The following contains newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training and tools from July, as well as upcoming live online training and events for August. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.
Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies mentioned in this post and references to them contain affiliate/partner links: CyberDefenders, Hack The Box, Pluralsight.
NEWLY RELEASED TRAINING, LABS & CHALLENGES FROM JULY, 2024
Hexordia/Cyber5W
There are two new hands-on courses on Cyber 5W. Both come with certificates of completion.
Hexordia’s HEX-220 iOS Analysis ($150) covers:
- File Systems
- Encryption
- Acquisition
- Artifacts
- System Artifacts
- References
Incident Response 101 ($100) covers:
- Preparation Phase
- Detection Phase
- Acquisition Phase
The DFIR Report
The DFIR Report released an new DFIR Lab: LockBit Ransomware – Private Case #27244
Cost: $19.99 – $84.99 (includes a certificate and badge upon successful completion)
Blue Team Labs Online
Source: @BlueLabsOnline on Twitter(X)
Blue Team Labs Online released the following Pro Investigations in July:
- Jakuten: Threat Intelligence
- Mitsu: Security Operations
- Sysadmin Nightmare: Reverse Engineering
- Just a Viewer: Incident Response
- Parcel: Incident Response
- StrikeCrowd: Reverse Engineering
Their Pro subscription ranges from $19/month to $183/year.
LetsDefend
Source: @LetsDefendIO on Twitter(X)
LetsDefend added the following courses and challenges:
- Advanced Windows Forensics Course (VIP+)
- How to Investigate a SIEM Alert Course (Free)
- Batch Downloader Challenge (Free)
- Brute Force Attacks Challenge (Free)
- Golang Ransomware Challenge (Free)
- Revenge RAT Challenge (Free)
- TeamViewer Forensics Challenge (Free)
Their VIP+ plan costs $39.99/month or $359/year.
CyberDefenders
Source: @CyberDefenders on Twitter(X)
CyberDefenders released the following new Free and Pro labs. The Pro account costs $20/month – $200/year.
- PhishStrike: Threat Intel (Pro)
- Reveal: Endpoint Forensics (Free)
- JetBrains: Network Forensics (Pro)
- Trigona Ransomware: Endpoint Forensics (Pro)
TryHackMe
Source: @RealTryHackMe on Twitter(X)
TryHackMe released the following free and premium DFIR Walkthrough Rooms in July:
- Forensic Imaging (Free)
- Linux Logs Investigations (Premium)
- Linux Live Analysis (Premium)
- Critical (Free)
TryHackMe Premium is $14/month or $126/year.
Hack The Box
Source: @hackthebox_eu on Twitter (X)
Hack The Box released the following free DFIR Sherlocks last month:
- Heartbreaker-Denouemnent
- Heartbreaker-Continuum
ACE Responder
ACE Responder released a new challenge: Blind Spot. This is part of their $44.49/month Defender subscription.
Ali Hadi
Ali Hadi added two new challenges to his website:
CyberWarFare Labs
CyberWarFare Labs launched their Infinity Learning Platform with Cloud Offensive, Defensive, and Purple Labs. Defensive Labs cover AWS, Azure, and GCP.
Some of the Defensive challenges include:
- AWS: Investigating Suspicious IAM User Account Creation
- Azure: Investigating Suspicious Service principal credential creation
- GCP: Investigating GCP Data Exfiltration Through Replication Activity
There are several more! The platform is currently free.
13Cubed
13Cubed released a new Mounting Linux Disk Images in Windows video on YouTube.
Mossé Cyber Security Institute
Mossé Cyber Security Institute has 3 new OSINT and Forensics certifications. All three include training and are 100% hands-on. They cost $995 each.
The MCDFA – Certified Cyber Defense Forensics Analyst & MFA – Certified Forensics Analyst topics look pretty much the same. They include:
- Lab Setup and Virtualization
- File and Disk Forensics
- Windows Forensics
- Behavioral and Memory Analysis
- Malware Analysis
- Documentation
The MASA – Certified All Source Analyst topics include:
- Lab Setup and Virtualization
- Open Source Intelligence (OSINT) Fundamentals
- Cyber Threat Intelligence (CTI) Concepts and Operations
- Information Gathering and Analysis
Matthew Plascencia
Matthew Plascencia created two new YouTube videos:
- The Digital Forensic Process | Forensic Fundamentals
- Introduction to iOS Forensics | iOS Forensics 1
My OSINT Training
My OSINT Training held a webinar on using their bookmarklets library. The Expert OSINT Tools: Free, Powerful Bookmarklets for Digital Investigators video is now available on YouTube.
Cyber Security – Purple Team
Cyber Security – Purple Team created several new videos on using FTK Imager.
Dr Josh Stroschein
Dr Josh Stroschein has a new Malware Mondays video on Analyzing Malicious Network Traffic with Suricata.
Pluralsight
A new course, Malware Analysis: Assembly Basics, taught by Josh Stroschein is now available on Pluralsight. This is part of the Malware Analysis Path.
Topics include:
- Demystifying CPU Architecture and Number Systems
- Learning the Building Blocks of Assembly
- Common Code Structures
Xintra
Xintra released a new APT-level incident lab: TechTonik Inc.
Subscriptions are $45/month – $459/year. There is also a 7-day free trial. Labs have a Certificate of Completion.
Sofia Santos
Sofia Santos released OSINT Exercise 028.
NEWLY RELEASED TOOLS & PLATFORMS
The DFIR Thing
Jouni Mikkola released The DFIR Thing. Check out their YouTube Playlist and blog post about it.
Description from GitHub:
“The DFIR thing is a project which is meant to be used to parse and analyze data for DFIR purposes. The main idea is to use docker and docker-compose to make it easy to launch a new environment when needed. Currently only evtx logs are being parsed and they are not parsed as raw. Rather the data is parsed with Chainsaw and Hayabusa. The results are sent to ELK for investigation purposes.”
LinImageMounter
Minoru Kobayashi released LinImageMounter.
Description from GitHub: “LinImageMounter is a Python tool designed to simplify the process of mounting disk images on Linux systems. It provides a user-friendly command line interface to mount disk images, making it easier for forensic analysts, system administrators, and enthusiasts to access the contents of disk images without the need for complex commands or manual setup.”
Chrome-Profile-View
The CCL Group released chrome-provile-view. They also have a blog post about it: Shiny New Chrome Tool Now Available
Description from GitHub: “A Python web app for previewing data in Chrome/Chromium profile folder.”
Insider Threat Matrix
The Insider Threat Matrix was recently made public.
Description from the website: “ITM is a continually growing framework for Digital Investigators investigating instances of computer-enabled insider threats in organizations of any size.”
UPCOMING LIVE TRAINING, CONFERENCES AND CTFS FOR AUGUST, 2024
Maveris Olympics OSINT CTF
This free OSINT CTF started July 26th and runs until August 12th.
Hands-On Digital Evidence: Exploring Evidence with Mounted Images | SANS
Cost: Free
Mastering the Threat Landscape: DFIR Fundamentals| Blue Cape Security
Cost: Free
Demystifying Base64: A Detailed Beginner’s Guide to Encoding and Decoding | SANS
Cost: Free
Enterprise Forensics and Response w/Gerard Johansen | Antisyphon Training
Cost: $575
Uncovering Cyber Threats: Key Forensic Concepts | Blue Cape Security
Cost: Free
Essential DFIR Tools and Techniques for Effective Analysis | Blue Cape Security
Cost: Free
SOC Core Skills w/ John Strand | Antisyphon Training
Cost: Pay What You Can (Free – $575)
Fearless Forensic Shell Fu With Hal Pomeranz | Antisyphon Training
Cost: Free
TRAINING TUESDAY HIGHLIGHTS
This year, I started doing Training Tuesday Highlights on LinkedIn, Twitter (X), and Facebook using the hashtag #DFIRDivaTTH. Every Tuesday I highlight a training provider, instructor, book, or course listed on the Free & Affordable Training Site related to Digital Forensics, Incident Response, Malware Analysis, or OSINT.
July Highlights:
- July 2nd: BlueMonkey4n6
- July 9th: BlackPerl DFIR
- July 16th: Open Security Training
- July 23rd: Applied Network Defense
- July 30th: Alexis Brignoni
ADDITIONS TO THE TRAINING SITE
The following was added to the Free & Affordable Training Site in July:
- Insider Threat Hunting: Detecting and Responding to Internal Security Risks (LinkedIn Learning)
- MASA – Certified All Source Analyst (Mossé Cyber Security Institute)
- MCDFA – Certified Cyber Defense Forensics Analyst (Mossé Cyber Security Institute)
Want to get email notifications of new blog posts?