Free & Affordable Training News Monthly: Dec 2024 – Feb 2025

Things got a bit hectic and I didn’t get the January training news monthly blog post out so I’m combining two months in this post.

The following contains newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training, tools, and books from December 2024 and January 2025, as well as upcoming live online training and events for February. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.

Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies mentioned in this post and references to them contain affiliate/partner links: CyberDefenders, Hack The Box, Blue Cape Security, Amazon.



NEWLY RELEASED TRAINING, LABS & CHALLENGES FROM DECEMBER 2024 – JANUARY 2025

Belkasoft

Belkasoft released their Windows Forensics with Belkasoft course. It is free until February 14th. It comes with a 30 day trial of Belkasoft X and 6 CPE credits.


CIRCL

CIRCL added new Digital Forensics Training Materials (images and slides).


BlackPerl DFIR

BlackPerl DFIR released their OSINT Mastery course. It currently costs $47.

Topics include:

  • Introduction to OSINT
  • Creating Sock Puppets
  • The Art of Searching
  • Geolocation and Image OSINT
  • Email OSINT
  • Investigating Domains
  • Social Media Intelligence
  • Practical OSINT Case Studies

Blue Cape Security

Blue Cape Security launched their Hero Bundle that includes the following 3 hands-on courses for $997.

  • Enterprise Security Fundamentals
  • Practical Windows Forensics
  • Enterprise DFIR

TrainSec

Malware Analyst Professional Level 2 was released. Topics Include:

  • Introduction to Reverse Engineering
  • Understanding Windows API Functions
  • Code Injection
  • Self-Defending Malware
  • Packed Malware
  • Malicious Shell Code Analysis
  • Ransomware Reverse Engineering
  • Reverse Engineering .NET Malware

Ecothis Labs

After being down for a bit, CSI Linux Academy has relaunched as Ecothis Labs. They have Digital Forensics & OSINT courses plus certifications including:

  • CSIL-CI CSI Linux Certified Investigator (FREE)
  • CSIL-CCFI CSI Linux Certified Computer Forensic Investigator ($385)
  • CSIL-CDWI CSI Linux Certified Dark Web Investigator ($385)
  • CSIL-CSMI CSI Linux Certified Social Media Investigator ($385)
  • CSIL-COA CSI Linux Certified OSINT Analyst ($385)

LetsDefend

LetsDefend added the following courses and challenges:

Their VIP+ plan costs $39.99/month or $359/year.


CyberDefenders

CyberDefenders released the following new Pro labs. The Pro account costs $20/month – $200/year.

  • Babble Loader: Malware Analysis
  • ELPACO-team: Endpoint Forensics
  • DarkCrystal: Endpoint Forensics
  • MacLock: Endpoint Forensics
  • Beta Gamer: Endpoint Forensics
  • Boomer: Endpoint Forensics
  • BRabbit: Threat Intel (free)
  • BumbleSting: Threat Hunting

Hack The Box

Hack The Box released the following free Sherlocks in December and January:

  • UFO-1: Threat Intelligence
  • Loggy: Malware Analysis
  • Psittaciformes: DFIR
  • OpTinselTrace24-1: Sneaky Cookies: DFIR
  • OpTinselTrace24-3: Blizzard Breakdown: Cloud
  • OpTinselTrace24-4: Neuro Noel: DFIR
  • OpTinselTrace24-5: Tale of Maple Syrup: DFIR
  • OpTinselTrace24-6: Sleigh Slayer: DFIR

TryHackMe

TryHackMe released the following challenge and walkthrough rooms:

The TryHackMe Premium Subscription is $14/month or $126/year.


Blue Team Labs Online

Blue Team Labs Online released the following Pro Investigations:

  • Glazed: Digital Forensics
  • Vulpine: Digital Forensics

Their Pro subscription ranges from $19/month to $183/year.


Level Effect

Level Effect released SOC100-2: Train which is Pay What You Can. It covers:

  • Cybersecurity Industry
  • Governance, Risk, Compliance (GRC)
  • Cryptography
  • Windows Triage & Malware Analysis
  • Email Security
  • Log & Event Analysis with SIEM
  • Cyber Threat Intelligence (CTI)
  • Report Writing
  • Career Prep 2 – Malware Lab

Pluralsight

The following new courses were added to Pluralsight:

Incident Management with Velociraptor by Brian Dorr. Topics include:

  • Familiarization with Velociraptor Interface
  • Interfacing with Clients Using Shell and VFS Capability
  • Hunting with Community Artifacts
  • Hayabusa Scan and Analysis
  • Using Custom Artifacts

OT Malware Analysis: FrostyGoop by Josh Stroschein. Topics Include:

  • Essential Elements of Operational Technology
  • The FrostyGoop Malware
  • Identifying GoLang Binaries
  • Reverse Engineering FrostyGoop Malware
  • Capturing FrostyGoop Activity

The DFIR Report

The DFIR Report released a new DFIR Labs case for their recently published report: Backdoors and Lockbit – Private Case #27138. You can read the report here: Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware. Pricing for the DFIR Labs case starts at $22.99 and includes a certificate and badge.


13Cubed

13Cubed released a new video on YouTube: Be Kind, Rewind… The USN Journal.


Sofia Santos

Sofia Santo released the free OSINT Exercise #031.


NEWLY RELEASED BOOKS

Ghidra Software Reverse-Engineering for Beginners

The Second Edition of Ghidra Software Reverse-Engineering for Beginners by David Álvarez Pérez and Ravikant Tiwari was published on January 17th.

I’m currently doing a giveaway for this book on LinkedIn until February 9th.


NEWLY RELEASED TOOLS

PowerShell-Hunter

Michael Haag released PowerShell-Hunter.

Description from GitHub: PowerShell-Hunter is a growing collection of PowerShell-based threat hunting tools designed to help defenders investigate and detect malicious activity in Windows environments. This project aims to provide security analysts with powerful, flexible tools that leverage PowerShell’s native capabilities for threat hunting.


RequestShield

osintmatter released RequestShield.

Description from GitHub: RequestShield is a 100% Free and OpenSource tool designed to analyze HTTP access.logs and identify suspicious HTTP requests and potential security threats. It uses factors like geolocation, abuse history, request volume, and suspicious request paths to assign a risk score to each IP, providing actionable insights for security monitoring.


XRefer

Mandiant released XRefer, a Python-based plugin for IDA Pro. Check out their blog post about it.

Description from GitHub: The plugin provides a custom navigation interface within IDA. It examines execution paths from entry points, breaks down the binary into clusters of related functions, and highlights downstream behaviors and artifacts for quicker insights. XRefer can incorporate external data (e.g., API traces, capa results, user-defined xrefs) and provides path graphs for richer context. It integrates with Google’s Gemini model to produce natural language descriptions of code relationships and behaviors. Additionally, XRefer can provide cluster based labels for functions, aiming to accelerate the manual static analysis process.


Notion Incident Management System (NIMS)

Eric Capuano and Whitney Champion released the alpha version of Notion Incident Management System (NIMS). It is designed to help SOC/IR teams streamline their incident collaboration.


noimosiny

noimosiny is a new OSINT reverse searching platform. It includes Reverse Email, Reverse Phone, and Reverse Username searches. Pricing for individuals range from $29 – $56/month. There is also a free trial.


UPCOMING LIVE TRAINING, CONFERENCES & CTFS FOR FEBRUARY 2025

Feb1

Shadow Trails: The Rise of La Profecia OSINT CTF | Hacktoria

When:
Where:Online

Cost: Free

The CTF lasts for 3 weeks.

Feb5

IoT Forensics Webinar: Investigating Crime Caught on Camera

When:
Where:Online

Cost: Free

Feb6

OSINT Fundamentals | Unchartered

When:
Where:Online

Cost: $500

Feb10

Magnet Virtual Summit 2025

When:
Where:Online

Cost: Free

The virtual summit runs from February 10 – 14 and includes a CTF.

Feb25

Cybercrime Forums: Investigation and Intelligence Gathering | Flare Academy

When:
Where:Online

Cost: Free


TRAINING TUESDAY HIGHLIGHTS

Last year, I started doing Training Tuesday Highlights on LinkedInTwitter (X), and Facebook using the hashtag #DFIRDivaTTH. Every Tuesday I highlighted a training provider, instructor, book, or course listed on the Free & Affordable Training Site related to Digital Forensics, Incident Response, Malware Analysis, or OSINT.

Things started getting a bit hectic near the end of December and I missed a couple. I’m taking a break from doing these at the moment but will probably pick it back up later.

December Highlights: