by Kurt Werner
Welcome to the RangeForce Content Rewind. In November, we added 20 modules
to the RangeForce platform to continue supporting your cybersecurity training
With all-new training being added to the RangeForce platform each week, we wanted to take a moment and highlight some of the new modules available on the platform.
Take a look at the list below to get acquainted with our top additions from the past month. Be sure to give our new modules a try and let us know what you think!
New Training Modules
Introduction to Malware Analysis Stages | Overviews the variety of techniques utilized to perform an analysis of malware samples. These include options which are more complex and time-consuming, but often don’t miss anything. This module introduces the four stages of malware analysis from faster to more thorough results.
Windows Active Directory Reconnaissance Basic Tools 2 | A foundational module focused on environments where Active Directory services are used as a mother lode of information in reconnaissance. Two helpful tools, both PowerView and PowerShell Active Directory, will be explored by the Learner.
Dynamic Analysis Exercise 2 | Learners will continue their training on dynamic analysis in the Windows environment following ‘Dynamic Analysis Exercise 1.’ The objective will be to analyze and patch a Windows executable written in C++.
Statically Examining Malware | When first examining a piece of potentially malicious software, a Learner will first question what type of file is being dealt with, its origins, the software’s capabilities, and when it might have been created. Additionally, a determination will need to be made whether to proceed with a more detailed analysis. This module uses pestudio to carry out this initial analysis.
Elastic: Endpoint Security | As a Learner, you will act as someone working in Commensurate Technology. Unfortunately, you discover a department is using outdated Windows without any antivirus enabled, as well as Microsoft Defender being disabled. Deploying Elastic Endpoint Security to Windows 10 and running malware, you will observe remote administration tool runtime.
XML External Entities: Fix | XML External Entities injection (also known as XXE) is a vulnerability that occurs when insecurely parsing XML documents. Learners will learn to remediate an XXE vulnerability and which contexts XML parsers allow or disallow external entities.
Process Injection (Process Hollowing) Detection | An advanced module for users to learn about the detection of process hollowing, which is an injection technique used by malware to inject malicious code into a legitimate process.
Additional modules added in the last month include Tracing with strace and ltrace, Scheduled Tasks Introduction, Identifying Signatures with Microsoft Defender, Email Header Analysis Basics, Elastic: Detection Engine, Types of Vulnerabilities, Threat Intelligence, PCAP Forensics – ICMP Tunneling, Ansible: Templating, Placement Initiative, and Types of Phishing Emails and Techniques.
As RangeForce adds new content, we also make platform enhancements to improve the experiences of our Learners and Admins. Our user feedback is critical to these changes. Here’s a few highlights that we’d like to share with you: