Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

API hooking

API hooking is a technique by which we can instrument and modify the behavior and flow of API calls. API hooking can be done using various methods on Windows
Read More
Article

iOS Application Security Part 33 - Writing tweaks using Theos (Cydia Substrate)

In some of the previous articles in this series, we have looked at how we can modify the behaviour of an application by patching it using IDA Pro, Hopper etc
Read More
Article

Invoking Assembly Code in C#

Abstract This article explains the techniques of inline Assembly programming by linking or invoking the CPU-dependent Native Assembly 32-bit code to C#.NET m
Read More
Article

Human-implanted RFID chips

In 1945, Léon Theremin, a Russian inventor, invented one of the first covert listening devices, also known as "bugs." The device was a predecessor of the Rad
Read More
Article

Information Security Policies

Organisations are giving more priority to development of information security policies, as protecting their assets is one of the prominent things that needs
Read More
Article

Murdering Dexter

In this article we are going to solve a Bot challenge. The name of the bot is Dexter and the vulnerable VM which we are going to use is created by Brian Wal
Read More
Article

Information gathering using Metasploit

Your goals during information gathering should be to gain accurate information about your targets without revealing your presence or your intentions, to lear
Read More
Article

Jus in Cyber Bello: How the Law of Armed Conflict Regulates Cyber Attacks Part II

Prohibition of Perfidy Article 37 of AP I - Prohibition of perfidy[pkadzone zone="main_top"] 1. It is prohibited to kill, injure or capture an adversary by
Read More
Article

ASP.NET Website Optimization

Writing optimized website code is considered to be one the most complicated tasks. Hence, this paper explores amazing server side configuration techniques an
Read More
Article

.NET penetration testing: Test case cheat sheet

Having a cheat sheet is a perfect starting initiative to assist you in generating ideas while penetration testing. A test case cheat sheet is often asked for
Read More
Article

Putting Unstructured Data Into Context: What the Cosmos Can Teach Us About Unstructured Data

How is it that something can be so incredibly large and minutely small at the same time? If you're as fascinated by natural science as I am, then you're like
Read More
Article

Cyber Threats against the Aviation Industry

Introduction The recent incident to the Malaysia Airlines Flight MH370 is fueling the discussion of whether would be possible to hack into an airplane and ga
Read More
Article

8570 Certification and the Way Ahead to 8140 Certification

Background on DoD 8570 Before certifications, the only measurement of someone knowing what they said they know was through an educational degree or an impres
Read More
Article

What Good is Tor?

To the uninitiated, Tor, formerly known as The Onion Router, is probably the most popular proxy network for internet anonmyzing. It's called an onion router
Read More
Article

Cookies with HttpOnly Flag: Problem in Some Browsers

1. Introduction When a cookie has HttpOnly flag set, then JavaScript cannot read it in case of XSS exploitation. This is actually the reason why HttpOnly fla
Read More
Article

3 Cyber Threats, One Simple Solution

Vulnerability management has become a huge challenge in today's malicious cyberspace. SQL Injections, Cross Site Scripting and DDoS Attacks are arguably the
Read More
Article

Hunting Session Fixation Bugs

Improper handling of session variables in asp.NET websites is considered a serious threat and opens various doors to malicious hackers. For instance, a sessi
Read More
Article

CompTIA Security+ SY0-401 vs. SY0-301 Changes [DECOMMISSIONED ARTICLE]

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Read More
Article

Server Side Includes (SSI) injection

Injection is a high-category vulnerability in web applications. Attackers and security auditors alike always try to find the kind of vulnerabilities which al
Read More
Article

SkypeFreak: A Cross-Platform Skype Forensic tool

This is a small tool that can be used to investigate Skype user accounts stored in your PC. First of all, let's learn how to investigate data manually. This
Read More
Article

Can My JavaScript Access Your Page Elements?

We all know that by using JavaScript you can do many things, for example read elements on a page, analyze the DOM, etc. Now assume that you logged into faceb
Read More
Article

Android hacking and security, part 1: Exploiting and securing application components

Mobile Application Security is one of the hottest segments in the security world, as security is really a big concern with growing mobile applications. In
Read More
Article

Information Security Policy For SME

Information security (IS) is a critical part of any small scale company and a big enterprise, and a challenge for any firm. Information security involves ver
Read More
Article

Exploiting by information disclosure, part 1

Information disclosure is considered to be a serious threat, wherein an application reveals too much sensitive information, such as mechanical details of the
Read More