Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Cyber Extortion

Data Held Hostage In the digital age, data has incredible value. Not only for business purposes, but also for criminal intent. It draws the interest of cyber
Read More
Article

Disassembler Mechanized Part 2: Generating C# and MSIL code

Introduction In the previous papers, we have showcased the essential configuration in terms of external DLL importing into the solution and NuGet package ins
Read More
Article

R00t This Box

Here's a challenge, root this box. We found a vulnerable machine named Hackademic RTB1. The main challlenge is to root the box with admin privileges and capt
Read More
Article

IT Security 101: Prevent Weak Passwords

Passwords have been part of IT since long before the age of the desktop PC. However, now more than ever, systems administrators need to re-examine their pass
Read More
Article

How the NSA Monitors Target Computers with Radar Wave Devices

Introduction Germany's Der Spiegel has published a couple of disturbing articles on the NSA surveillance activities. The media agency has focused its article
Read More
Article

2014 - The year of changes

The year 2014 will be a year of continued change in the ICT security world. It will be a year in which some very fundamental, unfinished business that origin
Read More
Article

System address map initialization in x86/x64 architecture part 2: PCI express-based systems

This article is the second part of a series that clarifies PCI expansion ROM address mapping to the system address map. The mapping was not sufficiently cove
Read More
Article

Cyber Security During The Holidays

Introduction It's the holidays, a key time for cybercrime that exploits the bad habits of unaware internet users. Attackers can defraud and monetize their ac
Read More
Article

Beyond password length and complexity

(or "Why PCI-DSS-Compliant Passwords Aren't Enough" or "PCI-DSS-Compliant Password Analysis Reveals One-Quarter Still Trivially Compromisable") Thanks t
Read More
Article

HIDS—A Simplified Design Construct

This article will briefly discuss the host-based intrusion detection system (HIDS) and an abstract approach that can be used to design an application firewal
Read More
Article

Coding of Disassembler

We have practiced much disassembling by using assembly de-compilation tools such as Reflector, ILSpy, etc. Although such tools offer many advantages and are
Read More
Article

SCA, For a Secure SDLC

Today's cyberspace has become a dangerous place for individuals and businesses. Vulnerabilities are exploited using sophisticated malware and complex hacking
Read More
Article

OSSEC

Introduction In this article we'll present the open source host-based intrusion detection system, which is needed if we would like to detect host-based attac
Read More
Article

Cloud Forensics: An Overview

Introduction When discussing cloud forensics, we're actually talking about the intersection between cloud computing and network forensic analysis. Cloud comp
Read More
Article

QEMU Windows Guest: Bridged Networking

Bridged networking can be used when we want our guest virtual machine to get the IP address from our router and be able to see the host and all other machine
Read More
Article

QEMU Windows Guest: Networking

There are different kind of backend networks that we can use with QEMU. In order to specify the backend network, we need to use the -netdev command-line opti
Read More
Article

Forensic Investigation on Windows Machines

Digital forensics is the process of identifying and collecting digital evidence from any medium, while preserving its integrity for examination and reporting
Read More
Article

QEMU Windows Guest: Installing the Operating System

Now that we've created the image for our guest, we must continue with installing the operating system on it. In Virtualbox/VMWare, we usually select the CD-R
Read More
Article

Security Predictions for 2014

As the year 2013 draws to a close, we decided to make some predictions for the most popular Security Trends in 2014. Here is what we think are the major poin
Read More
Article

Adobe CQ Pentesting Guide – Part 1

This post deals with the step-by-step security testing guidelines for Adobe CQ installation. Adobe CQ is Adobe's new Web Experience Management software portf
Read More
Article

Securing Your Java Code 2

For Part 3 [pkadzone zone="main_top"] SQL Injection SQL injection occurs when a user sends malicious data to an interpreter as an SQL query. The a
Read More
Article

Vulnerability Scanning with Metasploit: Part II

In the previous article, we learned how to perform a network vulnerability assessment by using the OpenVAS plug-in. In this continuation, we will see how to
Read More
Article

The Mechanics of Metasploit

Metasploit is exquisitely prevalent amongst penetration testers and especially hackers because it makes it very easy to develop and launch exploits for softw
Read More
Article

Business Continuity & Disaster Recovery

Business Continuity Within a business continuity plan exists a few steps: Business Impact Analysis (BIA) This involves determining the operational and f
Read More