Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Securing Cloud-Based Applications with Docker

Introduction to Docker In this article, we'll first introduce Docker and try to explain how it works. After setting the stage, we'll simulate the file upload
Read More
Article

Getting started with Damn Vulnerable iOS Application

In this article, I will write about how to get started with Damn Vulnerable iOS Application. Damn Vulnerable iOS App (DVIA) is an iOS application that I wrot
Read More
Article

How to Perform a Safe Password Analysis

It's one of the most exciting moments in a security researcher's work: while looking through an obscure log file, you see strings like "James1984" and "Secur
Read More
Article

Lights and shadows on the capabilities of the NSA

Introduction The documents leaked by Edward Snowden revealed to the world the amazing spying machine built by US intelligence, its capabilities appears virtu
Read More
Article

Common Linux Misconfigurations

Over the numerous configuration reviews and pentest engagements that we have performed for our clients, we’ve observed a common pattern in the configuration
Read More
Article

Top 10 Common Misconceptions About Application Whitelisting

Application Whitelisting is a technology that has been in use in the security world for quite a long time. For those who may not already be familiar with AWL
Read More
Article

The Importance of Session Regeneration

1. Introduction Users of web applications are recognized by session IDs. That's why it's obvious that session management is an important subject. Session man
Read More
Article

Ten Important Privacy Threats

1. Introduction As the Internet becomes more and more important to our lives, the challenge is to enjoy the conveniences of online activities while reducing
Read More
Article

Reverse Engineering with Reflector

Abstract We have already got the taste of reverse engineering with Reflector in the previous paper. It was basically a kick-start about this dissembling tool
Read More
Article

Android application security testing guide: Part 1

Android is a Linux kernel mobile platform that has been popular throughout its existence on a huge variety of devices, especially mobile smartphones. Most or
Read More
Article

Applied Reverse Engineering with IDA Pro

This editorial is committed to subverting the essential security restriction mechanisms of a native binary executable by employing the IDA Pro Dissembler. Th
Read More
Article

NSA Backdoor Part 2, BULLDOZER: And, Learn How to DIY a NSA Hardware Implant

This article is the second part of a series on NSA BIOS Backdoor internals. This part focuses on BULLDOZER, a hardware implant acting as malware dropper and
Read More
Article

Injecting spyware in an EXE (code injection)

Implanting malicious code in the form of spyware to an existing running process is one of the more sophisticated tasks. Before the advent of disassembler or
Read More
Article

Malvertising: A Growing Threat at the Start of 2014

Word Meaning The term "malvertising" is coined through the combination of two words – "malware" (i.e., "malicious software") and "advertising."[pkadzone zone
Read More
Article

Recycle bin forensics

An icon on the Windows desktop represents a directory in which deleted files are temporarily stored. This enables you to retrieve files that you may have acc
Read More
Article

Limiting Automated Access

Automated tools are used to carry out many security attacks to online services. There are different protection mechanisms to narrow down such attacks and one
Read More
Article

Malware-based Attacks Against POS Systems

Introduction A sequence of data breaches suffered by principal US retailers Target and Neiman Marcus has put Americans on alert. A total of more than a hundr
Read More
Article

The Debate Over Network Neutrality in the EU and the USA

1. Introduction Network neutrality (also known as net neutrality or Internet neutrality) refers to a general principle that Internet service providers (ISPs)
Read More
Article

Manual Web Application Penetration Testing – Suffix & Prefix in Fuzzing

Introduction In this series of articles, last time we talked about fuzzing and various SQL statement special characters which can be used in fuzzing a web ap
Read More
Article

Skype Forensics

Skype is an application that enables voice and video calls, instant messaging, file transfers, and screen sharing between users. Millions of people download
Read More
Article

Privacy Implications of Automatic License Plate Recognition Technology

ALPR – Technical Specifications The majority of ALPR devices are mounted on bridges, road signs, and poles near traffic lights or outside public buildings
Read More
Article

C# Compiler Development

Introduction This article elaborates the complete life cycle of making a custom interactive C# compiler, much like one of an existing CSC.exe. It is hard to
Read More
Article

RansomWar(e)

There is a notable upsurge in the number of ransomware attacks in the past couple of months, and undoubtedly the emergence of the CryptoLocker ransomware is
Read More
Article

Hidden Phishing Threats

By now, the risks associated with phishing are well-known and well-documented. What is often misunderstood or overlooked is a hidden threat related to phishi
Read More