The following contains newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training and tools from November, as well as upcoming live online training and events for December. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.
Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies mentioned in this post and references to them contain affiliate/partner links: CyberDefenders, Hack The Box, Blue Cape Security.
NEWLY RELEASED TRAINING, BOOKS, LABS & CHALLENGES FROM NOVEMBER 2024
Blue Cape Security
Blue Cape Security has a new hands-on course that is now open for enrollment. 301 Enterprise DFIR is centered on a realistic ransomware scenario and covers:
- Network Packet and Zeek Log Analysis
- Event Log Analysis with Splunk and Sigma
- Remote Analysis with Velociraptor
- Forensic Analysis – Data Collection, Disk and Memory Analysis
- Malware Analysis and Detection with YARA Rules
- Timeline Creation and Analysis with TimeSketch and Hayabusa
- Reporting
The course is currently at an Early Bird price of $499 until February 1st. You can also get an additional 25% off until December 2nd using code: BLACKFRIDAY24
They’ll be releasing a new module every week starting on December 2nd. I am taking this course so expect a blog post later 🙂
LetsDefend
Source: @LetsDefendIOÂ on Twitter(X)
LetsDefend added a new DFIR Learning Path. It covers:
- Hard Disks and File Systems
- Windows Data Acquisition
- Anti-Forensic Techniques
- Digital Forensics on Linux
- Windows Memory Forensics
- Linux Memory Forensics
- Network Forensics
- Email Forensics
- Android Forensics
- iOS Forensics
- Understanding Malware
- DFIR with EDR
Their VIP+ plan costs $39.99/month or $359/year. It is currently 50% off for Black Friday.
TryHackMe
Source: @RealTryHackMe on Twitter (X).
TryHackMe released the following challenge and walkthrough rooms:
- Incident Response Process (Free)
- SeeTwo (Premium)
- Threat Hunting with YARA (Free)
The TryHackMe Premium Subscription is $14/month or $126/year.
Blue Team Labs Online
Source:  @BlueLabsOnline on Twitter(X)
Blue Team Labs Online released the following Pro Investigations in November:
- Latent: Digital Forensics
- Type R: Digital Forensics
Their Pro subscription ranges from $19/month to $183/year.
CyberDefenders
Source: @CyberDefenders on Twitter(X)
CyberDefenders released the following new Pro labs. The Pro account costs $20/month – $200/year.
- XMrig: Endpoint Forensics
- Andromeda Bot: Endpoint Forensics
- Openfire: Network Forensics
- Midnight RDP: Threat Hunting
Hack The Box
Source: @hackthebox_eu on Twitter (X)
Hack The Box released the following free Sherlocks last month:
- Compromised: SOC
- Lovely Malware: Malware Analysis
- MisCloud: DFIR
- Takedown: SOC
They also added a new Malicious Document Analysis module to Hack the Box Academy. The course can be accessed for $50 (500 cubes). It is also included in their $18/month – $490/year Silver subscription. It covers:
- PDF Document Analysis
- Analysis of Malicious Office Files
- Office Document – VBA Macro Analysis
- Obfuscated VBA Macro Analysis
- Malicious Excel Macro Analysis
- Obfuscated Excel 4.0 Macro (XLM)
- Analysis of XLL Add-Ins
- Analysis of Malicious RTF Files
- Analysis Using CyberChef
- Malicious CHM Analysis
- Detections and Forensics
LinkedIn Learning
Source: LinkedIn Learning
Two new digital forensics courses were added to LinkedIn Learning. The Web Forensics: Recovering Digital Evidence course covers:
- Recovering Digital Evidence
- Internet Crimes and the Significance of Web Forensics
- Web Evidence
- Acquiring and Preserving Web Evidence
- Analyzing and Reporting Web Evidence
- Legal Considerations in Web Forensics
The Network Forensics course covers:
- Understanding Network Forensics
- Network Forensics Tools
- Preparing for a Network Forensics Investigations
- Investigating Network Events
- Investigating Network Traffic
LinkedIn Learning plans start around $19.99/month for a yearly subscription. They also have a 1 month free trial.
Michael Bazzell – IntelTechniques
Source: IntelTechniques on LinkedIn
The 11th edition of OSINT Techniques: Resources for Uncovering Online Information by Michael Bazzell was published. The 5th Edition of Extreme Privacy was also published. More information and where to buy the books are available on the IntelTechniques website.
UPCOMING LIVE TRAINING, CONFERENCES, and CTFS FOR DECEMBER 2024
OSMOSIS 25 Days of Christmas OSINT CTF
Cost: Free
This CTF is for members of OSMOSIS: An Association for OSINT Professionals. It’s FREE to be a member. The CTF starts on December 1st and ends on December 25th.
Advent of Cyber | TryHackMe
Cost: Free
Advent of Cyber is your festive gateway into cyber security. Each day of this cyber security event leading up to Christmas, you’ll face new byte-size challenges that will test and expand your cyber security knowledge. This includes DFIR challenges.
Santa Claus CTF | OSINT Switzerland
Cost: Free
We’re kicking off our first official OSINT CTF on December 1st. Get ready for a new challenge every day until Christmas Eve. Let’s put your OSINT skills to the test to help Santa solve the case and find all the presents before Christmas.
Windows Forensic Investigation | Cyber 5W
Cost: Free
This webinar is ideal for investigators and DFIR professionals seeking to enhance their expertise in Windows Forensics.
DFIR Labs CTF | The DFIR Report
Cost: $9.99
Ideal for individual users looking to enhance their skills and knowledge through hands-on experience. Can choose either Splunk or Elastic as the SIEM.
Pesky Malware | BCS, The Chartered Institute for IT
Cost: Free
An overview of how to find evidence of malware persistence on your computer, followed by the Cybercrime Forensics SG AGM
CyberSocialCon | Cyber Social Hub
Cost: Free
This is a free online event for Digital Investigators with talks related to DFIR and OSINT.
NEWLY RELEASED TOOLS
Lyman
Brian Maloney created Lyman.
Description from GitHub: Lyman’s purpose is to aid in the creation of .cstruct files. These files help to parse OneDrive logs into their components which can lead to better log decryption. By focusing on the data rather than trying to learn how to construct these files, it becomes easier to extract data that otherwise might be missed or misinterpreted.
TRAINING TUESDAY HIGHLIGHTS
This year, I started doing Training Tuesday Highlights on LinkedIn, Twitter (X), and Facebook using the hashtag #DFIRDivaTTH. Every Tuesday I highlight a training provider, instructor, book, or course listed on the Free & Affordable Training Site related to Digital Forensics, Incident Response, Malware Analysis, or OSINT.
November Highlights:
- November 5th: Sorry, I missed this one.
- November 12th: ACE Responder
- November 19th: ENISA (Unfortunately their training material was removed after this post)
- November 26th: Belkasoft
CURRENT DISCOUNTS
With Black Friday/Cyber Monday deals going on, there are too many to list here. Check out the Current Discounts page to see all of them. I also made a blog post highlighting the deals related to DFIR, OSINT, and Malware Analysis: Free & Affordable Training News: Black Friday 2024 Edition
ADDITIONS TO THE TRAINING SITE
The following was added to the Free & Affordable Training site last month:
- PSAA – Practical SOC Analyst Associate (TCM Security)
- Mobile Forensics Courses (LetsDefend)
- Automated Detection with Sigma (The Taggart Institute)
- Malware Reverse Engineering: Basic to Advanced with Detection Engineering (Intelliroot Academy)
- Windows Forensics with Belkasoft (Free Jan 15 – Feb14, 2025)
Want to help support this site? I’m on Buy Me a Coffee