It’s been over a year since my last blog post. Instead of sending out a newsletter, each month I will blog about newly launched training and let you know about upcoming training events. The focus is on Digital Forensics & Incident Response (DFIR) training. Like the Free and Affordable Training Site, nothing in these blog posts will be over $1,000. This first blog post will cover two months of new releases since I started getting caught up in September after being out of the loop for a while. I will also list the training that has been added to the Free and Affordable Training Site as well as any current discounts I know of. So, here it goes…..
Note: I am an affiliate or partner of Hack the Box, CyberDefenders, Humble Bundle, INE, Udemy, Apress Books, Amazon, and Pluralsight. Purchases made through affiliate/partner links help me cover the cost of keeping this website going.
NEWLY RELEASED DFIR TRAINING
Hack The Box Academy
Hack The Box Academy has released a new SOC Analyst Job Role Path as well as a new Certified Defensive Security Analyst (CDSA) certification to go with it. Both the learning path and the certification are hands-on. I started the training path and I’m very impressed with the content so far! I haven’t worked in a SOC before, but I can say that this is a great path for Incident Response.
Students can access the SOC Analyst Job Role Path for $8/month and can optionally purchase the CDSA certification voucher for $210.
For everyone else, access to the entire path, including the certification exam is $490/year. There are also options to access the job role path for $18/month, $38/month, or $68/month.
Alternatively, cubes can be purchased to go through each module one by one, and the exam voucher can be purchased separately (this comes to around $330).
The training includes:
- Introduction to Digital Forensics
- Incident Handling Process
- Introduction to Malware Analysis
- Security Monitoring & SIEM Fundamentals
- Windows Event Logs & Finding Evil
- Introduction to Threat Hunting & Hunting with Elastic
- Understanding Log Sources & Investigating with Splunk
- Detecting Windows Attacks with Splunk
- Windows Attack & Defense
- Intro to Network Traffic Analysis
- Intermediate Network Traffic Analysis
- Working with IDS/IPS
- YARA & Sigma for SOC Analysts
- Security Incident Reporting
They also have a SOC Analyst Prerequisites Path that includes:
- Linux Fundamentals
- Introduction to Bash Scripting
- Windows Fundamentals
- Introduction to Windows Command Line
- Introduction to Networking
- Introduction to Active Directory
- Web Requests
- Penetration Testing Process
- Network Enumeration with Nmap
- Intro to Assembly Language
CSI Linux released their CSI Linux Certified Computer Forensic Investigator (CCFI) training and certification. The total cost is $385. I have also started the training for this and really like it so far. It’s a mixture of reading, videos, hands-on labs, and simulations.
- Cyber Forensics
- CSI Linux as your Forensic Workstation
- Laws and Ethics
- Common Documents in Computer Forensics
- The Investigation Process
- File Systems
- How Data is Written to a Drive
- Acquiring, Transporting and Storing Evidence
- Forensic Imaging
- Deleted Files
- String/HEX Searching and Regex
- Windows OS Artifacts
- Windows Registry Forensics
- MacOS Artifacts
- Linux OS Artifacts
- Methods of Hiding Data
- Slack Space
- Memory Forensics
- Internet Evidence
- File Analysis
- Graphics and Image Analysis
- Log Files
- Mobile Devices
- Hacking and Malware Forensics
- Report Writing
I can’t talk about CSI Linux without mentioning that it’s one of my favorite distros AND that they also have a FREE certification with training included right now (with 40 CPE credits). The free CSI Linux Certified Investigator (CSIL-CI) course and exam goes over the tools and functionality of the CSI Linux distro.
13Cubed released an Investigating Windows Memory course. The price is $795. He also created a VMware Memory Forensics – Don’t Miss This Important Detail! video on YouTube.
Tyler Hudak recently released Specialized DFIR: Windows File System and Browser Forensics (part of the Incident Response Path on Pluralsight).
- Windows NTFS Analysis
- NTFS Timeline Generation and Analysis
- Browser Artifacts
- Browser Analysis
Pluralsight has subscription options including thousands of courses ranging from $29/month to $449/year.
WGU students and alumni – in case you didn’t know, you get Pluralsight for free!
Cyber 5W release several Malware Analysis Courses for $50:
- Introduction to Malware Analysis
- Static Malware Analysis 101
- Dynamic Malware Analysis 101
- Static Malware Analysis 102 – IDA Pro
- Static Malware Analysis 102 – Ghidra
Cyber 5W also released Fat File System Forensics (theory & hands-on). This course is also $50 and covers:
- Forensic Importance
- Sectors and Clusters
- Cluster Allocation for Files
- Slack Space
- Reserved Area
- FAT Area
- Data Area
- File Names
- Root Directory Entries
Cyber 5W also has a Site Pass where you can gain access to all of their on-demand malware analysis and forensics courses for $800/year.
Cyber Triage recently held a live Investigating Ransomware workshop that is now a free course. You get a certificate of completion when completed. I completed the course last week using the trial version of Cyber Triage. I thought it was fun. It’s set up like an Incident Response CTF followed by a walkthrough.
INE recently released Skill Dive – real world scenario hands-on labs. From searching for labs in their search bar, it looks like they have labs for forensics, malware analysis, PCAP analysis, and more.
Pricing for skill dive is $299 for a year for one learning area (Cyber Security, Networking, or Cloud). Each additional learning area is $99. They have a video about it here: https://www.youtube.com/watch?v=Plfh2AZg408
They also released FREE demos of some of their hands-on labs here: https://showcase.ine.com/home
Pwned Labs recently launched. They have several free cloud security labs. Some look like DFIR-type labs. I haven’t had a chance to really dive into this yet, but I think it looks pretty cool.
Windows Malware Analysis for Hedgehogs
Karsten Hahn released Windows Malware Analysis for Hedgehogs – Beginner Training on Udemy. The course is $19.99.
The training covers:
- Malware Lab Setup
- Triage and File Type Basics
- Wrapped Files and Installers
- Malware Persistence and Disinfection Basics
- Portable Executable Format and .NET
- File Analysis Verdicts
- Malware Classification and Analysis Reports
- Ghidra Basics
- Debugging Basics with x64dbg
- Ransomware Analysis with Ghidra and x64dbg
- Packers and Unpacking Methods
Belkasoft’s iOS Forensics with Belkasoft course was free until October 15th. It is now available on-demand for $989. It includes a free 30 day trial license for Belkasoft X.
- How to use basic and advanced methods of iOS acquisition
- How to acquire iOS data from the cloud
- How to analyze iOS apps, including encrypted ones
- Which iOS system files may be of interested for a DFIR investigation and how to analyze them
- [LE only] How to use Belkasoft X Brute-Force tool to unlock certain models of iPhone and iPad devices
Want to learn how to analyze PCAPs in Wireshark? MaxProd Technologies held a live Top 5 Dead or Alive | Networking Protocols Triaged in the SOC training event. It is now on YouTube.
Dr Josh Stroschein
Dr Josh Stroschein has been updating his Learning Assembly videos on YouTube.
CybDig Cyber Security Digital Forensics
CybDig Cyber Security Digital Forensics started a YouTube series on EncCase
Kevin Holvoet released VirusTotal Academy – SOC & IR on YouTube
CyberDefenders released several free challenges and Pro labs. The Pro account costs $20/month – $200/year
Labs Released in September and October Include:
- Oski – Threat Intel (Pro)
- The Crime – Endpoint Forensics (Free)
- Tomcat TakeOver – Network Forensics (Free)
- REvil – Digital Forensics (Pro)
- RAR-CVE – Malware Analysis (Pro)
- Yara 101 – Detection Engineering (Pro)
- Amadey – Endpoint Forensics (Pro)
- ProPDF – Malware Analysis (Pro)
- Kerberoasted – Threat Hunting (Pro)
Blue Team Labs Online
Blue Team Labs Online released several new labs. There is a free option for Blue Team Labs Online. Pro access costs between $18/month to $174/year.
Labs Released in September and October Include:
- Basilisk I – Reverse Engineering
- Certutil – Digital Forensics
- Hash it Out – Threat Intelligence
- Enter the Dragon I- Reverse Engineering
- Espionage – Digital Forensics
- Sukana – Incident Response (Free)
- Ceasar Salad 2 – Digital Forensics
- Thumbs Up – Digital Forensics
- Monitor – Reverse Engineering
They also increased the lab time for those with free accounts from 2 hours/month to 10 hours/month.
LetsDefend released new courses and challenges. They offer a limited free basic plan. A VIP SOC Analyst plan is $24.99/month and a VIP Incident Responder plan is $39.99/month (Save up to 33% paying annually). Here are a couple of their new Incident Response releases:
TryHackMe launched a SOC Level 2 path.
- Log Analysis
- Advanced Splunk
- Advanced ELK
- Detection Engineering
- Threat Hunting
- Threat Emulation
- Incident Response
- Malware Analysis
NEWLY RELEASED OSINT TRAINING
Digital Trails Academy
Fundamentals of Cyber Investigations & Human Intelligence was released on Digital Trails Academy by Christina Lekati and Samuel Lolagar.
The cost is: $369
- Operational Security (OPSEC)
- Online Harassment
- Sock Puppet Accounts
- Prepare Your Investigation Workstation
- Live System Options
- Virtual Machines
- Open Source Intelligence (OSINT)
- The Intelligence Cycle
- Basics of Information Gathering
- Google, Bing, and Yandex
- Website Investigations
- Username Search Essentials & Tools
- Website Content Analysis
- Website Fingerprinting
- Social Media Intelligence (SOCMINT)
- Fundamental SOCMINT Techniques
- Account Profile; Content Analysis Techniques
- Identifying Relationships & Connecting Accounts
- Human Intelligence (HUMINT)
- Stages of HUMINT Operation & HUMINT Techniques
- Covert Interviewing & Ethics
OTHER NEWLY RELEASED BLUE TEAM TRAINING
BlackPerl DFIR recently launched the course: Security Mastery with QRadar SIEM ($24). This course covers setting up a lab, QRadar Architecture, Capturing Snapshots, Preparing Log Ingestion Pipelines, Building Detections, MITRE Mapping, and Managing Admin Jobs.
NEWLY RELEASED BOOKS
Windows Forensics Analyst Field Guide by Muhiballah Mohammed (Available on Amazon) – Release Date: October 27, 2023
The Android Malware Handbook by Qian Han, Salvador Mandujano, Sebastian Porst, V.S. Subrahmanian, Sai Deep Tetali, and Yanhai Xiong. (Available on No Starch Press) – Release Date: September 2023 (currently, it looks like the eBook is available on No Starch and the print book hasn’t been released yet. It is available for pre-order on Amazon with a release date of November 7th)
CAPER Guide to Digital Investigations by Jason Wilkins (Digital Investigations for Small Town Law Enforcement) – Release Date: October 1, 2023.
CyberDefenders added an installment plan option to their Certified CyberDefender (CCD) training & certification.
They also added a Walkthroughs tab where you can view walkthroughs of their retired challenges.
BlackPerl DFIR Academy
BlackPerl DFIR Academy added Learning Paths for their courses.
The DFIR Report
ADDITIONS TO THE FREE & AFFORDABLE TRAINING SITE
Here are the latest additions to the Free & Affordable Training Site from September and October:
- CSI Linux:
- Digital Trails Academy: Fundamentals of Cyber Investigations & Human Intelligence -$369
- BasisTech: [Workshop] Investigating Ransomware – Free
- Belkasoft On-Demand Courses:
- CyberWarFare Labs: Certified Purple Team Analyst V2 [CPTA V2] – $199
- Pwned Labs – Free
- Cado Security: Cloud Forensics & Incident Response Videos and Resources – Free
- BlackPerl DFIR Academy:
- Tanisha Turner: Introduction to Malware Analysis & Reverse Engineering – Free
- Cyber 5W:
- Sofia Santos: List of OSINT Exercises – Free
- Faan Ross: Threat Hunting for Beginners: Hunting Standard DLL-Injected C2 Implants – Free
- Applied Network Defense:
- CryptoHack (Cryptography Challenges)- Free
- ASK Academy: The Art of Malware Analysis – $149
- NPower (For Veterans in Specific Locations) – Free
- VetSec (For Veterans) – Free
- BlueMonkey 4n6: Linux Forensics Training Videos – Free
- Defensive Security: Linux Attack and Live Forensics at Scale – $449
- Book: Practical Linux Forensics: A Guide for Digital Investigators by Bruce Nikkel – Price Varies
- James Habben: 4n6 App Finder – Free
- eForensics Magazine: Cloud Forensics (W56) – Digital Forensics Course Online – $249
- Invictus Incident Response:
- PuravsPoint: DecipheringUAL (Microsoft 365 Unified Audit Log) – Free
- Hack The Box:
- TCM Security: Detection Engineering for Beginners – $30/month – $300/year
- KASE: Immersive OSINT Scenarios – Free to $49.99
- Karsten Hahn (Udemy): Windows Malware Analysis for Hedgehogs – Beginner Training – $19.99
- Cloud Security Alliance: Cloud Incident Response Framework – Free
- Nothing Cyber: Threat Hunt 101 Series – Free
UPCOMING LIVE TRAINING FOR NOVEMBER
Next Hands-On IR D&D Style Webcast (Antisyphon Training) – Cost: Free – November 1st
Introduction to Sigma (Scythe) – Cost: Free – November 7th
[Workshop] Investigating Data Exfiltration (BasisTech) – Cost: Free – November14th
How the Cloud Changes SecOps and Incident Response: Lessons from a Real-World-Living-Off-The-Cloud Attack (SANS) – Cost: Free – November 15th
For more events such as conferences, CTFs, Live Streams, and more, visit Community Events.
The Current Discounts page is updated several times per week. Here are the discounts available at the time of this blog post:
Deals Ending TODAY:
- Apress Books: 40% off books and eBooks using code: HAL40 (They have several DFIR books)
- Packt: Get 20% off select Packt books on Amazon (Includes DFIR books)
- No Starch Press: Get 31% off everything at No Starch Press using code: SCREAM31 (Also has DFIR books)
- ISACA: Save 15% on ISACA’s six cybersecurity online courses (Includes Digital Forensics)
- INE: Save 67% with INE’s BooGo sale. Includes Digital Forensics and Incident Response certs.
- Cisco U: Get free access to the Cisco CyberOps Associate Learning Path and earn 30 CPEs. This is Cisco’s SOC/Cybersecurity certification. Free access ends November 17th.
- uCertify: Get 25% off site-wide until November 4th using code: HLWN25
- Humble Bundle: Networking & Security Cert Prep
If you would to to receive email notifications of future blog posts from DFIR Diva, please subscribe below.
Like what I’m doing and want to help support the site? I’m on Buy Me a Coffee.