As I continue trying to figure out what I want to be if/when I grow up, I'm finding so many awesome learning resources, including websites that offer basic introductions to DFIR and other infosec topics along with sites that have challenges to work through. I mentioned in an earlier post that I was considering a move toward learning to be a SOC analyst and that is still a possibility, though not my final goal. I hope one day to qualify for a digital forensic role with some company and I'm trying to learn all I can to make that happen. While I've been working on blue team training and exercises, I keep seeing amazing DFIR training opportunities and find I'm spending a lot more time on them than anything else at the moment.
I've recently started working on challenges at CyberDefenders. They have a variety of challenges for disk and memory forensics, malware, network traffic analysis and more. I completed a memory forensics challenge there a couple days ago called DumpMe. I had forgotten how much fun it was to work with Volatility. I learned a lot doing the challenge.
As has usually been the case for me, my training budget is mostly non-existent so I'm always on the lookout for low cost/no cost learning opportunities. I saw mention of a new training site while viewing my Twitter feed a couple weeks ago and I'm excited to see this site develop.
The Cyber5W Academy has multiple low cost and no cost training courses available. The 5W part of the name alludes to "who, what, where, when and why. The site is run by Professor Ali Hadi, Ph.d, who also teaches forensics and security courses at Champlain College. Cyber5W offers digital forensic consulting and on-site training as well.
The courses are broken down into three categories: Intro to Forensics, Windows Forensics and Linux Forensics. Quite a few courses are already available and many more are under development. All courses at the time of this post are either free or $50. The courses are online PDF based and include instruction, hands on exercises and the occasional quiz. Each course provides a certificate of completion as well.
I've been working my way through the Intro courses as I try to find my way to a DFIR role somewhere. They are helping me remember so much of what I've forgotten over the 5 years since I last did any forensic work. They are also introducing new ideas and helping me get up to speed on what is the current norm for forensic investigations. I especially liked the digital forensic reporting course, as reporting has always been something I enjoy. I intend to work my way through the available courses in all three categories.
I contacted Ali Hadi to thank him for this great learning opportunity and asked if he would tell me about his motivation for creating the Cyber5W Academy. He kindly replied and allowed me to share his thoughts here on the blog.
The Nobel Prize for an educator, is seeing his students being successful. There is literally nothing better than that and those success stories are prizes I love to collect. Now, currently teaching at Champlain College, allows me to engage with how many students per year? A hundred, two hundred, triple that number? It's good, I'm grateful, but still not much! But what if I am be able to teach and engage with thousands around the world? That's a great motivation! This is not the first educational organization that I have established, there are others, and they all share the same core goal "helping others".Ali has created courses on other sites as well, including Hacking Techniques and Intrusion Detection, Digital Forensics Professional and Malware Analysis. He also has Offensive Software Exploitation and other great material on his YouTube channel.
I've received so many positive feedback, thank you and appreciation messages, network connection requests, etc, which I'm very happy that I was able to help those students advance in their careers, but also grateful for the opportunity. I thought now is the time in my career to start my own path and focus on something that I really love, which is teaching Digital Forensics.He views Cyber5W as a way for him to help others, notably including those with little money to spend on quality training.
I do not want money to be a barrier for those who want to learn; I want to help as much as I can. Another important aspect, is the world is now so dependable on technology, and this means more abuse/crime/incidents/etc are going to happen. Unfortunately, that's true, so we need more investigators/fighters, we need more people to make this world a better place for our beloved ones. Therefore, I hope C5W will be able to encourage new people to start their DFIR journey, raise more awareness to DFIR, increase the DFIR community members, and also be a resource they can all depend on!I'm looking very forward to seeing what all Ali has in store for Cyber5W. I'm having fun learning from his courses and can't wait to see what's next.
One other course I just purchased yesterday and plan to start working on soon is Cyber Security Incident Response: Wannacry Ransomware. The course is on Udemy and was authored by Balazs Lendvay.
The course is designed to teach the following (list taken from the Udemy course page):
Investigate and understand the behavior of the Wannacry ransomware in a lab environment using your own computer if you will.
Triage and identify indicators of compromise.
Live-analysis of the infected lab machine for windows artifacts
Static-analysis of the identified executable and artifacts
Sandbox analysis of the malicious activity, including network activity, processes, services, autoruns
Create a summary report of the incident and identify remediation recommendations
I've always liked learning about malware analysis, so it should be a lot of fun working through this course.
By the way, have you noticed how I keep mentioning the word "fun"? That's because learning is fun and it's my hope that more people will come to realize that. I'm very grateful to the people behind all these low cost and no cost courses for making this kind of fun available.
And with that, I will end this post. Hope to be back soon with some more cool stuff.