Name & Direct Link: Threat Hunting Labs

Cost: $0 – $281/year

Community: There is a Discord community

Description: A training platform built for threat hunters, SOC analysts, incident responders, and detection engineers who want to train the way they actually work. Every investigation runs against real intrusion telemetry from sanitized breach cases, inside a platform-native search console where you write real queries, form hypotheses, and validate findings with evidence. No synthetic noise or contrived puzzles. Just investigations that force you to think, adapt, and prove your conclusions.

Topics:

Threat Hunting Labs covers four core disciplines, all built on the same rich, real-world datasets:

• Threat Hunting: Proactively search through telemetry to find evil, form hypotheses, and follow the trail wherever it leads.
• Incident Response: Respond to a critical alert, triage the damage, and make time-pressured decisions with real consequences.
• Detection Engineering: Move beyond finding evil to codifying it. Write and tune detection rules against real attack patterns.
• Malware Analysis: Go hands-on with malware from the intrusion in a secure, dedicated REMnux environment tied to the case telemetry.

Name & Affiliate Link*: SOC Analyst Professional – Foundations

Platform: TrainSec

Course Instructor: Uriel Kosayev

Cost: $500

Proof of Completion: Certification of Completion

Community/Forum: There is a Discord community

Topics Include:

• Computer Fundamentals
• Computer Hardware
• BIOS
• Operating System Boot Order
• Windows Processes
• Windows Registry
• Windows Services
• File System
• Networking Fundamentals
• Transmission Types
• LAN vs WAN
• Communication Methods
• OSI Model vs TCP-IP Model
• ARP Protocol
• Networking Layers
• Packet Sniffing & Analysis
• Introduction to Wireshark
• Using Netstat for Triage
• Network Miner
• Nmap and NBTscan
• Introduction to Virtualization
• Hypervisor Type 1 vs Hypervisor Type 2
• VMWare NICs and Services
• Bridged vs NAT
• Creating a Virtual Machine
• Windows & Active Directory
• Deploying Windows 10 and Windows Server
• ICMP, Firewalls and More
• Taking Snapshots
• The 5 FSMO Roles
• DNS
• DHCP
• Kerberos
• Group Policy
• GPO Bypass and Hardening
• Linux Essentials
• Installing Kali Linux
• Linux File System
• Linux Users & Groups
• Linux Processes
• Linux Network Commands
• Linux Logs Monitoring
• Shell Scripting

*DFIR Diva is an affiliate of TrainSec and receives a small percentage of sales made through affiliate links that go toward keeping the site running.

Name & Direct Link: Digital Forensics & Incident Response in the Cloud Bootcamp

Platform: INE

Cost: This course is part of the INE Premium ($749/year) subscription*

Topics:

• Digital Forensics & Imaging
• Chain of Custody & Authority
• Evidence Collection
• Memory Forensics
• Logs & Network Analysis
• Cloud Infrastructure
• Cloud Incident Response
• Cloud Playbook
• Incident Response Lifecycle & Roles
• Threats – Hunting & Intelligence

*DFIR Diva is a partner of INE and receives a small percentage of sales made through partner links that go toward keeping the site running.

Name & Direct Link: MYDFIR SOC Analyst Course

Platform: MyDFIR Academy

Cost: $499.97

Proof of Completion: Certificate of Completion

Topics:

• Cybersecurity Fundamentals and Refreshers
• Introduction to the Security Operations Center
• Frameworks
• Pyramid of Pain
• Indicators of Compromise
• OSINT
• Art of Investigations
• Job Readiness

Name & Direct Link: Investigating Linux Devices

Certification Information: Certifications and Digital Badges

Platform: 13Cubed

Cost: $895

Exam Type: Hands-On/Multiple Choice

Topics Covered:

• Introduction to Linux
• Linux Logs
• Linux File Systems
• Persistence Mechanisms
• Evidence Collection
• Timelining
• Linux Memory Forensics
• Live Response
• Analyzing a Compromised System

Name & Direct Link: Network Forensic Fundamentals

Platform: YouTube

Topics:

• The PCAP File Format
• The Berkeley Packet Filter (BPF)
• tcpdump
• Wireshark
• Wireshark Options
• Wireshark Display Filters
• tshark
• Introduction to Simple Labs

Name & Direct Link: Introduction to AWS Threat Detection

Platform: LinkedIn Learning

Instructor: Day Johnson

Cost: $34.99

Topics:

• MITRE Cloud Matrix
• Log Analysis in AWS
• CloudTrail Log Analysis
• Investigating Compute Threats
• Investigating IAM Threats
• Investigating Storage Threats
• Investigating Logging and Monitoring Threats
• Amazon GuardDuty

Name & Direct Link: Incident Responder Learning Path

Platform: LetsDefend

Cost: $39.99/month – $359/year

Proof of Completion: Certificate of Completion

Community: There is a LetsDefend Discord server

Student Discount: They have Special Pricing for Students (50% off)

Topics:

• Cybersecurity Incident Handling Guide
• Incident Response on Windows
• Incident Response on Linux
• IR – Malware – Event ID: 139
• Hacked Web Server Analysis
• SA – Web Attack – Event ID: 115
• Log Analysis with Sysmon
• Forensic Acquisition and Triage
• Memory Forensics
• Memory Analysis
• Registry Forensics
• Event Log Analysis
• IR – Malware – Event ID: 101
• Browser Forensics
• Suspicious Browser Extention
• GTFOBins
• Hunting AD Attacks
• Writing a Report on a Security Incident
• How to Prepare a Cyber Crisis Management Plan?

Book Title: Placing the Suspect Behind the Keyboard: DFIR Investigative Mindset

Author: Brett Shavers

Book Website: Placing the Suspect Behind the Keyboard

Where to Buy:

Amazon*

Chapters Include:

• Technical Skills
  • Tech Prowess
• Knowledge
  • Rules of Civil/Criminal Procedure
  • Rules of Evidence
  • Evidence is not only just evidence
  • Does evidence prove or disprove theories?
• Self-Assessment
  • Who are you?
  • Curiosity
  • Your Identity
  • Other DFIR investigative traits
  • Your brain
  • Assessing your team
  • Self-assessment rating
• Senses
  • Perceptions & perspectives
  • Seeing & observing
  • Hearing & listening
• Hacking Your Mind
  • Critical thinking
  • Creative thinking
  • Visual thinking
  • Additional thinking models
  • Critical reading
  • Logic and reasoning
  • Cognition and ignorance
  • Theories and hypothesis
  • Think
  • Bias
  • Fallacies and reasoning errors
• Tactics
  • Old school & high tech
  • Checklists & procedures
  • The Investigative Cycle(s)
  • Live Cycles, Kill Chains, & Crime Scripting
  • Profiling
  • Identity
  • Link analysis
  • Notetaking
  • Problem-solving
  • Visualization to see the case
• Strategies
  • Micro and Macro
  • Decision-making
  • Focus and distractions
  • Correlation and causation
  • Targeting and pivoting
  • Errors and mistakes
  • Dumb ideas and terrible solutions
  • Words (and choice of words) matter
• Transformation
  • Scenario-based training
  • Visualization drills
  • Writing and speaking
  • Memory & documentation
  • Case studies
  • Unconscious competence?
  • Shadowing
  • Daily life of a critical thinker
  • Peer review
• Wisdom
  • Know yourself & seek self-improvement
  • Technical competence is your responsiblity
  • Hack your brain
  • Hack the adversary
  • Personal and professional accountability
  • Ethics and corruption
  • Credibility and reliability
  • Faults and competence
  • Pitfalls and self-made traps
• Education & Training
  • You need both training and education in DFIR
• AI as the Investigator
• Time to Liftoff
  • Obstacles to developing a DFIR Investigative Mindset
• Conclusion
  • My last bit of guidance for you

*As an Amazon Associate I earn from qualifying purchases. This helps with the cost of running this website.

Name & Direct Link: DFIR Labs

Platform: The DFIR Report

Cost: $14.99 – $29.99

Student Discount: Students get 30% off. Instructions can be found HERE.

Proof of Completion: Certificate and Badge upon completing the lab and quiz.

Description: Analyze logs related to published DFIR Reports.