The following contains newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training, books, and tools from May, as well as upcoming live online training for June. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.
Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies mentioned in this post and references to them contain affiliate/partner links: CyberDefenders, Amazon, Humble Bundle.
NEWLY RELEASED TRAINING, BOOKS, LABS & CHALLENGES
LetsDefend
Source: @LetsDefendIO on Twitter(X)
LetsDefend added the following courses and challenges:
- C++ Malware Challenge (VIP+)
- Discord Forensics Challenge (Free)
- YARA Rule Challenge (Free)
- CompTIA CySA+ Preparation Path (VIP+ is needed for the complete path. Some courses are free)
- Computer Crime and Legal Issues Course (VIP+)
- Network Forensics Course (VIP+)
- Anti-Forensic Techniques Course (VIP+)
Their VIP+ plan ($39.99/month or $359/year).
Blue Team Labs Online
Source: @BlueLabsOnline on Twitter(X)
Blue Team Labs Online released four new labs. Three are part of the Pro subscription ($19/month to $183/year). One is free.
- Piggy: Security Operations (Free)
- Frontier: Security Operations (Pro)
- VoidZoro: Reverse Engineering (Pro)
- Shadow Broker: Reverse Engineering (Pro)
CyberDefenders
Source: @CyberDefenders on Twitter(X)
CyberDefenders released new Free and Pro labs. The Pro account costs $20/month – $200/year.
- ATMii: Malware Analysis (Pro)
- BlueSky: Network Forensics (Free)
- 3CX Supply Chain: Threat Intel (Free)
- Volatility Traces: Endpoint Forensics (Pro)
TryHackMe
Source: @RealTryHackMe on Twitter(X)
TryHackMe released several new DFIR challenges and walkthrough rooms in May:
- Blizzard (Premium)
- Profiles (Free)
- Dead End? (Premium)
- Windows Network Analysis (Premium)
- IR Philosophy and Ethics (Free)
- IR Timeline Analysis (Premium)
- Linux Process Analysis (Free)
- Analyzing Windows Volatile Memory (Premium)
Hack The Box
Source: @hackthebox_eu on Twitter (X)
Hack The Box released new free DFIR Sherlocks in May:
- Heist
- Mellitus
- Ultimatum
XINTRA Labs
XINTRA released a new APT Emulation Lab: Husky Corp.
The labs cost $45/month or $459/year. They also offer a 7-day free trial. Labs come with Certificates of Completion.
The DFIR Report
Source: @TheDFIRReport on Twitter(X)
The DFIR Report released two new labs:
- Qbot Leads to Cobalt Strike and Domain Compromise ($29.99 – $94.99)
- A Truly Graceful Wipe Out ($24.99 – $89.99)
The labs come with a Certificate of Completion and Digital Badge.
13Cubed
Source: @13Cubed on YouTube
13Cubed created a video about File System Tunneling: The Weird Windows Feature You’ve Never Heard Of.
There is also a waitlist available for his upcoming Investigating Linux Devices course.
Jai Minton
Source: @cyberraiju on YouTube
Jai Minton created several Malware Analysis videos:
- LNK File Malware Analysis and HTA Deobfuscation
- Decrypting AMOS (Atomic MacOS Stealer) using Python
- Reverse Engineering a Malicious MSI and Java Archive Malware Downloader
- AES Decryption with CyberChef, and ISO File Forensics
BlueMonkey 4n6
Source: @BlueMonkey4n6 on YouTube
BlueMonkey 4n6 released several videos including:
- Hiding and Deleting History on Linux Systems – How the Hackers Hide Their Actions From You
- Basic Intro to The Sleuth Kit Command Line Tools
- Passthrough Physical Disk to Virtual Machine – Proxmox Tutorial Series
- Sparse Files Tutorial – how to use them with Windows, Linux, and Mac OS
Book – The Definitive Guide to KQL
The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting by Mark Morowczynski, Rod Trent, Matthew Zorich was released.
Phil Hagen
Source: @PhilHagen on YouTube
Phil Hagen created a Network Forensic Fundamentals Playlist. Topics Include:
- The PCAP File Format
- The Berkeley Packet Filter (BPF)
- tcpdump
- Wireshark
- tshark
- Sample Labs
Book – The Mighty Reverse Engineer
The children’s book, The Mighty Reverse Engineer by Nicole Hoffman was released.
Sofia Santos
Sofia Santos released another free OSINT challenge: OSINT Exercise 027.
ACE Responder
ACE Responder added two new modules:
- Understanding, Detecting and Investigating Enterprise PKI Abuse (Analyst)
- Hunting AD CS Abuse (Defender)
The ACE Responder Analyst subscription is $17.49/month. The Defender subscription is $44.99/month.
NEWLY RELEASED TOOLS
Fuji: Forensic Unattended Juicy Imaging
Source: Andrea Lazzarotto on GitHub
Andrea Lazzarotto released Fuji: Forensic Unattended Juicy Imaging.
Description from GitHub:
Fuji is a free, open source software for performing forensic acquisition of Mac computers. It should work on any modern Intel or Apple Silicon device, as it leverages standard executables provided by macOS.
Fuji performs a so-called live acquisition (the computer must be turned on) of logical nature, i.e. it includes only existing files. The software generates a DMG file that can be imported in several digital forensics programs.
It is released under the terms of the GNU General Public License (version 3).
SourceRestorer
Andrea Lazzarotto also released SourceRestorer.
Description from GitHub:
SourceRestorer is a tool designed to recover lost code from .pye
files encrypted using SOURCEdefender. It provides a means to decrypt and analyze otherwise unreadable Python source code, which can be particularly useful in several scenarios such as:
- Malware analysis: Analyzing potentially harmful code without having access to its original sources
- Forensic investigation of unknown code: Gaining insights into third-party scripts with no available documentation
- Code recovery: Restoring your own code when you’ve accidentally lost the original source files
Malfind Parser
Source: @piralla on GitHub
Davide R. released Malfind Parser.
Description from Github: How does this script relate to Volatility and malfind? This script is inspired by the functionality of the malfind plugin in Volatility. Just like malfind, our script is designed to identify patterns that are indicative of code injection in files. These patterns are indicative of various techniques used in code injection, such as NOP slides, shellcode, and return-oriented programming among others. While Volatility and its malfind plugin operate on memory dumps, our script operates on files. This makes our script a complementary tool to Volatility and malfind, allowing you to detect code injection not just in memory, but also in files on disk.
FACT
Source: IRB0T – Raj Upadhyay on GitHub
Raj Upadhyay released FACT – Designed to help FORENSIC professionals to ACT smartly.
Description from GitHub: FACT is designed to automate repetitive tasks and reduces the examiner efforts and expedite the investigation by extracting vital artifacts from a mounted device, and there after apply advanced intelligence to uncover details.
UPCOMING EVENTS
Getting Started in Security with BHIS and MITRE ATT&CK (Antisyphon Training)
Cost: Pay What You Can (Free – $575)
The Invisible Threat: Understanding and Defending Against LOLBINs in Cyberattacks (Blue Cape Security)
Cost: Free
AI and DFIR: A Match Made in Cyber Heaven or a Recipe for Digital Disaster? (SANS)
Cost: Free
Incident Response Summit (Antisyphon Training)
Antisyphon Training is hosting a free, virtual Incident Response summit with paid training and a CTF starting on June 19th. Training options range from $295 $575:
Demystifying Data: Hands-on Data Conversion Between Binary, Hexadecimal, Decimal, and ASCII (SANS)
Cost: Free
This is part one of The Secret Life of Devices: A Series of Workshops on Digital Forensics Fundamentals
Have an upcoming event? Submit it HERE
CURRENT DISCOUNTS
- Kase Scenarios: Get 25% off their OSINT Training Bundle using code: SUMMER2024 (Ends on June 30th)
- Constructing Defense: Get 25% off the Constructing Defense course using code: DFIRDIVA
- Humble Bundles
TRAINING TUESDAY HIGHLIGHTS
This year, I started doing Training Tuesday Highlights on LinkedIn, Twitter (X), and Facebook using the hashtag #DFIRDivaTTH. Every Tuesday I highlight a training provider, instructor, book, or course listed on the Free & Affordable Training Site related to Digital Forensics, Incident Response, Malware Analysis, or OSINT.
May Highlights:
- May 7th: CyberDefenders
- May 14th: AWS
- May 21st: NDG
- May 28th: Packt Publishing
ADDITIONS TO THE TRAINING SITE
The following was added to the Free & Affordable Training Site in May: