Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

System address map initialization in x86/x64 architecture part 1: PCI-based systems

This article serves as a clarification about the PCI expansion ROM address mapping, which was not sufficiently covered in my "Malicious PCI Expansion ROM" ar
Read More
Article

Email encryption: Mailvelope

Between constant password breaches and the NSA looking in on everything you do, you've probably got privacy on the mind lately. If you're looking for a litt
Read More
Article

Online dictionary attack with Hydra

When an attacker wants to learn credentials for an online system, he can use brute force or a dictionary attack. This article introduces these two types of a
Read More
Article

Penetration testing of web services with CGI support

This article shows hands-on penetration testing using an Apache server with CGI access; it identifies some vulnerabilities and performs exploits attacking th
Read More
Article

OSINT (Open-Source Intelligence)

With an estimated 80% of required information available for use in an open source for specific information vital for a deep analysis in newspapers, magazines
Read More
Article

Phishing with Data URI

Phishing Phishing is a method of e-mail fraud that is used to gather personal and financial information from the recipients. According to Wikipedia, phishing
Read More
Article

WSUS (Windows Server Update Services)

Introduction Windows Server Update Services (WSUS) can be used to manage the deployment of the latest Microsoft Windows operating system updates. When usi
Read More
Article

XKeyscore: NSA’s Surveillance Program

Introduction The former contractor for NSA, Edward Snowden, became famous for revealing PRISM, a confidential mass surveillance program run by the U.S. agen
Read More
Article

IOS Application Security Part 16 - Runtime Analysis of IOS Applications using iNalyzer

In the previous article, we looked at how we can perform static analysis of IOS Applications using iNalyzer. In this article, we will look at how we can use
Read More
Article

The Hunt for Memory Malware

Memory forensic is a skill to find out all the artifacts in the memory that is present in the running computer. It is an interesting method to find out what
Read More
Article

Using Hashes in Computer Security

1. Introduction Hashes are often used in computer security. This article presents how data integrity, authenticated data integrity and non-repudiation can
Read More
Article

Penetration testing of an FTP service

In this article we are going to learn how to configure ProFTPD service in a CentOS machine. After that we will conduct penetration testing to evaluate the se
Read More
Article

Python for Web application security professionals

Introduction: Python is an open source, interactive, object oriented programming language. It's very easy to learn and an extremely powerful high level langu
Read More
Article

IOS Application Security Part 15 - Static Analysis of IOS Applications using iNalyzer

In the previous article, we looked at how we can use Sogeti Data protection tools to boot an iDevice using a custom ramdisk with the help of a bootrom exploi
Read More
Article

PsyOps and Socialbots

Introduction Social media are the principal aggregation "places" in cyberspace; billions of connected people are using it for a wide variety of purposes from
Read More
Article

Keygenning: Part I

Introduction : A key generator or a Keygen is a computer program that will generate a valid « Product Serial or Key » in order to completely register a soft
Read More
Article

Penetration Testing for iPhone Applications — Part 6

In Part 1 of the article we have discussed about the iPhone application traffic analysis. Part 2, Part 3, and Part 4 covered in-depth analysis of insecure da
Read More
Article

Weapon of anonymous

Before starting, I would like to give a small preview about the topic. This article focuses on the world famous hacker group, known as "Anonymous." I will be
Read More
Article

Doxing: The Dark Side of Reconnaissance

Introduction: [pkadzone zone="main_top"] Doxing is a coin with two sides. Doxing can be used for security, research and collecting proof for investigation i
Read More
Article

Android Master Key Vulnerability—PoC

The recently discovered master key vulnerability in Android has given a jolt to the Android team and other parties involved. This vulnerability allows attack
Read More
Article

U.S. Cyber Policy – Course and Legal Aspects

Image courtesy of Gualberto107 / FreeDigitalPhotos.net [pkadzone zone="main_top"] Introduction Cyber policy is an important issue that many would qualify
Read More
Article

IOS Application Security Part 14 - Gathering information using Sogeti Data Protection tools

In the previous article, we looked at how we can boot a device using a custom ramdisk using Sogeti Data protection tools. In this article, we will look at ho
Read More
Article

Databases—vulnerabilities, costs of data breaches and countermeasures

This post introduces principal database vulnerabilities, providing an overview of the possible effects for their exploitation. For each database vulnerabil
Read More
Article

IOS Application Security Part 13 - Booting a custom Ramdisk using Sogeti Data Protection tools

In the previous article, we looked at how we can use Keychain-Dumper and Snoop-it to analyze and dump the contents of the Keychain from an IOS device. In thi
Read More