RangeForce Content Rewind | November 2021

by Kurt Werner

Welcome to the RangeForce Content Rewind. In November, we added 20 modules
to the RangeForce platform to continue supporting your cybersecurity training

With all-new training being added to the RangeForce platform each week, we wanted to take a moment and highlight some of the new modules available on the platform.

Take a look at the list below to get acquainted with our top additions from the past month. Be sure to give our new modules a try and let us know what you think!

New Training Modules

Introduction to Malware Analysis Stages | Overviews the variety of techniques utilized to perform an analysis of malware samples. These include options which are more complex and time-consuming, but often don’t miss anything. This module introduces the four stages of malware analysis from faster to more thorough results.

Windows Active Directory Reconnaissance Basic Tools 2 | A foundational module focused on environments where Active Directory services are used as a mother lode of information in reconnaissance. Two helpful tools, both PowerView and PowerShell Active Directory, will be explored by the Learner.

Dynamic Analysis Exercise 2 | Learners will continue their training on dynamic analysis in the Windows environment following ‘Dynamic Analysis Exercise 1.’ The objective will be to analyze and patch a Windows executable written in C++.

Statically Examining Malware | When first examining a piece of potentially malicious software, a Learner will first question what type of file is being dealt with, its origins, the software’s capabilities, and when it might have been created. Additionally, a determination will need to be made whether to proceed with a more detailed analysis. This module uses pestudio to carry out this initial analysis.

Elastic: Endpoint Security | As a Learner, you will act as someone working in Commensurate Technology. Unfortunately, you discover a department is using outdated Windows without any antivirus enabled, as well as Microsoft Defender being disabled. Deploying Elastic Endpoint Security to Windows 10 and running malware, you will observe remote administration tool runtime.

XML External Entities: Fix | XML External Entities injection (also known as XXE) is a vulnerability that occurs when insecurely parsing XML documents. Learners will learn to remediate an XXE vulnerability and which contexts XML parsers allow or disallow external entities.

Elastic: Detection Rules | Elastic has open-sourced a rich set of over 500 detection rules for its detection engine. These are developed publicly and are open to contributions from the community, in addition to the tools necessary for the development of new rules. Learners will review the process of developing a rule and deploying it to Detection Engine.

Process Injection (Process Hollowing) Detection | An advanced module for users to learn about the detection of process hollowing, which is an injection technique used by malware to inject malicious code into a legitimate process.

Windows – Rundll32 Detection | Advanced hands-on experience using Process Explorer, Sysmon, and tasklist to identify legitimate versus illegitimate rundll32 executions.

Additional Modules

Additional modules added in the last month include Tracing with strace and ltrace, Scheduled Tasks Introduction, Identifying Signatures with Microsoft Defender, Email Header Analysis Basics, Elastic: Detection Engine, Types of Vulnerabilities, Threat Intelligence, PCAP Forensics – ICMP Tunneling, Ansible: Templating, Placement Initiative, and Types of Phishing Emails and Techniques.

As RangeForce adds new content, we also make platform enhancements to improve the experiences of our Learners and Admins. Our user feedback is critical to these changes. Here’s a few highlights that we’d like to share with you:

  • Admins are now able to split their Learners and create their own Teams. This capability can be found in the Organization tab by selecting Teams – Add New Team. Once a parent team and license have been selected, Learners can be invited via email. Teams are a useful way to assign training plans and view separate reporting.
  • Admins now have the ability to assign training plans to either an entire Team or individual Learners. Training plans can still include full courses and individual modules with or without a due date. Training plans are a great way to engage users in our wide range of content.

If you’re interested in learning more about the RangeForce platform or seeing our full course catalog, request a demo here or contact our sales team at sales@rangeforce.com.

Related posts

(AR)² Readiness Program™

Learn More about (AR)2

Get a custom demo

Take your team's cyber readiness to the next level

Request Demo