Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

iOS Application Security Part 32 - Automating tasks with iOS Reverse Engineering Toolkit (iRET)

While doing security audit of iOS apps, there are a lot of tasks that we have to repeat every time. This includes finding out the class information for the a
Read More
Article

NJVC and InfoSec Institute Partner to Provide Cyber Security Training Services

CHANTILLY, Va., March 18, 2014— NJVC®, an information technology solutions provider headquartered in northern Virginia,  and InfoSec Institute, an informatio
Read More
Article

From Turbine to Quantum: Implants in the Arsenal of the NSA

Introduction The revelations of Edward Snowden totally changed our perception of NSA cyber capabilities. Day by day, the IT security community is reading abo
Read More
Article

Vulnerable Encoded URL

This paper especially pinpoints the poor practice of cryptography in URL, which is typically implemented to encrypt sensitive data residing in the website UR
Read More
Article

Hooking the System Service Dispatch Table (SSDT)

Introduction In this article we'll present how we can hook the System Service Dispatch Table, but first we have to establish what the SSDT actually is and ho
Read More
Article

Hooking System Calls Through MSRs

Download the code associated with this article by filling out the the form below.  In this article we presented the details of using sysenter instruction to
Read More
Article

Hooking IDT

Download the code associated with this article by filling out the the form below.  Once we've already gained access to the system, we can use various post
Read More
Article

IOS Application Security Part 31 - The problem with using third party libraries for securing your apps

In this article, we will talk about why we shouldn't completely rely on using third party libraries for securing our apps. Usually, some of the things we try
Read More
Article

Building Cryptographically Secure Cloud Applications

1. Introduction to the Problem Crypton is an open-source project provided by SpiderOak with the purpose of solving privacy and security problems through clou
Read More
Article

Approaches to Information Gathering in Physical Penetration Testing - Part I: Gathering Information via Photography

1. Introduction The first phase of an attack, and in a security assessment, is to gather as much data on the target as possible. It is actually considered on
Read More
Article

The Future is Now: Car Hacking

Preface: "Modern Cars" As Dr. Charlie Miller & Chris Valasek stated in their research paper Adventures in Automotive Networks and Control Units, "Automob
Read More
Article

Notes On Biometric Template Security

In this article I am going to tell you about biometric template security and current technologies in which researchers are working to improve biometric templ
Read More
Article

Xerxes Challenge

In this article we are going to solve another challenge of Xerxes. Xerxes is historically known as a god king, but here Xerxes is a vulnerable machine and o
Read More
Article

Crimea – The Russian Cyber Strategy to Hit Ukraine

Introduction The year 2014 started with a diplomatic crisis in Crimes and Ukraine. The tension rose just after the 2014 Ukrainian revolution, in which the go
Read More
Article

IOS Application Security Part 30 - Attacking URL schemes

In this article, we will look at how we can use a feature in iOS named url schemes to exploit an application. URL schemes are used by applications to communi
Read More
Article

A Guide to Debugging Android Binaries

In this paper, I'll describe how to start reverse code engineering in Android devices. In this tutorial, you'll learn: Installation & configuration of A
Read More
Article

Applied SSL in Dot NET - Volume 2 –Installation, Testing

The first volume of this series addressed the hypothesis of the secure socket layer (SSL) in the context of .NET based websites. We have obtained a thorough
Read More
Article

The Top 8 Ways That Privileged Accounts Are Exploited

Over the last six months the name Edward Snowden has been appearing in the news on an almost daily basis. He has appeared in articles about the US government
Read More
Article

SSL in Dot NET – Volume 1 - Hypothesis

Abstract Typically, Internet banking and e-commerce websites are considered to be highly secure, with web mechanisms that implement more foolproof solutions
Read More
Article

Kernel debugging with Qemu and WinDbg

If you're used WinDbg before, you might already know that you can debug the whole Windows operating system with it. To do that, you must have two Windows ope
Read More
Article

Car Hacking: You Cannot Have Safety without Security

Introduction The theme of the car hacking is increasingly discussed by the media and within the security community. At one time, the exploits of hackers that
Read More
Article

Shared Folders with Samba and Qemu

In this tutorial we'll take a look at how we can install and configure the Samba server on a host operating system to create a shared folder, which the guest
Read More
Article

Testing Hooks via the Windows Debugger – An Introduction to RevEngX

RevEngX RevEngX is a freely available extension for the Debugging Tools for Windows. It offers several new commands to simplify the work of reverse engineeri
Read More
Article

OpenVPN

Introduction In this tutorial we'll talk about OpenVPN client connection settings, which come in handy when the connection to the OpenVPN server does not wor
Read More