Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Managed C++/CLI Programming: Part-1

Abstract This article illustrates the theory and principle behind C++/CLI programming in a .NET CLR context. We shall investigate the remarkable features of
Read More
Article

Hacktivism: Means and motivations … what else?

The term "hacktivism," derived by combining hack and activism, refers to the use of computers and any other IT system and network to debate and sustain a pol
Read More
Article

Understanding Windows Internal Call Structure

Microsoft Windows is a modular architecture. Windows Components are split into smaller pieces known as DLL (Dynamic-Link Library) and sys files (system files
Read More
Article

Windows Systems and Artifacts in Digital Forensics, Part II

Introduction For Part I of these series, please visit this page: https://resources.infosecinstitute.com/windows-systems-and-artifacts-in-digital-forensics-pa
Read More
Article

Estonia: To Black Out an Entire Country – part one

Introduction The cyber-attacks that befell Estonia in 2007 is a case much discussed and underrated at the same time. Many tend to ignore the eloquent fact th
Read More
Article

Pin: Dynamic Binary Instrumentation Framework

Introduction Pin is a DBI framework for IA-32 and x86-64 architectures, which can be used for dynamic analysis of the binary program at run time. When using
Read More
Article

IOS Application Security Part 19 - Programmatical Usage of Introspy

In this article, we will look at how we can Introspy as a python module in our scripts. The first thing to do is to import the introspy module and Namespace
Read More
Article

Web Services Penetration Testing Part 1

Introduction: Web application security is quite popular among pen testers, so organizations, developers and pen testers treat web application as primary att
Read More
Article

Ajax Security Issues

This article is about exploring major security issues we come across during assessment of Ajax based applications. AJAX: Ajax or 'Asynchronous JavaScript an
Read More
Article

Windows Phone Digital Forensics I

Abstract Abbreviated as WP, Windows Phone is a new Smartphone operating system developed by Microsoft in order to succeed the old Windows Mobile, and this "
Read More
Article

Enterprise Security Management

An enterprise invests considerable amount of time in its day to day scanning and managing patched for the infrastructure. But, an enterprise psychological an
Read More
Article

Fixing CSRF vulnerability in PHP applications

Cross Site Request Forgery or CSRF is one of top 10 OWASP vulnerabilities. It exploits the website's trust on the browser. This vulnerability harms users' an
Read More
Article

Linux Kernel Development Process

Introduction When I was listening to the question and answer session at LinuxCon, there was some interesting discussion going on: some of the latest news inf
Read More
Article

Windows systems and artifacts in digital forensics, part I: registry

Learning about artifacts in Windows is crucial for digital forensics examiners, as Windows accounts for most of the traffic in the world (91.8 of traffic com
Read More
Article

IOS Application Security Part 18 - Detecting custom signatures with Introspy

In the previous article, we looked at how we can use Introspy for Black-box assessment of IOS applications. In this article, we will look at how we can use I
Read More
Article

Social engineering: A hacking story

In this article I am going to discuss social engineering attacks, starting with the questions: "What is social engineering?" and "What are the types of these
Read More
Article

Patching .NET Binary Code with CFF Explorer

Abstract The purpose of this article is to show how to bypass various security checks by modifying binary code directly, rather than source code, through th
Read More
Article

Conditional Complexity of Risk Models

Introduction "Conditional complexity" (also called cyclomatic complexity) is a term used to measure the complexity of software. The term refers to the numbe
Read More
Article

Backup Media Encryption

The problem Information Security is like a chain: it is only as strong as its weakest link. You can protect your network with expensive firewalls, use audit
Read More
Article

Web services penetration testing part 1

Web application security is quite popular among the pen testers. So organizations, developers and pen testers treat web applications as a primary attack vect
Read More
Article

Hacking Satellites … Look Up to the Sky

Introduction Satellites have assumed a crucial role in our contemporary society; they are used in both private and public sectors for numerous purposes, from
Read More
Article

Peeping the Social media

1. Synopsis Nowadays it is hard to find a person who doesn't sign in to any social medium at least once a week by using gadgets like a smartphone, tablet, or
Read More
Article

IOS Application Security Part 17 - Black-box assessment of IOS Applications using Introspy

In this article, we will look at how we can use Introspy for Black-box assessment of IOS applications. Introspy is developed by ISEC partners and its github
Read More
Article

Protect Data by Preventing Insecure Cryptographic Storage

Daily, we read news about hacking and data leaks. Hackers are really active these days. So, it is our responsibility to prevent them in getting unauthorized
Read More