Free Training Categories

Free Training for Kids

Name & Direct LinkDescription
Cyberstart AmericaA free national program for high school students to master cybersecurity as a gateway to the industry, up their digital skills, and compete for college scholarships.
Cyberstart GoFree cybersecurity challenges for high school students.
picoCTF and picoGympicoCTF is a free computer security game designed for middle and high school students. picoGym is a non-competitive practice space where you can explore and solve challenges from previously released picoCTF competitions.
CS UnpluggedA collection of free teaching material that teaches Computer Science through engaging games and puzzles.
Code.orgFree computer science courses for students K-12
Coding for Kids in PythonYouTube video series for kids on the NPStation YouTube channel.
Cyber Games UKInteractive resources and games for different aspects of Cybersecurity.
HackTaleA gamified platform simulating a real life cyber event.
TechGirlzTechGirlz hosts several free workshops related to coding and cybersecurity.
Young Leaders in TechFree videos related to cybersecurity.

Free Training for Veterans

Name & Direct LinkDescription
WithYouWithMeFree Courses for Veterans including a Cyber Defender Pathway
FedVTEFederal Virtual Training Environment - Provides free online cybersecurity training to federal, state, local, tribal and territorial government employees, federal contractors, and US military veterans.
Palo Alto Networks Second WatchOffers free Cybersecurity training to Military Veterans.
Splunk Training for VeteransFree Splunk Training for Veterans
Fortinet Veterans ProgramFocuses on helping veterans transition into the cybersecurity industry.
Mosse Cyber Security Institute Free Remote Internship Certification Program for VeteransThe Remote Internship Certification Program is a global initiative delivering free access to all military veterans.
SANS VetSuccess Academy"The VetSuccess Academy is part of the SANS Immersion Academy program, an intensive, accelerated training program that provides SANS world-class training and GIAC certifications to quickly and effectively launch careers in cybersecurity. SANS Immersion Academies are 100% scholarship-based and no cost to participants."
DoD SkillBridge"The DoD SkillBridge program is an opportunity for Service members to gain valuable civilian work experience through specific industry training, apprenticeships, or internships during the last 180 days of service. SkillBridge connects Service members with industry partners in real-world job experiences."
Onward to Opportunity (O2O) "A free career training program that provides professional certification and employee support services to transitioning service members, veterans and military spouses. O2O combines industry-validated curricula, strong partnerships with leading veteran service organizations and private sector companies, and comprehensive career coaching services to prepare and match you with your next career."

Free Ethical Hacking Training

I’m not going to spend a lot of time building this section out because my focus is on DFIR, however, I do think that learning some hacking helps to better detect and defend.

For this category, “Beginner” assumes that you have a general understanding of the four core training categories listed on the home page.

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Hackers AriseHackers AriseVarious Ethical Hacking Tutorials (Wireless, Password Cracking, Evading AV, Anti-Forensics, WebApp Hacking, Bluetooth Hacking, etc)
SecurityTubeSecurityTubeVarious Ethical Hacking Videos
Free Short Course: Pen TestingCharles Sturt UniversityYesYes - Certificate of CompletionScoping, Enumeration and Vulnerability Scanning, Exploitation and Password Cracking, Report Writing and Risk Analysis
Kali Linux RevealedOffensive SecurityLinux Fundamentals, Installing Kali, Configuring Kali, Debian Package Management, Kali Linux in the Enterprise, Intro to Security Assessments
Metasploit UnleashedOffensive SecurityMetasploit Architecture, Exploits, Payloads, Databases, Meterpreter, Nessus, Password Sniffing, Python Extension, Privilege Escalation, Packet Sniffing, Pivoting, Making a Log Entry, Timestomp, Keylogging, John the Ripper, Maintaining Access, Backdoors, and more.
WebSecurity AcademyPortSwiggerYesWeb Cache Poisoning, Information Disclosure, XXE Injection, XSS, SQL Injection, CSRF, HTTP Request Smuggling, OS Command Injection, Directory Traversal, Access Control Vulnerabilities, Authentication, Business Logic, Vulnerabilities and more.
HackerSploitYouTube - HackerSploitYes - Some things such as the Penetration Testing Bootcamp and How to Set Up a Pentesting Lab.Kali Linux, BlackArch Linux, Metasploitable, Python for Penetration Testing, Burp Suite, OWASP Juice Shop, Recon-ng, Arch Linux, Network Sniffing & Spoofing, NMAP, VulnHub, HTB, TryHackMe, OpenVAS, Bug Bounty
Hack The Box, HTB Academy & Hacking BattlegroundsHack The BoxYes - HTB Academy has training modules for beginners. Hacking Battlegrounds and Hack The Box require you to hack your way in to be able to create an account.YesHacking (I hear they also have some forensics challenges but you have to hack your way in to do them).
Offensive Software Exploitation (OSE) CourseGitHub - ashemeryYesPE Format, DLLS, Bug Hunting, Fuzzing, Buffer Overflows, Metasploit, Mitigation Techniques, Egghunter, Post Exploitation, x86 and x64 Assembly, Reverse Engineering.
Hacking Techniques and Intrusion DetectionOpen Security Training - Ali HadiYesSocial Engineering, Physical Pentesting, Backtrack Basics, Scoping, Recon, Footprinting, Fingerprinting, Scanning, Software Exploitation, Client Side Attacks, Post Exploitation, Metasploit
INE Starter Pass (Penetration Testing)INEYesYesYesBurp Suite, HTTP Protocols, Wireshark, TCP, UDP, Programming, OSINT, NMAP, Vulnerability Assessment, Nessus, XSS, SQL Injections, Google Hacking, Malware, Web Attacks, System Attacks, Network Attacks, Metasploit

Free OSINT Training

For OSINT Challenges and CTFs, see the DFIR, OSINT & Blue Team CTFs & Challenges section

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
OSINT MiniThe Cyber InstituteYesOSINT Investigations, Objectives, Sources of Information, Effective Google and Social Media Searching, Documenting and Recording Information, VPNs.
Open Source Intelligence (OSINT)Hackers AriseMaltego, Google Hacking (Dorks), Shodan, Harvester, Mining Twitter with Twint, FOCA for Metadata, recon-ng, metagoofil, Spiderfoot, Censys, Gathering Aircraft and Flight Data with Radarbox
10 Minute OSINT TipsYouTube - The OSINT Curious ProjectGeolocation, Reverse Image Search, Facebook OSINT, Google Maps, Finding User Accounts Across Social Media, Discovering DNS Typosquatting Domains, Using APIs to Reveal Hidden Open Source Information, Using robots.txt Files for OSINT
OSINT FrameworkOSINT FrameworkTools for OSINT investigations related to Usernames, Email Addresses, Domain Names, IP Addresses, Images & Videos, Social Networks, Instant Messaging, People Search, Dating Sites, Phone Numbers, Business Records, Public Records, Transportation, Geolocation, Threat Intelligence, Malicious File Analysis, Dark Web, Metadata, Terrorism, Digital Currency, Classifies, and more.
OSINT.LinkOINT.LinkOpen Source Intelligence (OSINT) Tools & Resources: Search Engines, Social Media Intelligence, People Search, Business Search, Web Directories, Translation Service, Government Records, Maps, Web Scraping Tools, Website Monitoring Services, IP Address Tracking and more.
Free OSINT and Online Research ResourcesToddingtonThis is a database of free OSINT resources and tools, research cheat sheets, and other online investigative aids.
Creating Research Accounts for OSINT Investigations (Written Guide)OSINTCurio.usCreating sock puppet accounts on social media platforms.
SANS Must Have Free Resources for Open-Source Intelligence (OSINT)SANSFree OSINT Webcasts, Videos, Summit Talks, Blogs, and Communities
Awesome OSINTGitHub - jivoiA curated list of OSINT tools and resources.
OSINT Tools & Techniques - Free DemoUdemy - Steve AdamsYesYesThis is a short demo version of the full course. Topics include: Foundations of OSINT, Investigative Process, Virtual Machines, and LinkedIn Searching
Dark Web Foundation: A Guide to the Deep/Dark Web 2019Udemy - Dark Web AcademyYesYesTor, Bitcoin, PGP, Tails, Deep Web Markets, Common Myths
Dark Web InvestigationsHTCIADark Web Investigations, Tor. *Scroll down instead of clicking Join Now*
conINT TalksYouTube - conINTTalks from the conINT 2020 OSINT conference: Malware OSINT, Darknet, Cryptocurrency, People OSINT, Dark Web Markets, Breached Data History, Geolocation and more.
Open Source Intelligence 101 (April Wright)YouTube - Wild West Hackin' FestYesOSINT, Social Engineering, OPSEC, Sources of OSINT
CaseFileThe Cyber InstituteGetting Started with Maltego's free CaseFile tool, Combining Graphs, Importing Data, Exporting and Reports, Collaboration
Australian OSINT 2020 Symposium Recorded SessionsOSINT CombineVarious OSINT Topics
OSINT DojoOSINT DojoYesYesYes - Digital BadgesOSINT Challenges and Resources.
SANS OSINT Talks on YouTubeYouTube - SANS InstituteTelegram, OSINT for Good, OSINT Mind-State, Sock Puppets, GitHub Analysis
OSINT TutorialsYouTube - Null ByteTwint, License Plate OSINT, Photon Scanner, OSINT Browser Extensions, Maltego, EXIF Data, Aircraft OSINT, Business OSINT
OSINT ArticlesSecjuiceShodan, Malware OSINT, Sock Puppets, Artificial Intelligence, Reddit, TikTok, Facebook, Gab, Building a Username Search Tool, Pokémon Go, Creating Custom JavaScript Bookmarklets, LinkedIn, Getting an OSINT Job, SOCMINT, The Intelligence Cycle
Automating Threat Hunting on the Dark Web & Other Nitty Gritty Things (Apurv Singh Gautam)YouTube - BSides PhillyDark Web, Automation, OPSEC, Dark Web Hunting Methods
OSINT At Home - Tutorials on Digital ResearchYouTube - BendobrownReverse Image Search, EXIF/Metadata, Search Operators, Geolocation, Satellite Imagery
The Complete Open Source Intelligence (OSINT) Training CourseYouTube - Irfan ShakeelYesSearch Engine OSINT, Darknet, TOR, Deebweb, Aircraft OSINT, People Search, Company Search, Phone Number Search, Document Search, Metadata, Image OSINT, Fix Blurred or Distorted Images
Layer 8 Conference TalksYouTube - Layer 8 ConferenceOSINT, Social Engineering

Free Cloud/Cloud DFIR Training

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
AWS Digital TrainingAWSYes - You can sort by experience levelOver 240 AWS topics
AWS Security FundamentalsAWSCloud Security, AWS Global Infrastructure, DDoS Mitigation, Detective Controls, Incident Response
Microsoft Azure TrainingMicrosoft LearnYes - Courses are labeled beginner to advancedYes - Digital BadgesThere are over 850 Azure topics.
Managing Security Operations in AzureMicrosoft LearnYes - Digital BadgesCreating Security Baselines, Identifying Security Threats with Azure Security Center, Azure Monitor Logs, Improving Incident Response with Alerting on Azure, Capturing Web Application Logs, Protecting Servers and VMS from Attacks with Azure Security Center
Cloud Storage Forensics: Endpoint Evidence with Chad TilburyYouTube - SANS Digital Forensics and Incident ResponseCloud Storage Forensics
Cloud Forensics CourseHTCIACloud Forensics, Magnet Axiom
NIST Cloud Computing Forensic Science Challenges (Publication)NISTChallenges faced by experts when responding to incidents occurring in a cloud-computing ecosystem.
Container Forensics: What to Do When Your Cluster is a Cluster - Maya Kaczorowski & Ann WallaceYouTube - CNCF [Cloud Native Computing Foundation]YesContainer Forensics, Kubernetes
The Trouble with Cloud Forensics (Slides)Slideshare - Sharique RizviCloud Forensics
Google Cloud Training (Select On-Demand Courses)Google Cloud Training/QwiklabsYes - Beginners can select Introductory levelYesYes - Digital BadgesOver 500 Google Cloud Topics

What I Have Learned From Doing A Year Of Cloud Forensics In Azure AD (Blog Post)

Microsoft 365 SecurityCloud Forensics in Azure

Free DFIR, OSINT & Blue Team CTFs and Challenges

This category tests your existing knowledge.

For training with hands-on labs, visit any of the categories on the main page and filter by “Hands-On Component”. Scheduled CTFs and challenges are listed in the monthly events blog post.

Name & Direct LinkPlatformFor BeginnersDFIR Related Challenge Type(s)
Blue Team Labs Online (Free Challenges)Blue Team Labs OnlineMemory Analysis, Network Analysis, Digital Forensics, Malware Analysis, Reverse Engineering
CyberDefendersCyberDefendersSplunk, SIEM, Malware Traffic Analysis, PCAP, OSINT, Reverse Engineering, Digital Forensics, ELK, Log Analysis
SocVelSocVelDigital Forensics & Incident Response Challenges
LetsDefend - Free VersionLetsDefendThis is a SOC Simulation Environment - Monitoring, Log Search, Case Management, Endpoint Security
The Case of the Stolen Szechuan SauceDFIR MadnessDigital Forensics, PCAP Analysis
Champlain College DFIR CTFCTFd - Champlain CollegeWindows Forensics, macOS Forensics, Wireshark, OSINT, Reverse Engineering
Forensic Challenges on Info-Sec Box

The password is: kjiIYFGsx76IOHK
Info-Sec BoxForensic challenges
Malware Analysis ExercisesGitHub - jstroschMalware Analysis PCAP Analysis
Flaws2 Defender TrackFlaws2.cloudAWS Incident Response Challenges
PwnDefendPwnDefendYesOSINT, Reverse Engineering, Forensics & Analysis
Mossé Cyber Security Institute Mossé Cyber Security Institute OSINT, Digital Forensics, YARA, Malware Analysis
HackTaleHackTaleYesA DFIR/Cyber Defense Training Game with Scenario-Based Challenges.
Immersive Labs CommunityImmersive LabsMalware Analysis, Digital Forensics, Threat Hunting
picoGympicoCTFForensics, Reverse Engineering, PCAP Analysis
CTFLearnCTFLearnYes - Has Easy, Medium, and Hard ChallengesForensics, Programming, Reverse Engineering, Binary, Cryptography
Challenges.reChallenges.reReverse Engineering Challenges
MemLabsGitHub - stuxnet999Yes - Challenges range from easy to hard.Memory Forensics
Mini Memory CTF
The Memory Sample is linked in the video.
YouTube - 13CubedMemory Forensics
CTF.LivePentesterAcademyYes - Has Beginner, Intermediate, and Advanced ChallengesNetwork Forensics, Reverse Engineering
TryHackMeTryHackMeYes - Has Easy, Medium and Hard ChallengesFree rooms include RE, Volatility, OSINT, Malware Analysis, Splunk, Linux, Ghidra, & Radare2
OSINT ChallengeThe Cyber InstituteOSINT Challenges
OSINT DojoOSINT Dojo/TwitterOSINT Challenges. Follow them on Twitter @OSINTDojo and earn Digital Badges for solving challenges.
OSINT CTFs by BushidoTokenBushidoTokenOSINT
Cyber DetectiveCyberSocOSINT
Cyber InvestigatorCyberSocOSINT
Quiztime on Twitter

Here is an article on how it works.
Twitter - @quiztimeOSINT
GeoGuessrGeoGuessrOSINT (Use your OSINT skills to figure where you are)
Challenges, CTFs and WalkthroughsAboutDFIRVarious DFIR Challenges
RangeForce Persistence Challenge  (July 21st-August 8th)RangeForceIdentify and Respond to Malicious IPs, Compromised Accounts, and Advanced Persistence.

Free Malware Analysis & Reverse Engineering Training

In this category, “Beginner” assumes that you have an understanding of the four core categories listed on the homepage and specifically have a general understanding of x86 Assembly language. There is free Assembly language training in the Programming & Scripting section of this site.

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Malware Noob2Ninja CourseYouTube - 0xf0xYesYesBuilding a Malware Lab, Malicious Word Documents, Static Analysis, Behavioural Analysis, Cuckoo Sandbox, Persistance Techniques, x32dbg, Emotet
Introduction to Malware AnalysisYouTube - 13CubedMalware Analysis, IDA Pro, x64dbg, YARA, Payload Distribution Format, ProcDOT, PDFs
Malware Unicorn's Reverse Engineering WorkshopsMalware UnicornYes - Reverse Engineering 101 is for BeginnersYesReverse Engineering, Environment Setup, Windows PE C Program, X86 Assembly Language, Attack Flow, Tools, Triage Analysis, Static Analysis, Dynamic Analysis, Encryption, Evasion Techniques, Packing
Reverse Engineering for BeginnersBegin.reYesYesReverse Engineering, x86 Assembly, IDA, OllyDbg, Call Stack
Reverse Engineering for BeginnersYouTube - Marcus HutchinsYesReverse Engineering, Ghidra, Compiling, Decompiling, IDA
Reverse Engineering 101FedVTEYesYesUses for Reverse Engineering, Process of Reverse Engineering, Methodology
Reverse Engineering CourseGitHub - 0xZ0FYesBinary, ASCII, Programming Languages, Assembly, Tools, DLL, Windows. Some Chapters are still in development.
Reverse Engineering Course (With Radare2)Artik BlueReverse Engineering, conditionals, functions, cases, loops, arrays, strings, var types, heaps, crackmes, pointers, dynamic memory, bitwise operations, linked lists, Radare2. The site also has advanced topics on Reversing C Code.
Reverse Engineering MalwareHackers AriseYesAssembler Basics, IDA Pro, Windows Internals, OllyDbg, System-Level Analysis
Reversing & Malware Analysis TrainingSecurity Trainings - SecurityXplodedYesLab Setup, Windows Internals, PE File Format, Assembly, Reverse Engineering, Tools, Malware Analysis, Unpacking, Memory Forensics, Exploit Development, Rootkit Analysis
Introduction to Reverse Engineering with GhidraHackaday.ioYes - The live course is over but the course materials are on the website.Ghidra, Reverse Engineering, x86_64 Architecture, Assembly Language
Android App Reverse Engineering 101Raging Rock (Maddie Stone)YesYesAndroid Application Fundamentals, DEX Bytecode, Native Libraries, Obfuscation
Binary Analysis CourseMax KerstenYesCPU Architecture (x86 and x64_86), Registers, Endianness, Flags, Assembly
Advanced Binary DeobfuscationGitHub - malrevYesObfuscation Techniques, Deobfuscation Techniques
The Art of Mac Malware (book by Patrick Wardle)objective-see llcmacOS, Malware, Static Analysis, Dynamic Analysis, Infection Vectors, Persistance, Anti-Analysis Techniques
CNIT 126: Practical Malware AnalysisSam Bowne's WebsiteYesMalware Analysis, Static Analysis, Dynamic Analysis, X86 Disassembly, OllyDbg, IDA Pro, WinDbg, Malware Behavior
Malware of the DayActive CountermeasuresActive Countermeasures provides information about different types of malware along with PCAP files. Zeus, PittyTiger, Fiesta, Taidoor, Orangeworm, Comfoo, Saefko, Magnitute, Asprox, Backoff, APT1 Virtually There
Malware Reverse Engineering Handbook (PDF)CCDCOELab Environment, Static Analysis, Dissasembly, Dynamic Analysis, Sandboxing, Debuggers, VirusTotal, String Analysis, PEiD Tool, CFF Explorer, Resource Hacker, PeStudio, IDA free, Ghidra, Process Monitor, Process Explorer, Regshot, INetSim, Cuckoo Sandbox, Windows Sandbox, Network Traffic Analysis
Introduction to Malware Analysis and Reverse EngineeringYouTube - Coleman KaneVirtualBox, Malware, Static Analysis, x86 Disassembly, Dynamic Analysis, Run-Time Analysis, YARA, PDF and Office Document Analysis, Java & SWF Malware Analysis, Android Malware Analysis, File-less Malware Analysis
Malware Analysis Using VM Introspection and Memory ForensicsClark Center - Golden RichardYesVM Introspection, Memory Forensics, Virtualization, Introspection Capabilities, Volatility
Malware Analysis BootcampYouTube - HackerSploitYesHow to Set up a Sandbox Environment, Static Analysis, File Type Identification, Generating Malware Hashes, Extracting Strings, Packers & Unpacking, PE Headers, Creating YARA Rules, Stuxnet Analysis with Ghidra
Malware Analysis Training (slides/written article with training files)GitHub - OpenRCEYesMalware Analysis, Virtual Machines, X86 Architecture, Windows, PE File Format, Analysis Tools, Disassembly, IDA Pro, OllyDbg, Unpacking, Anti-Reverse Engineering, Binary Diffing and Matching, PaiMei, PEFile and PyDasm
Introductory Malware Analysis WebcastsLenny Zeltser's WebsiteYesYesMalware Analysis Essentials using REMnux, Introduction to Malware Analysis, How to Run Malware Analysis Apps as Docker Containers
Practical Malware Analysis Essentials for Incident Responders (Lenny Zeltser)YouTube - RSA ConferenceFree Malware Analysis Tools, PeStudio, Threat Intelligence, Threat Hunting, Windows
SANS Must Have Free Resources for Malware AnalysisSANSMalware Tools, Webcasts, Resources, Cheat Sheets
Learn the Hard Stuff the Slow WayHopper's Roppers (Roppers Academy)YesC Programming, Assembly, Debugging, Reverse Engineering
Fileless Malware DemystifiedYouTube - CryptoStopperWhat Fileless Malware is, How it Works, Examples of a Dropper, Examples of Fileless Malware, Fileless Ransomware
Introduction to Reverse EngineeringYouTube - Josh StroscheinYesReverse Engineering, IDA Pro, x86, The Stack, Code Constructs, IF Statements, Loops, Jump Tables, Pointers
Josh Stroschein's YouTube Channel and WebsiteYouTube - Josh Stroschein & Josh Stroschein's WebsiteReverse Engineering, Malware Analysis, Ghidra, Cuckoo Sandbox, Maldocs, Unpacking, Debugging
Wyatt Roersma's YouTube ChannelYouTube - Wyatt RoersmaYesFoundational Malware Analysis, Cuckoo Sandbox Install
Reverse Engineering MalwareYouTube - Open SecurityTrainingYes - Course file are on the Open Security Training WebsiteUnderstanding common malware features and behavior, defeating code armoring and obfuscation, signature creation and applying prior analysis, dynamic analysis tools and how they can aid in static analysis.
Analyzing Malicious Word and Excel DocumentsYouTube - Hack In The Box Security ConferenceYes - The Files are Located HEREAnalyzing Malicious Word and Excel Files
Ali Hadi's YouTube ChannelYouTube - Ali HadiYes - The Intro to PE File Format video has lab files HERE. This is part of an Offensive Software Exploitation (OSE) course that is listed under the Ethical Hacking category of this site.Malware Analysis, Process Hacker, Investigating Windows Scheduled Tasks Used by Ransomware, .NET Malware, PE File Format
How to Set Up and Use the CuckooVMGitHub - ashemeryYesHow to setup and use the Cuckoo Sandbox VM (CuckooVM v2)
Unprotect ProjectUnprotect ProjectThis website describes different malware evasion techniques.
Introduction to Advanced Threats (slides)Black Storm Security - Alexandre BorgesReversing, Anti-Reversing, De-Obfuscation
OALabs YouTube Channel and WebsiteYouTube - OALabs, Open Analysis WebsiteTheir YouTube channel and website are all about malware analysis and reverse engineering. In addition to their YouTube videos, they have training guides on their website related to Malware Triage, Malscripts, and Using Open Data to Help Develop Robust Indicators (IOCs)
Oh You Silly Framework!: An Intro to Analyzing .NET MalwareSANSYes - Certificate of Completion (CEU Certificate).NET Malware, Malware Analysis
Colin Hardy's YouTube ChannelYouTube - Colin HardyTools, Tactics, and Techniques for Analyzing Malware, Deobfuscation, Emotet, WannaCry, SUNBURST, Maldocs
Malware Training Vol1GitHub - hasherezadeTechniques Used by Malware, Reverse Engineering
AGDC Services YouTube Channel and BlogYouTube - AGDC ServicesAutomate Labeling of Obfuscated APIs, Reverse Engineering RC4 Crypto, How Malware Walks the PEB to Find Modules By Hash
Malware-Traffic-Analysis.netMalware-Traffic-Analysis.netYesPCAP Malware Analysis Exercises and Tutorials.
Malware Analysis FundamentalsYouTube - MalwareAficionadoYesMalware Analysis Fundamentals, Creating an Analysis Lab, Hashing Algorithms, Strings, Process Monitoring

Free Digital Forensics Training

In this category, “Beginner” assumes that you have a general understanding of the four core categories listed on the home page.

Note: If you’re looking for Network Forensics, the majority of it is in the Incident Response section.

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Theoretical Digital Forensics Courses (There are both free and paid courses - the theoretical courses are free)

They also have communities based on the courses you're enrolled in where you can ask questions.
Cyber 5WYes (start with the intro courses)YesWindows Forensics, Linux Forensics, Evidence Acquisition, Working with Virtual Hard Disks, Linux Forensics Distros, Writing Forensics Reports
13Cubed's YouTube Channel

YouTube - 13CubedShimcache, Plaso, WSL 2, Cyber Triage, Log2Timeline, Windows Terminal, EventFinder2, Redline, macOS Forensics, iLEAPP, iOS Forensics, WMI, MFTECmd, SRUM, Timestamps, NTFS, LNK File, Jump Lists, Plaso, Shellbags, Recycle Bin Forensics, RDP Cache, Event Logs, CyberChef, Image Creation, KAPE, Volume Shadow Copies, EvtxECmd, Arsenal Image Mounter, Kansa, SIFT, Memory Analysis, Redline, Volatility, Persistence, Prefetch, Baselines, Windows Processes, Email Header Analysis
Digital Forensics BasicsTEEXYesEvidentiary Reporting, Computer Technologies, Digital Evidence Collection
Windows Forensics Workshop with Ali Hadi

Go HERE for the lab files.
YouTube - BSides AmmanYesWindows Forensics
Digital ForensicsOpenLearnYesYes - Statement of ParticipationDigital Forensics Process, History, Types of Digital Forensics
Computer ForensicsedXMust complete the edX Cybersecurity Fundamentals course first.Costs ExtraAnti-Forensics, Unix/Linux, Windows Memory Forensics, Windows File System, Forensics Tools, Artifacts, Acquisition, Analysis
Digital ForensicsHackers AriseYes - These are written tutorials that can be followed.Creating a Forensically Sound Image, Live Memory Acquisition and Analysis, Recovering Deleted Files, Registry Analysis, Pre-Fetch Files, Browser Forensics, Sysinternals, Extracting EXIF information, Android Mobile Forensics, Network Forensics
KAPE GuideAboutDFIRYesHow to Use KAPE, Examining KAPE Output, KAPE Related Videos and Blog Posts
Registry Explorer/RECmd GuideAboutDFIRYesRegistry Explorer GUI, Command Line, How to use rla.exe, Examining RECmd Output, Registry Related CTFs, Videos and Blog Posts
Timeline Explorer GuideAboutDFIRYesWhy Use Timeline Explorer, Updating EZ Tools, Timeline Explorer Related Blog Posts/Videos
Free Course Content from eForensics MagazineeForensics MagazineAndroid Mobile Forensics, File System Tunneling, EXT4 Layout, CyberChef Tutorial, Android Boot Process, FTK Imager Intro, Windows Registry Extraction with FTK Imager
Email Forensics WorkshopMetaspikeMessage Headers, DKIM, ARC, MIME, Server Metadata, Forensic Preservation Strategies
IoT Digital Forensics CourseGitHub - RJC497YesIoT Forensics, Fitbit, Echo, Smartwatch
Digital Forensics Training Materials (Slides & Command Line Cheat Sheet)circl.luPost-mortem Digital Forensics, File System Forensics and Data Recovery, Windows Memory and File Forensics
Cyber Forensics WorkshopYouTube - Ryan ChapmanYesYesNetwork Forensics, OSI Model, Encoding Schemes, File Signatures, Tools, Wireshark, Hex, ASCII, PCAP Analysis, Hashing, Covert Channels
Cellebrite Reader Online On DemandCellebriteYesYesCellebrite Reader, .UFDR reports
Cloud Forensics Course (scroll to the bottom of the page)HTCIACloud Forensics, Magnet Axiom
Free Paraben Training VideosParaben CorporationE3 Platform, Windows 10 Artifacts, Chip Dumps, Google Takeout Evidence, Importing Cellebrite Data, Processing WhatsApp Data, Data Triage, Email Deduplication, Office365 Acquisition, FitBit Data, Android Root Engine
Introduction to Digital ForensicsYouTube - DFIR.ScienceYesDigital Forensics, Cybercrime, Windows, Linux, Investigation Methods, Documentation and Reporting, Scientific Method, Data Storage, Acquisition, Photorec, tsk_recover, The Sleuth Kit, Autopsy, hfind, Malware, Memory Acquisition and Analysis, FTK Imager, Volatility, Mobile Device Aquisition, Network Analysis
An Introduction to Mobile ForensicsYouTube - MSABYesMobile Forensics
DFIR.Science YouTube ChannelYouTube - DFIR.ScienceDigital Forensics, SleuthKit, hfind, Tsurugi Linux, SDELETE, FTK Imager, File Mounting, Forensic Acquisition in Linux, DD, Volatility, LiME, Research, Scientific Method, Android Acquisition
Linux Forensics IntroInternet Archive - Hal PomeranzYesMemory Forensics, Tools, Volatility, Rootkits, IOCs, Disk Acquisition, File System, Disk Mounting, Artifacts, Disk Triage, Timeline Analysis, Logs, Syslog
Linux LEOLinux LEOYesYes - This is a detailed written guide with links to the Supplemental Files on the website. Go to "The Beginner's Guide" under Documents for the text.Linux Commands, Linux Boot Sequence, Linux Network Basics, Configuring a Forensic Workstation, Evidence Acquisition, Write Blocking, Tools, Mounting Images, Sleuth Kit, Network Investigation Tools
Linux Forensics Talks and WorkshopsGitHub - ashemeryYesLinux Forensics
XRY Reader to XAMN Viewer TransitionMSABXAMN Viewer capabilities that were not available in XRY Reader. XAMN Viewer is a free tool.
Trainings for Cybersecurity Specialists - Digital ForensicsENISAYesThis site contains handbooks with lab exercises, VMs, and Toolsets related to Digital Forensics.
macOS ForensicsYouTube - AccessDatamacOS Forensics, structure, artifacts, Plist
MFT Explorer/MFTECmd Guide AboutDFIRYesMFT Explorer, MFTECmd
NW3C Live Online TrainingNW3CThe training is intended for current US Criminal Justice Practitioners. An agency-issued email is needed.YesYesmacOS Forensics, iOS and Android Mobile Forensics, Cyber Investigations, Cellular Records Analysis, Digital Footprints, Dark Web & OSINT, Seizure, Windows Acquisition, Windows Forensics, Advertising Identifiers, Virtual Currency, Automated Forensic Tools, SQLite,
MOBILedit Forensic Express TrainingMOBILeditYesYesMOBILEdit Forensic Express Installation, Settings, Updates, Connecting a Phone, Importing Data, Connecting to iCloud, Creating Reports, Analyzing Images, Hacking Phones
Mobile Forensics: An Introduction - Josh BruntyYouTube - Adrian CrenshawYesMobile Forensics
How to Learn Forensics RoadmapHoppers RoppersYesFile Forensics, Host and Memory Forensics, Network Forensics
Digital Forensics Applied to Containers - Enhancing Intruder DilemmaYouTube - Peter StaarfaengerContainer Forensics, Docker
Container Forensics: What to Do When Your Cluster is a Cluster - Maya Kaczorowski & Ann WallaceYouTube - CNCF [Cloud Native Computing Foundation]Container Forensics, Kubernetes

Free Incident Response Training

In this category, “Beginner” assumes that you have a general understanding of the four core categories listed on the homepage. Networking knowledge is especially important.

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Intro DFIR: The Divide and Conquer ProcessBasis Technology - Brian CarrierYesYes - Certificate of CompletionEndpoint Visibility, Cyber Triage Basics, Malware, Prioritization, OS Configuration Changes, User Activity
Cyber Incident Analysis and ResponseTEEXYesIncident Management, Preparation, Detection, Analysis, Containment, Eradication, Recovery
CNIT 152: Incident ResponseSam Bowne's WebsiteIncident Response, Scope, Live Data Collection, Forensic Duplication, Analysis Methodology, Investigating Windows Systems, Investigating Mac OS X Systems, Investigating Applications, Report Writing.
Using MITRE ATT&CK for Cyber Threat Intelligence TrainingMITRE ATT&CK WebsiteYesYesMapping to MITRE ATT&CK, Storing and Analyzing ATT&CK-mapped data
Ryan Chapman's YouTube Channel (Cyber Forensics Workshop and more)YouTube - Ryan ChapmanYes - The Cyber Forensics Workshop contains the link to the files. Hands-On Computer Security & Incident Response - Email Header Analysis Part 1 contains a link to the files. Check out his website for more workshops: Forensics Workshop, Splunk, JavaScript Deobfuscation, VirusTotal, Email Header Analysis, Malicious use of PowerShell, Hands-OnComputer Security & Incident Response, Interview Tips
Blue Teaming Free TrainingChiheb Chebbi's BlogYesYesIncident Response, Security Operations, ELK Stack, SIEM, Azure Sentinel, Wazuh, Threat Intelligence, The Hive Project, OSQuery, Kolide, MITRE ATT&CK, OSINT, Shodan, SpiderFoot, WireShark, YARA, Digital Forensics, Radare2, IDA Pro, Ghidra, Memory Analysis
Free Splunk CoursesSplunkYesYesSplunk Fundamentals, Splunk Infrastructure, User Behavior Analytics, SignalFx
Introduction to Splunk WorkshopYouTube - Blacks in CybersecuritySplunk
Free Elastic TrainingElasticYesYesLogging, Metrics, Observability, APM, SIEM, Kibana, Anomaly Detection, Elastic Cloud Enterprise
Security Onion EssentialsYouTube - Security OnionYesSecurity Onion Installation, Analyst Tools, Alert Triage & Case Creation, Hunting, Detection Engineering
Logstash TutorialTutorialspointYesYesLogstash, ELK Stack, Installation, Architecture, Collecting Logs, Grok, Plugins, APIs, Security and Monitoring
Cover6 Solutions YouTube ChannelYouTube - Cover6 SolutionsYesThreat Hunting, Security Onion, Incident Handling, PDF Malware Analysis
Free Short Course: Information Security Incident HandlingCharles Sturt UniversityYes - Certificate of CompletionIncident Handling, Hacking Techniques and Countermeasures, Writing Incident Reports, Protective Controls, Security Architecture
Threat Hunting Training CourseActive CountermeasuresYesYesLogging, Threat Intel, C2, Zeek, Firewalls, Event ID Type 3, Passer, Beacons, AI Hunter, Threat Hunting
Incident Response Playbook GalleryIncident Response ConsortiumYesMalware Outbreak, Phishing, Data Theft, Virus Outbreak, Denial of Service, Unauthorized Access, Elevation of Privilege, Root Access, and Improper Usage Playbooks.
Cisco Threat Hunting WorkshopsCiscoYesThreat Hunting, Threat Landscape, Network Security
AttackIQ AcademyAttackIQ AcademyYesYesYes - Digital BadgesMITRE ATT&CK, Threat Intelligence, Detection, FIN6, Breach & Attack Simulation, SOC, MSSP, Threat Report ATT&CK Mapper (TRAM), Threat Modeling, OCTAVE
Free Resources for Incident RespondersApplied Incident ResponseYesLateral Movement, Event Log, Memory Analysis with Volatility, Python, Default Windows Processes, WMIC, PowerShell, Lateral Movement, and BYOD.
Wireshark for Incident Response & Threat Hunting Workshop at OWASP SBYouTube - Michael WylieYes - Lab files are HEREWireshark, Incident Response, Threat Hunting
Intrusion Analysis and Threat Hunting with Suricata (Josh Stroschein/Jack Mott)YouTube - SharkFest Wireshark Developer and User ConferenceYes - Lab files are HERESuricata, Kibana, Moloch, Scirius, PCAP Analysis, SELKS, Threat Hunting,
Attack Detection FundamentalsF-SecureYesInitial Access, Code Execution and Persistence, Discovery and Lateral Movement, C2 and Exfiltration
SANS Digital Forensics and Incident Response YouTube ChannelYouTube - SANS Digital Forensics and Incident ResponseThreat Hunting, Open Source Tools, Incident Response, Event Log Analysis, Ransomware, KANSA, Moloch, Threat Intelligence
Free Course Content from eForensics MagazineeForensics MagazineSecurity Onion, Shodan, CyberChef Tutorial, YARA Tutorial
Practical Malware Analysis Essentials for Incident Responders (Lenny Zeltser)YouTube - RSA ConferenceYesFree Malware Analysis Tools, PeStudio, Threat Intelligence, Threat Hunting, Windows
Advanced Wireshark Network ForensicsYouTube - Netsec ExplainedYes - Has a link to PCAP filesWireshark, Hex Editor, Network-Based File Carving, Network Forensics, PCAP Analysis
Open-Source YARA RulesReversingLabsYARA Rules
Finding Evil with YARAYouTube - 13CubedYesWhat YARA is, Anatomy of a YARA Rule, How to use YARA
SOC Analyst Skills - Wireshark Malicious Traffic AnalysisYouTube - Gerald Auger - Simply CyberYesPCAP Analysis, Wireshark, Walkthrough of Analyzing a PCAP from
Defending Against PowerShell Attacks - In Theory, and in Practice by Lee HolmesYouTube - PowerShell.orgHow attackers use PowerShell. How to defend against PowerShell attacks. Obfuscation.
The Increased Use of PowerShell in Cyber Attacks (Slides and detailed whitepaper)SlideShare - SymantecPhases of a PowerShell Attack, Obfuscation, Common PowerShell Malware, Targeted Attacks, Mitigation, Protection, Dual Use Tools and Frameworks. The link to the whitepaper is on the last slide.
Pulling Back the Curtains on EncodedCommand PowerShell AttacksPalo Alto NetworksThis is a detailed blog post about EncodedCommand PowerShell Attacks with examples.
Fileless Malware DemystifiedYouTube - CryptoStopperWhat Fileless Malware is, How it Works, Examples of a Dropper, Examples of Fileless Malware, Fileless Ransomware
I.T Security Labs YouTube ChannelYouTube - I.T. Security LabsYesYesThere are several tutorials here about how to set up a SIEM and analyze data. Topics include: Security Onion, ELK, Graylog, Snort, pfSense, Grafana, Zeek, honeypots, VMware ESXi, Docker
How to Install and Configure Zeek to Ship Logs to SplunkYouTube - Ali HadiSplunk, Zeek
Trainings for Cybersecurity SpecialistsENISAYesThis site contains handbooks with lab exercises, VMs, and Toolsets related to Network Forensics, Incident Response, Incident Detection, Honeypots, and more.
Understanding and Analyzing Weaponized Carrier FilesGitHub - rj-chapYesMaldocs, Analyzing Malicious PDF and Office files, JavaScript, and VBA.
Email Header Analysis and Forensic InvestigationYouTube - 13CubedEmail header fields, SPF, DKIM
RangeForce - Community EditionRangeForceYesYesYes - CPE Credit Certificate after 5 ModulesSnort, Suricata, YARA, Windows Event Logs
The Cuckoo's Egg DecompiledChris SandersYesLocard's Exchange Principle, Forensic Analysis, Timestamps, Network Security Monitoring, Least Privilege, Attack Surface, Process Monitoring, Phishing, Evidence Abstraction, Defensible Network Architecture, OSINT, Diamond Model, PICERL, Honeypots, Evidence Handling
LetsDefend AcademyLetsDefendYesYesSIEM, Incident Response, Malware Analysis, Detection, Threat Intelligence, Event Log Analysis.
Picus Purple AcademyPicusYesYes - CertificateLog Management, SIEM Alert Rules, Threat Hunting, Endpoint Detection and Response (EDR), MITRE ATT&CK.
Free Training at limacharlie.iolimacharlie.ioPrinciples of Detection & Response, Setting up an MSSP

MITRE ATT&CK Defender™ Training (The training itself is free, not the certifications)

CybraryYes - Courses start with ATT&CK FundamentalsYes - Certificate of CompletionATT&CK Fundamentals, ATT&CK SOC Assessments, ATT&CK Cyber Threat Intelligence
BlackPerl DFIRYouTube - BlackPerlYesIncident Response, YARA Rules, Digital Forensics, Malware Analysis
YARA Rules Guide: Learning this Malware Research ToolVaronisYesHow YARA Rules Function, Use Cases, YARA Elements, How to Write YARA Rules
Operationalize Your SIEM Skills w/Splunk

YouTube - MaxProd TechnologiesYesUtilizing Splunk in a SOC Environment.
Email Forensics WorkshopMetaspike - Arman GungorEmail Message Headers, DKIM, ARC, MIME, Server Metadata, Forensic Preservation Strategies

Cyber CSI: Learn How to Forensically Examine Phishing Emails

BrightTALKHow to Forensically Examine Phishing Emails, Forensic Tools and Techniques, How to Investigate Smishing, Vishing, and Social Media Phishes, How to Enable Your Users to Spot Suspicious Emails, How to Spot Phishing Attempts

Free Programming & Scripting Training

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Intro to x86 Assembly LanguageYouTube - Davy WybiralYesx86 Assembly Language
Assembly Programming

The full course list page is here:
Irvin LemusYesYesAssembly Language, Reverse Engineering
Introduction to x86 (32 bit)YouTube - Open SecurityTrainingYesYes - Class Materials are HEREIntel x86 Architecture, Assembly, Applications
Intermediate x86 (32 bit)YouTube - Open SecurityTrainingMeant to be taken after completing the Intro x86 (32 bit) courseYes - Class Materials are HEREx86 Architecture, Assembly, Applications, WinDbg
Learn CLearn-C.orgYesYesC Programming
Python Essentials (Parts 1 and 2)Python InstituteYesYesPython: Part 1 - Beginner, Part 2 - Intermediate
Free Python Courses and Tutorials on UdemyUdemyYes - Some courses are for beginnersVarious Python Topics
Python3 for Infosec ProfessionalsInfoSecAddictsYesPython Fundamentals, Parsing Files, Regular Expressions, Functions & Classes, Digital Forensics with Python, Parsing PCAP Files, Malware Analysis with Python, Network Testing, Password Cracking, Web App Testing, Cryptography & Security, Building Your Security Tools
List of Free Python ResourcesHakin9YesSeveral Python resources including videos, books, tutorials, and challenges
Automate the Boring Stuff With Python (online book)Automate the Boring Stuff WebsiteYesYesPython
Learn NASM AssemblyTutorialspointYesYesNASM Assembly
Regex Academy: An Introduction to Text Parsing SorceryUdemyYesRegular Expressions (Regex)
RegexOneRegexOneYesYesRegular Expressions (Regex)
PowerShell Documentation - Including PowerShell 101MicrosoftYesPowerShell 101 under Getting Started (Overview) - Learning PowerShell. Also contains links to PowerShell communities on Discord, Slack, etc.
Getting Started with Microsoft PowerShellChannel 9YesPowerShell Scripting, Automation, The Help System, Remoting, Installation, Customization
Linux BASH Shell Script BasicsYouTube - Joe CollinsThis course assumes that you have knowledge of the Linux CLI and Linux filesystem.Linux Bash Shell Scripting
Learn VBScriptTutorialspointYesMicrosoft VBS (Visual Basic Script) syntax, Variables, Operators, Loops, Events, Cookies, Strings, Arrays, Regex
JSON TutorialTutorialspointThis Tutorial assumes that you have basic knowledge of HTTP and JavaScript.JSON Syntax, Objects, Schemas, Examples, Data Types
SANS JSON and jq Quick Start GuideSANSJSON, Nested Objects, Array Elements, JSON Structure, Filtering
SQLite TutorialSQLite TutorialYesYesSQLite
SANS SQLite Pocket ReferenceSANSSQLite Database, Query Structure, Operators, Data Types, Table Joins, Timestamp Conversion, CLI Options
SoloLearnSoloLearnYesYesYes - Certificate of CompletionPython, C++, Java, JavaScript, C#, C, SQL, Machine Learning, Data Science with Python, HTML, PHP, CSS, JQuery, Ruby, React + Redux, Angular + NestJS, Swift
Free Packt WorkshopsPacktYesYesPython, Ruby, Java, Go, Clojure, C++, SQL, PHP, JavaScript, HTML, CSS
Git Started with GitHubUdemyYesInstallation, Workflow, Configuration, Git Clone, Push, Command Line
Getting Git RightAtlassianYesGit, Bitbucket Cloud, Git SSH
GitHub TrainingMicrosoft LearnYesYesYes - Digital BadgeIntroduction to GitHub, Introduction to Git, Best Practices, Pull Requests, Commits, Workflows, GitHub Script, Branching and Merging
APIs for BeginnersYouTube - freeCodeCamp.orgYesYesApplication Programming Interface (API)
Learn JSON in 10 MinutesYouTube - Web Dev SimplifiedYesJSON - What it's used for, syntax, examples
Introduction to ARM Assembly BasicsAzeria LabsYesWriting ARM Assembly, ARM Data Types and Registers, ARM Instruction Set, Memory Instructions: Loading and Storing Data, Load and Store Multiple, Conditional Execution and Branching, Stack and Functions.
DFIR Python Study GroupYouTube - Alexis BrignoniYesDFIR Python Study Group using the book "Head First Python: A Brain-Friendly Guide, 2nd edition"
It's Great to C YouYouTube - James DuffyYesC Programming