[Discussion] Continuation of FRSTClasses?

Hey All!

So originally, I had joined here to hopefully get into the training for FRST - namely I'm interested in learning more about:

• Infection Identification
• Infection Eradication/Recovery
• Applied usage of FRST during the other 2 points (I am aware of the post that explains general use - but looking for more directed examples against prevalent threats)

Unfortunately, I heard through the grapevine that the classes/training for FRST were closed

I'm wondering:

• What were the reasons/rationale that the classes were ended - maybe we could crowdsource the work a bit?
• Can we open up the educational material that was used in these trainings to the forum users to help strengthen and give back to the security community?

Part of being a member of the security community means educating and spreading knowledge with each other to improve the worlds general security posture and to keep Sisyphus' boulder rollin'. I know it can be a time constraint to offer classes specifically, but I can't foresee any rationale as to why we couldn't share texts used, resources, etc. If this is a hard "no because I say so" that's fine too. I would love to spread what information I can find and take that endeavor on.

Hoping to find some greater clarity and keep the interest in the field alive and well despite the challenges that come along with changing times (using Discord as c2 channels... you gotta give 'em credit for creativity at the very least)

Have a read here https://www.bleepingcomputer.com/forums/t/780727/bleeping-computers-malware-removal-training-program-discontinued/

Yep thats the post I was referring to - Nothing is really explained in there to be perfectly honest. Saying today's malware can't be removed is a pretty heavy over-generalization to be perfectly frank. Yes, some things like ransomware aren't ideal candidates but there are plenty of things still around that can be like browser hijackers, malicious extensions, general adware, and so on.

In all transparency - I noticed that user Elise was inactive for nearly a year prior to responding to that thread, so I'm wondering if there just wasn't enough time available to host these classes, or if there wasn't enough interest from the community?

I have a feeling there is other reasoning/rationale behind the move and am curious about that aspect. Further, still looking to see if the other points in my post can be addressed regarding releasing the educational material and/or training material as to how FRST was being used to address malware. If not, like I said, that's totally fine - I plan on taking that on and sharing resources in posts here for others reading.

Edited by SwimminThruGrey, 12 November 2024 - 12:54 PM.

Those hijacks are sometimes included in ransomware infections

Which is fine, but to say that we can't provide any training because some infections are hard seems quite odd/not the full story to me, in my own opinion.

Edited by SwimminThruGrey, 12 November 2024 - 12:57 PM.

Well, that's the facts in the matter and remember this was a volunteer program offered for FREE.

If you want to learn malware removal, then I would highly recommend looking at SANS Institute for proper training.

Totally understand, like I said - sh!t happens, if someone didn't have the time to support a class that's totally understandable. The economy in the states here isn't great and most are pretty busy as of late - I would be happy to fill in that gap as much as possible in my own way - not looking to "replace" in any way. OSINT is life.

Last, SANS is incredibly expensive. I'll hit on this point once more - I don't see what the harm would be in sharing the educational materials that were used in the training courses (which were free), unless there were concerns about efficacy in said materials. If that is the case, that's fine too of course. Just looking for transparency/clarity here so I can better plan my approach.

Security behooves everyone, I don't see a point in gating "how to find out if someone broke into your house and is spying on you or planning to harm you" behind a paywall. That feels perverse at best, people have a right to know if their digital life is in jeopardy.

Can I ask you what you know about cyber security as it pertains to Red and Purple Teaming?

Yeah! I mostly am a professional Blue Teamer, but in my free time I like bug bounty hunting (ethically, of course - do no harm), CTF challenges and the like. The synergy between knowing both sides helps in whatever the efforts are for a given team.

So for example, when working within a Blue Team context, knowing how Red Teams do it helps to bolster the blue team. When working from a Red Team perspective in CTFs or hunting for bugs, knowing how the Blue Team is doing things helps me to dodge those and find serious problems.

It helps with burnout too to be bouncin' around a bit. That's the nice part about Cyber/Info Sec - lots of room/flexibility in what you do. Accountants hang up their hats at the end of the day, cyber sec is life! 

Edit: I forgot to mention! I want to get into malware research and reversing as well. I find it fascinating to see what sneaky tricks threat actors are using from an academic standpoint. Life can be so monotonous sometimes, its cool to experience new thoughts, techniques, etc. ^_^

Edited by SwimminThruGrey, 12 November 2024 - 02:19 PM.

Are you aware of this?: FRST Tutorial - How to use Farbar Recovery Scan Tool

Reading and studying everything you can are the first steps in learning.

Malware Analysis & Forensics:

• How You Can Start Learning Malware Analysis
• What is Malware Analysis?
• A Step-by-Step Journey into Malware Analysis
• A Step-by-Step Journey into Malware Analysis
• 5 Steps to Building a Malware Analysis Toolkit
• Malware Analysis: An Introduction by SANS Institute
• Anatomy of a ransomware attack
• Anatomy of Exploit Kits and drive-by download attacks
• Anatomy of a drive-by download web attack
• How Malware Spreads - How your system gets infected

Advanced Malware Analysis & Forensics Resources:

• Using Memory Forensics to detect Malware processes
• Dr. Fu's Security Blog...Malware Analysis Tutorials: a Reverse Engineering Approach
• Practical Malware Analysis
• Memory forensics: How to detect and analyse memory-resident malware
• Cuckoo Sandbox: Automated Malware Analysis
• Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
• Ransomware identification for the judicious analyst
• Analyzing Ransomware - Completing a FULL Analysis by Michael Gillespie
• Analyzing Ransomware Video - Dumping a CryptoAPI Keygen by Michael Gillespie

Malware Analysis Tools:

• Top 15 Essential Malware Analysis Tools
• The Top 10 Malware Analysis Tools
• 11 Best Malware Analysis Tools and Their Features

Up close and personal with Linux malware

Compared to Windows malware, Linux malware tends to be less obfuscated and easier to analyze. Obfuscation is often added to evade detection by security products. Since there are often no security products to bypass, the bar is lower and attackers skip this unnecessary step.

• Anatomy of a Linux Ransomware Attack
• Hunting Linux Malware for Fun and Flags
• Linux Malware Threat Hunting Primer - Part I
• Linux Threat Hunting Primer - Part II