RangeForce Content Rewind | September 2021

Welcome to the RangeForce Content Rewind. In September, we added 26 modules to the RangeForce platform to continue supporting your cybersecurity training needs.

With all-new training being added to the RangeForce platform each week, we wanted to take a moment and highlight some of the new modules available on the platform.

Take a look at the list below to get acquainted with our top additions from the past month. Be sure to give our new modules a try and let us know what you think!

New Training Modules

Battle Path: MITRE ATT&CK (BETA) | This new Battle Path has been added to exhibit and explain the top MITRE ATT&CK techniques based on the Red Canary 2020 threat report. Throughout the various courses included, Learners will cover the following stages: execution, persistence, escalation, and evasion. Here are a few of the new modules you can find in this Battle Path:

• Windows - System Services - Service Execution Detection/Exercise | In two modules, Learners will receive hands-on experience using Service Execution in a Windows context, including typical use cases for normal execution and how malicious actors can misuse it. Once users understand the background, they will complete incident response investigations to determine threats.
• Process Injection (Process Hollowing) Introduction | Understanding the basics of how Windows processes interact with memory, as well as what process hollowing is and how it can be used by an attacker.
• Rundll32 Introduction | Users will explore rundll32’s operation and how it can be used with malicious intent, keeping in mind adversaries often leverage and abuse trusted processes to hide and cover their malware.

Battle Path: Reverse Engineering (BETA) | This new Battle Path focuses on the skills needed for anyone looking to gain knowledge in fields which require knowledge of reverse engineering. These career paths include security research, malware analysis, etc. The following are a few examples of the modules you can find in this Battle Path:

• X86 Calling Conventions – System V ABI | Calling conventions are used as a scheme for how subroutines receive parameters from their caller and the result returned. This module will cover one of the most widely used calling convention, System V AMD64 ABI, which is the de facto standard in 64-bit Unix.
• .NET Application Reverse Engineering | .NET is a programming framework developed by Microsoft which powers many modern applications, making .NET a common choice for malware developers. This makes it essential for security professionals to learn its inner workings by learning how to analyze and reverse engineer.
• Dynamic Analysis Challenge: Bomb Defusal | An advanced hands-on challenge which takes a Learner through the process of reverse engineering and defusing a “bomb” placed within his/her workstation.

Azure Security Management | Cloud systems evolve at a quick speed, proving to be a challenge for companies migrating their workload to the cloud and trying to keep up with the security management used with the on-premise environments. Users will learn the tools Azure has as part of the Cloud Security Posture Management to help with security configuration, governance, and automation.

Static Analysis Challenge | In this hands-on challenge, the Learner has decided to get involved and download the Bitcoin Core client from the internet. Unfortunately, all Bitcoin was lost due to the lack of time spent verifying the validity of the GPG signatures. To investigate, the user will reverse engineer a backdoored Bitcoin wallet application.

Ansible: Introduction to Roles | Ansible is an open-source software used for application deployment, configuration management, and infrastructure orchestration. In this module, Learners will convert a playbook into Ansible roles and use the roles to deploy a web application on multiple machines.

Microsoft Defender ATP | Go through an overview of the Microsoft Defender ATP platform and its capabilities in an enterprise environment.

Cybersecurity Kill Chain | Learners will be introduced to the idea of the cyber kill chain, which is used globally by security professionals.

Windows Malware | Get to know the different types of malware that affect Windows operating systems and how they relate to the cyber kill chain, including practical examples of malware being executed in a live environment.

Additional Modules

Additional modules added in the last month include FMA Snapshot 2.0, Elastic: Elastic Agent – Integrations & Policies, Boot or Logon Autostart: Registry Run Keys Exercise, Cybersecurity Terminology, Vim Usage: Registers and Macros, Elastic: EQL – Introduction, Debugger Usage: GDB, Windows – Parent PID Spoofing Detection, Reverse Engineering Tool: Strings, OSINT & Phish, Mshta Exercise, Meet the Adversaries, Incident Handling, Elastic: Elastic Agent – Installation on Windows, Debugger Usage: x64dbg, and DLL Search Order Hijacking Detection.

As RangeForce adds new content, we also make platform enhancements to improve the experiences of our Learners and Admins. Our user feedback is critical to these changes. Here’s a few highlights from the past month that we’d like to share with you:

• Admins are now able to split their Learners and create their own Teams. This capability can be found in the Organization tab by selecting Teams – Add New Team. Once a parent team and license have been selected, Learners can be invited via email. Teams are a useful way to assign training plans and view separate reporting.
• Admins now have the ability to assign training plans to either an entire Team or individual Learners. Training plans can still include full courses and individual modules with or without a due date. Training plans are a great way to engage users in our wide range of content.

If you’re interested in learning more about the RangeForce platform or seeing our full course catalog, request a demo here or contact our sales team at sales@rangeforce.com.