Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

CBC byte flipping attack—101 approach

As usual, there are some explanations about this attack out there (see references at the end), but some knowledge is required to understand it properly, so h
Read More
Article

Incident Response and Forensic Martial Arts with Helix

Helix3 is a live CD for doing computer forensic investigation and incident response. It is built on top of Ubuntu and comes in both free and commercial forms
Read More
Article

Windows Communication Foundation

Part-1 Abstract [pkadzone zone="main_top"] Over the year, we have learned innumerable ways of consuming services across the network such as Remoting, COM, CO
Read More
Article

One-time passwords with token

1. Introduction One-time passwords are used to achieve higher security than traditional static passwords. They're often generated by tokens. This article pre
Read More
Article

Dictionary attack using Burp Suite

Nowadays internet usage is growing dramatically because of this, a vast majority of companies and individuals that provide services have a website so custome
Read More
Article

SANS Investigate Forensics Toolkit – Forensics Martial Arts Part 2

This is a continuation of the first article on SANS Investigate Forensics Toolkit. In this article we will be covering the rest of the tools discussed earlie
Read More
Article

SANS investigate forensics toolkit—Forensics martial arts part 1

The SANS Investigate Forensic Toolkit (SIFT) is an interesting tool created by the SANS Forensic Team and is available publicly and freely for the whole comm
Read More
Article

Android forensics: Cracking the pattern lock protection

In this paper I'll show you how to find an Android's user pattern lock. I assume that the technique that I'll demonstrate can work only on a rooted device. A
Read More
Article

WEB SERVER SECURITY

This article gives you a short and understandable summary about web servers, the different types of servers, the security add-on software installation proces
Read More
Article

Keyloggers: How they work and more

Below is a graphic that enumerates some methods of password pilfering, which serves as an introduction to the matter discussed: [pkadzone zone="main_t
Read More
Article

Steganography: What your eyes don’t see

Steganography is the art of hiding information to prevent detection of a hidden message. It has been used throughout history by many methods and variation, a
Read More
Article

Hacker proofing Apache & PHP configuration

SECURING APACHE Apache has been truly one of the dominant web servers of the World Wide Web. It's one of the best open source projects, Web Server for b
Read More
Article

.NET Memory Internals

Abstract This article delves into various aspects of memory access and management. There are distinctive categorizations of memory, for instance static data
Read More
Article

Writing Your Own Parser

Writing Data Format Parsers [pkadzone zone="main_top"] Abstract File format parsing and converting for further processing is a fundamental activity in many
Read More
Article

Fitting cyber attacks to jus ad bellum — Consequence-based approachPart III

I. Criticism and possible flaws of consequence-based approach and seven-factor test There are people from the field of law, and not only, who do not think t
Read More
Article

Geocoding Router Log Data

Any good piece of malware eventually has to phone home. What good is collecting your dirty little secrets if it can't capitalize on them? This article will h
Read More
Article

Cybercrime as a Service

Reading about cybercrime, it is very easy to find terms such as attacks-as-a-service, malware-as-a-service and fraud-as-s-Service, that are commonly used to
Read More
Article

Extreme .NET Reverse Engineering - 5

Introduction We have done lots of IL grammar so far. As I warned you earlier, Reverse engineering could be exercising both offensive and defensive motives.
Read More
Article

Fitting cyber attacks to jus ad bellum — Consequence-based approach Part II

The consequence-based duo tests The focus of this contribution is placed on two tests which employ the consequence-based approach that, in turn, aims to cat
Read More
Article

IOS application security part 12 - Dumping keychain data

In the previous article, we looked at the different ways in which we could analyze the network traffic and the api calls being made through an IOS applicatio
Read More
Article

Fitting cyber attacks to jus ad bellum — Consequence-based approach Part I

Introductory presentation While still reviewing the instrument-based theory, there was a slight allusion at some point that oftentimes from practical reason
Read More
Article

Content Spoofing

According to WhiteHat Security's annual study of about 15,000 websites, 86% had at least one serious hole that hackers could exploit, and content spoofing is
Read More
Article

Extreme .NET Reverse Engineering - 4

Introduction We shall explore round-trip engineering, which is one of the most advanced tactics to disassemble IL code in order to manipulate reverse engine
Read More
Article

.NET Reverse Engineering – 3

Introduction We have taken tour of the syntax and semantics of raw CIL up till now. In this article, we shall be confronted with the rest of implementation
Read More