Free & Affordable Training News Monthly: May – June, 2024

The following contains newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training, books, and tools from May, as well as upcoming live online training for June. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.

Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies mentioned in this post and references to them contain affiliate/partner links: CyberDefenders, Amazon, Humble Bundle.



LetsDefend added the following courses and challenges:

Their VIP+ plan ($39.99/month or $359/year).

Blue Team Labs Online

Blue Team Labs Online released four new labs. Three are part of the Pro subscription ($19/month to $183/year). One is free.

  • Piggy: Security Operations (Free)
  • Frontier: Security Operations (Pro)
  • VoidZoro: Reverse Engineering (Pro)
  • Shadow Broker: Reverse Engineering (Pro)


CyberDefenders released new Free and Pro labs. The Pro account costs $20/month – $200/year. 

  • ATMii: Malware Analysis (Pro)
  • BlueSky: Network Forensics (Free)
  • 3CX Supply Chain: Threat Intel (Free)
  • Volatility Traces: Endpoint Forensics (Pro)


TryHackMe released several new DFIR challenges and walkthrough rooms in May:

Hack The Box

Source: @hackthebox_eu on Twitter (X)

Hack The Box released new free DFIR Sherlocks in May:

  • Heist
  • Mellitus
  • Ultimatum


XINTRA released a new APT Emulation Lab: Husky Corp.

The labs cost $45/month or $459/year. They also offer a 7-day free trial. Labs come with Certificates of Completion.

The DFIR Report

The DFIR Report released two new labs:

The labs come with a Certificate of Completion and Digital Badge.


Image Not Found

13Cubed created a video about File System Tunneling: The Weird Windows Feature You’ve Never Heard Of.

There is also a waitlist available for his upcoming Investigating Linux Devices course.

Jai Minton

Image Not Found
Source: @cyberraiju on YouTube

Jai Minton created several Malware Analysis videos:

  • LNK File Malware Analysis and HTA Deobfuscation
  • Decrypting AMOS (Atomic MacOS Stealer) using Python
  • Reverse Engineering a Malicious MSI and Java Archive Malware Downloader
  • AES Decryption with CyberChef, and ISO File Forensics

BlueMonkey 4n6

Source: @BlueMonkey4n6 on YouTube

BlueMonkey 4n6 released several videos including:

  • Hiding and Deleting History on Linux Systems – How the Hackers Hide Their Actions From You
  • Basic Intro to The Sleuth Kit Command Line Tools
  • Passthrough Physical Disk to Virtual Machine – Proxmox Tutorial Series
  • Sparse Files Tutorial – how to use them with Windows, Linux, and Mac OS

Book – The Definitive Guide to KQL

The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting by Mark Morowczynski, Rod Trent, Matthew Zorich was released.

Phil Hagen

Image Not Found

Phil Hagen created a Network Forensic Fundamentals Playlist. Topics Include:

  • The PCAP File Format
  • The Berkeley Packet Filter (BPF)
  • tcpdump
  • Wireshark
  • tshark
  • Sample Labs

Book – The Mighty Reverse Engineer

The children’s book, The Mighty Reverse Engineer by Nicole Hoffman was released.

Sofia Santos

Sofia Santos released another free OSINT challenge: OSINT Exercise 027.

ACE Responder

ACE Responder added two new modules:

The ACE Responder Analyst subscription is $17.49/month. The Defender subscription is $44.99/month.


Fuji: Forensic Unattended Juicy Imaging

Image Not Found
Source: Andrea Lazzarotto on GitHub

Andrea Lazzarotto released Fuji: Forensic Unattended Juicy Imaging.

Description from GitHub:

Fuji is a free, open source software for performing forensic acquisition of Mac computers. It should work on any modern Intel or Apple Silicon device, as it leverages standard executables provided by macOS.

Fuji performs a so-called live acquisition (the computer must be turned on) of logical nature, i.e. it includes only existing files. The software generates a DMG file that can be imported in several digital forensics programs.

It is released under the terms of the GNU General Public License (version 3).


Andrea Lazzarotto also released SourceRestorer.

Description from GitHub:

SourceRestorer is a tool designed to recover lost code from .pye files encrypted using SOURCEdefender. It provides a means to decrypt and analyze otherwise unreadable Python source code, which can be particularly useful in several scenarios such as:

  • Malware analysis: Analyzing potentially harmful code without having access to its original sources
  • Forensic investigation of unknown code: Gaining insights into third-party scripts with no available documentation
  • Code recovery: Restoring your own code when you’ve accidentally lost the original source files

Malfind Parser

Image Not Found
Source: @piralla on GitHub

Davide R. released Malfind Parser.

Description from Github: How does this script relate to Volatility and malfind? This script is inspired by the functionality of the malfind plugin in Volatility. Just like malfind, our script is designed to identify patterns that are indicative of code injection in files. These patterns are indicative of various techniques used in code injection, such as NOP slides, shellcode, and return-oriented programming among others. While Volatility and its malfind plugin operate on memory dumps, our script operates on files. This makes our script a complementary tool to Volatility and malfind, allowing you to detect code injection not just in memory, but also in files on disk.


Image Not Found
Source: IRB0T – Raj Upadhyay on GitHub

Raj Upadhyay released FACT – Designed to help FORENSIC professionals to ACT smartly.

Description from GitHub: FACT is designed to automate repetitive tasks and reduces the examiner efforts and expedite the investigation by extracting vital artifacts from a mounted device, and there after apply advanced intelligence to uncover details.



Getting Started in Security with BHIS and MITRE ATT&CK (Antisyphon Training)


Cost: Pay What You Can (Free – $575)


Intelligence Investigations: Business (The OSINTion)


Cost: $370


Detecting PowerShell Abuse: Hands-On 3-Hour Workshop (SCYTHE)


Cost: Free


Incident Response Summit (Antisyphon Training)


Demystifying Data: Hands-on Data Conversion Between Binary, Hexadecimal, Decimal, and ASCII (SANS)


Cost: Free

This is part one of The Secret Life of Devices: A Series of Workshops on Digital Forensics Fundamentals


Cyber Threat Hunting Training – Level 1 (Active Countermeasures)


Cost: Free

Have an upcoming event? Submit it HERE



This year, I started doing Training Tuesday Highlights on LinkedInTwitter (X), and Facebook using the hashtag #DFIRDivaTTH. Every Tuesday I highlight a training provider, instructor, book, or course listed on the Free & Affordable Training Site related to Digital Forensics, Incident Response, Malware Analysis, or OSINT.

May Highlights:


The following was added to the Free & Affordable Training Site in May: