certification Vouchers. The sale ends March 1st.
Blue Cape Security: Get $50 off the Early-Bird release of 101 Enterprise Security Fundamentals