Things got a bit hectic and I didn’t get the January training news monthly blog post out so I’m combining two months in this post.
The following contains newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training, tools, and books from December 2024 and January 2025, as well as upcoming live online training and events for February. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.
Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies mentioned in this post and references to them contain affiliate/partner links: CyberDefenders, Hack The Box, Blue Cape Security, Amazon.
NEWLY RELEASED TRAINING, LABS & CHALLENGES FROM DECEMBER 2024 – JANUARY 2025

Belkasoft
Belkasoft released their Windows Forensics with Belkasoft course. It is free until February 14th. It comes with a 30 day trial of Belkasoft X and 6 CPE credits.
CIRCL
CIRCL added new Digital Forensics Training Materials (images and slides).
BlackPerl DFIR
BlackPerl DFIR released their OSINT Mastery course. It currently costs $47.
Topics include:
- Introduction to OSINT
- Creating Sock Puppets
- The Art of Searching
- Geolocation and Image OSINT
- Email OSINT
- Investigating Domains
- Social Media Intelligence
- Practical OSINT Case Studies
Blue Cape Security
Blue Cape Security launched their Hero Bundle that includes the following 3 hands-on courses for $997.
- Enterprise Security Fundamentals
- Practical Windows Forensics
- Enterprise DFIR
TrainSec
Malware Analyst Professional Level 2 was released. Topics Include:
- Introduction to Reverse Engineering
- Understanding Windows API Functions
- Code Injection
- Self-Defending Malware
- Packed Malware
- Malicious Shell Code Analysis
- Ransomware Reverse Engineering
- Reverse Engineering .NET Malware
Ecothis Labs
After being down for a bit, CSI Linux Academy has relaunched as Ecothis Labs. They have Digital Forensics & OSINT courses plus certifications including:
- CSIL-CI CSI Linux Certified Investigator (FREE)
- CSIL-CCFI CSI Linux Certified Computer Forensic Investigator ($385)
- CSIL-CDWI CSI Linux Certified Dark Web Investigator ($385)
- CSIL-CSMI CSI Linux Certified Social Media Investigator ($385)
- CSIL-COA CSI Linux Certified OSINT Analyst ($385)
LetsDefend
LetsDefend added the following courses and challenges:
- Before the DFIR Course
- Reversing Malware Course
- Google Cloud Forensics Course
- Azure Forensics Course
- AWS Forensics Course
- Linux Data Acquisition Course
- MacOS Forensics Course
- Building a SOC Lab at Home Course (free)
- AWS Stacked Challenge (free)
- Browser Exploit Challenge (free)
- Java Shellcode Challenge (free)
- Linux Downloader Challenge (free)
- Malicious NuGet Package Challenge (free)
- Windows Theme Spoofing Challenge (free)
- iOS Forensics Challenge
Their VIP+ plan costs $39.99/month or $359/year.
CyberDefenders
CyberDefenders released the following new Pro labs. The Pro account costs $20/month – $200/year.
- Babble Loader: Malware Analysis
- ELPACO-team: Endpoint Forensics
- DarkCrystal: Endpoint Forensics
- MacLock: Endpoint Forensics
- Beta Gamer: Endpoint Forensics
- Boomer: Endpoint Forensics
- BRabbit: Threat Intel (free)
- BumbleSting: Threat Hunting
Hack The Box
Hack The Box released the following free Sherlocks in December and January:
- UFO-1: Threat Intelligence
- Loggy: Malware Analysis
- Psittaciformes: DFIR
- OpTinselTrace24-1: Sneaky Cookies: DFIR
- OpTinselTrace24-3: Blizzard Breakdown: Cloud
- OpTinselTrace24-4: Neuro Noel: DFIR
- OpTinselTrace24-5: Tale of Maple Syrup: DFIR
- OpTinselTrace24-6: Sleigh Slayer: DFIR
TryHackMe
TryHackMe released the following challenge and walkthrough rooms:
The TryHackMe Premium Subscription is $14/month or $126/year.
Blue Team Labs Online
Blue Team Labs Online released the following Pro Investigations:
- Glazed: Digital Forensics
- Vulpine: Digital Forensics
Their Pro subscription ranges from $19/month to $183/year.
Level Effect
Level Effect released SOC100-2: Train which is Pay What You Can. It covers:
- Cybersecurity Industry
- Governance, Risk, Compliance (GRC)
- Cryptography
- Windows Triage & Malware Analysis
- Email Security
- Log & Event Analysis with SIEM
- Cyber Threat Intelligence (CTI)
- Report Writing
- Career Prep 2 – Malware Lab
Pluralsight
The following new courses were added to Pluralsight:
Incident Management with Velociraptor by Brian Dorr. Topics include:
- Familiarization with Velociraptor Interface
- Interfacing with Clients Using Shell and VFS Capability
- Hunting with Community Artifacts
- Hayabusa Scan and Analysis
- Using Custom Artifacts
OT Malware Analysis: FrostyGoop by Josh Stroschein. Topics Include:
- Essential Elements of Operational Technology
- The FrostyGoop Malware
- Identifying GoLang Binaries
- Reverse Engineering FrostyGoop Malware
- Capturing FrostyGoop Activity
The DFIR Report
The DFIR Report released a new DFIR Labs case for their recently published report: Backdoors and Lockbit – Private Case #27138. You can read the report here: Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware. Pricing for the DFIR Labs case starts at $22.99 and includes a certificate and badge.
13Cubed
13Cubed released a new video on YouTube: Be Kind, Rewind… The USN Journal.
Sofia Santos
Sofia Santo released the free OSINT Exercise #031.
NEWLY RELEASED BOOKS

Ghidra Software Reverse-Engineering for Beginners
The Second Edition of Ghidra Software Reverse-Engineering for Beginners by David Álvarez Pérez and Ravikant Tiwari was published on January 17th.
I’m currently doing a giveaway for this book on LinkedIn until February 9th.
NEWLY RELEASED TOOLS

PowerShell-Hunter
Michael Haag released PowerShell-Hunter.
Description from GitHub: PowerShell-Hunter is a growing collection of PowerShell-based threat hunting tools designed to help defenders investigate and detect malicious activity in Windows environments. This project aims to provide security analysts with powerful, flexible tools that leverage PowerShell’s native capabilities for threat hunting.
RequestShield
osintmatter released RequestShield.
Description from GitHub: RequestShield is a 100% Free and OpenSource tool designed to analyze HTTP access.logs and identify suspicious HTTP requests and potential security threats. It uses factors like geolocation, abuse history, request volume, and suspicious request paths to assign a risk score to each IP, providing actionable insights for security monitoring.
XRefer
Mandiant released XRefer, a Python-based plugin for IDA Pro. Check out their blog post about it.
Description from GitHub: The plugin provides a custom navigation interface within IDA. It examines execution paths from entry points, breaks down the binary into clusters of related functions, and highlights downstream behaviors and artifacts for quicker insights. XRefer can incorporate external data (e.g., API traces, capa results, user-defined xrefs) and provides path graphs for richer context. It integrates with Google’s Gemini model to produce natural language descriptions of code relationships and behaviors. Additionally, XRefer can provide cluster based labels for functions, aiming to accelerate the manual static analysis process.
Notion Incident Management System (NIMS)
Eric Capuano and Whitney Champion released the alpha version of Notion Incident Management System (NIMS). It is designed to help SOC/IR teams streamline their incident collaboration.
noimosiny
noimosiny is a new OSINT reverse searching platform. It includes Reverse Email, Reverse Phone, and Reverse Username searches. Pricing for individuals range from $29 – $56/month. There is also a free trial.
UPCOMING LIVE TRAINING, CONFERENCES & CTFS FOR FEBRUARY 2025

Shadow Trails: The Rise of La Profecia OSINT CTF | Hacktoria
Cost: Free
The CTF lasts for 3 weeks.
Magnet Virtual Summit 2025
Cost: Free
The virtual summit runs from February 10 – 14 and includes a CTF.
Cybercrime Forums: Investigation and Intelligence Gathering | Flare Academy
Cost: Free
TRAINING TUESDAY HIGHLIGHTS
Last year, I started doing Training Tuesday Highlights on LinkedIn, Twitter (X), and Facebook using the hashtag #DFIRDivaTTH. Every Tuesday I highlighted a training provider, instructor, book, or course listed on the Free & Affordable Training Site related to Digital Forensics, Incident Response, Malware Analysis, or OSINT.
Things started getting a bit hectic near the end of December and I missed a couple. I’m taking a break from doing these at the moment but will probably pick it back up later.
December Highlights:
- December 3rd: Mosse Cyber Security Institute
- December 10th: Cyb Detective
- December 17th: Anuj Soni