RangeForce Content Rewind | December 2021

Welcome to the RangeForce Content Rewind. In December, we added 17 modules to the RangeForce platform to continue supporting your cybersecurity training needs.

With all-new training being added to the RangeForce platform each week, we wanted to take a moment and highlight some of the new modules available on the platform.

Take a look at the list below to get acquainted with our top additions from the past month. Be sure to give our new modules a try and let us know what you think!

New Training Modules

CVE-2021-44228 Log4Shell | Log4Shell is a remote code execution vulnerability affecting the Apache Log4j logging library versions 2.0 to 2.14.1. Learners will discover how the vulnerability works, attempt to exploit a vulnerable service, and see how to detect the issue in one’s own applications.

Malware Sandboxing | Malware sandboxes allow cyber-security specialists to analyze malware samples in a secure and automated fashion. Many modern solutions perform static and dynamic analysis to identify indicators of compromise, as well as providing detailed information on the network communications and actions performed by the malicious software.

Sandbox Evasion Techniques | Learners will walk through sandbox evasion techniques used by malware and demonstrate with examples. Utilizing these tools can provide great insight into the inner workings of malicious software, which threat actors are constantly seeking to improve.

Identifying Packers | As malware authors are interested in hiding their software from antivirus products, they tend to obfuscate their malware in various ways. Learners will particularly focus on one of these obfuscation tactics, packing. This will include being able to tell if an executable has been packed and how to detect which type of packer has been used.

Introduction to Elastic | Elastic Stack enables individuals to take data reliably and securely from any source in any format, using it to search, analyze, and visualize in real time. It can generally be applied in three broad categories: enterprise search, observability, or security. Security teams using elastic security are enabled to stop threats quickly and at cloud scale, with the best-in-class platform for prevention, detection, and response.

Elastic: Case Management | Users will be acting as a security analyst at Commensurate Technology, which has recently seen an employee trigger a suspicious alert that must be investigated and resolved as soon as possible.

DLL Search Order Hijacking Exercise | An advanced continuation of how DLLs operate, specifically through incident response investigations to identify threats.

Rundll32 Exercise | This module will provide Learners with practical examples of generated alerts using rundll32, which will need to be investigated to recognize possible malicious executions amongst benign activity.

Office Macros Introduction | An intermediate introduction to the basics of both legitimate and illegitimate uses of macros and how they can be leveraged by an attacker.

Additional Modules

Additional modules added in the last month include Ansible: Ansible Galaxy, Introduction to RansomEXX Ransomware, Introduction to BlackMatter Ransomware, SAS Email Challenge, Process Injection (Process Hollowing) Exercise, Data Protection Assessment, Introduction to Ryuk Ransomware, and Introduction to REvil Ransomware.

As RangeForce adds new content, we also make platform enhancements to improve the experiences of our Learners and Admins. Our user feedback is critical to these changes. Here’s a few highlights that we’d like to share with you:

  • Admins are now able to split their Learners and create their own Teams. This capability can be found in the Organization tab by selecting Teams – Add New Team. Once a parent team and license have been selected, Learners can be invited via email. Teams are a useful way to assign training plans and view separate reporting.
  • Admins now have the ability to assign training plans to either an entire Team or individual Learners. Training plans can still include full courses and individual modules with or without a due date. Training plans are a great way to engage users in our wide range of content.

If you’re interested in learning more about the RangeForce platform or seeing our full course catalog, request a demo here or contact our sales team at sales@rangeforce.com.