The following contains newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training, books, and tools from May, as well as upcoming live online training for June. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.

Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies mentioned in this post and references to them contain affiliate/partner links: CyberDefenders, Amazon, Humble Bundle.

NEWLY RELEASED TRAINING, BOOKS, LABS & CHALLENGES

LetsDefend

LetsDefend added the following courses and challenges:

• C++ Malware Challenge (VIP+)
• Discord Forensics Challenge (Free)
• YARA Rule Challenge (Free)
• CompTIA CySA+ Preparation Path (VIP+ is needed for the complete path. Some courses are free)
• Computer Crime and Legal Issues Course (VIP+)
• Network Forensics Course (VIP+)
• Anti-Forensic Techniques Course (VIP+)

Their VIP+ plan ($39.99/month or $359/year).

---

Blue Team Labs Online

Blue Team Labs Online released four new labs. Three are part of the Pro subscription ($19/month to $183/year). One is free.

• Piggy: Security Operations (Free)
• Frontier: Security Operations (Pro)
• VoidZoro: Reverse Engineering (Pro)
• Shadow Broker: Reverse Engineering (Pro)

---

CyberDefenders

CyberDefenders released new Free and Pro labs. The Pro account costs $20/month – $200/year. 

• ATMii: Malware Analysis (Pro)
• BlueSky: Network Forensics (Free)
• 3CX Supply Chain: Threat Intel (Free)
• Volatility Traces: Endpoint Forensics (Pro)

---

TryHackMe

TryHackMe released several new DFIR challenges and walkthrough rooms in May:

• Blizzard (Premium)
• Profiles (Free)
• Dead End? (Premium)
• Windows Network Analysis (Premium)
• IR Philosophy and Ethics (Free)
• IR Timeline Analysis (Premium)
• Linux Process Analysis (Free)
• Analyzing Windows Volatile Memory (Premium)

---

Hack The Box

Hack The Box released new free DFIR Sherlocks in May:

• Heist
• Mellitus
• Ultimatum

---

XINTRA Labs

XINTRA released a new APT Emulation Lab: Husky Corp.

The labs cost $45/month or $459/year. They also offer a 7-day free trial. Labs come with Certificates of Completion.

---

The DFIR Report

The DFIR Report released two new labs:

• Qbot Leads to Cobalt Strike and Domain Compromise ($29.99 – $94.99)
• A Truly Graceful Wipe Out ($24.99 – $89.99)

The labs come with a Certificate of Completion and Digital Badge.

---

13Cubed

13Cubed created a video about File System Tunneling: The Weird Windows Feature You’ve Never Heard Of.

There is also a waitlist available for his upcoming Investigating Linux Devices course.

---

Jai Minton

Jai Minton created several Malware Analysis videos:

• LNK File Malware Analysis and HTA Deobfuscation
• Decrypting AMOS (Atomic MacOS Stealer) using Python
• Reverse Engineering a Malicious MSI and Java Archive Malware Downloader
• AES Decryption with CyberChef, and ISO File Forensics

---

BlueMonkey 4n6

BlueMonkey 4n6 released several videos including:

• Hiding and Deleting History on Linux Systems – How the Hackers Hide Their Actions From You
• Basic Intro to The Sleuth Kit Command Line Tools
• Passthrough Physical Disk to Virtual Machine – Proxmox Tutorial Series
• Sparse Files Tutorial – how to use them with Windows, Linux, and Mac OS

---

Book – The Definitive Guide to KQL

The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting by Mark Morowczynski, Rod Trent, Matthew Zorich was released.

---

Phil Hagen

Phil Hagen created a Network Forensic Fundamentals Playlist. Topics Include:

• The PCAP File Format
• The Berkeley Packet Filter (BPF)
• tcpdump
• Wireshark
• tshark
• Sample Labs

---

Book – The Mighty Reverse Engineer

The children’s book, The Mighty Reverse Engineer by Nicole Hoffman was released.

---

Sofia Santos

Sofia Santos released another free OSINT challenge: OSINT Exercise 027.

---

ACE Responder

ACE Responder added two new modules:

• Understanding, Detecting and Investigating Enterprise PKI Abuse (Analyst)
• Hunting AD CS Abuse (Defender)

The ACE Responder Analyst subscription is $17.49/month. The Defender subscription is $44.99/month.

---

NEWLY RELEASED TOOLS

Fuji: Forensic Unattended Juicy Imaging

Andrea Lazzarotto released Fuji: Forensic Unattended Juicy Imaging.

Description from GitHub:

Fuji is a free, open source software for performing forensic acquisition of Mac computers. It should work on any modern Intel or Apple Silicon device, as it leverages standard executables provided by macOS.

Fuji performs a so-called live acquisition (the computer must be turned on) of logical nature, i.e. it includes only existing files. The software generates a DMG file that can be imported in several digital forensics programs.

It is released under the terms of the GNU General Public License (version 3).

---

SourceRestorer

Andrea Lazzarotto also released SourceRestorer.

Description from GitHub:

SourceRestorer is a tool designed to recover lost code from .pye files encrypted using SOURCEdefender. It provides a means to decrypt and analyze otherwise unreadable Python source code, which can be particularly useful in several scenarios such as:

• Malware analysis: Analyzing potentially harmful code without having access to its original sources
• Forensic investigation of unknown code: Gaining insights into third-party scripts with no available documentation
• Code recovery: Restoring your own code when you’ve accidentally lost the original source files

---

Malfind Parser

Davide R. released Malfind Parser.

Description from Github: How does this script relate to Volatility and malfind? This script is inspired by the functionality of the malfind plugin in Volatility. Just like malfind, our script is designed to identify patterns that are indicative of code injection in files. These patterns are indicative of various techniques used in code injection, such as NOP slides, shellcode, and return-oriented programming among others. While Volatility and its malfind plugin operate on memory dumps, our script operates on files. This makes our script a complementary tool to Volatility and malfind, allowing you to detect code injection not just in memory, but also in files on disk.

---

FACT

Raj Upadhyay released FACT – Designed to help FORENSIC professionals to ACT smartly.

Description from GitHub: FACT is designed to automate repetitive tasks and reduces the examiner efforts and expedite the investigation by extracting vital artifacts from a mounted device, and there after apply advanced intelligence to uncover details.

---

UPCOMING EVENTS

Have an upcoming event? Submit it HERE

---

CURRENT DISCOUNTS

• Kase Scenarios: Get 25% off their OSINT Training Bundle using code: SUMMER2024 (Ends on June 30th)
• Constructing Defense: Get 25% off the Constructing Defense course using code: DFIRDIVA
• Humble Bundles
  • Cybersecurity by Pearson
  • Dive into DevOps

TRAINING TUESDAY HIGHLIGHTS

This year, I started doing Training Tuesday Highlights on LinkedIn, Twitter (X), and Facebook using the hashtag #DFIRDivaTTH. Every Tuesday I highlight a training provider, instructor, book, or course listed on the Free & Affordable Training Site related to Digital Forensics, Incident Response, Malware Analysis, or OSINT.

May Highlights:

• May 7th: CyberDefenders
• May 14th: AWS
• May 21st: NDG
• May 28th: Packt Publishing

ADDITIONS TO THE TRAINING SITE

The following was added to the Free & Affordable Training Site in May:

• Cloud Forensics Demystified (Ganesh Ramakrishnan & Mansoor Haqanee)
• AWS Incident Response Workshops
• Introduction to AWS Threat Detection (LinkedIn Learning)
• Advanced Linux Detection and Forensics Cheatsheet (Defensive Security)
• Network Forensic Fundamentals (Phil Hagen)