Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Tabnabbing

What is Tabnabbing? As described by Aza Raskin, tabnabbing goes like this: when a simple JavaScript detects that the user has moved to another browser tab or
Read More
Article

Pentester Academy Command Injection ISO: SugarCRM 6.3.1 Exploitation

Introduction The Pentester Academy by Vivek Ramachandran had compiled a virtual machine that consists of various vulnerable real-world application. All the a
Read More
Article

Virtual Machine Introspection in Malware Analysis

What is Virtual Machine Introspection? The word "introspection" generally refers to the observation and examination of one's own mental and emotional state.
Read More
Article

USV: 2017 Part 2 CTF Walkthrough

In this article, we will continue the Capture the Flag (CTF) challenge which was posted on VulnHub by Suceava University. As you may already know from my pre
Read More
Article

Interview With an Expert: How Does a CISO Learn to Be a CISO?

The role of the chief information security officer (CISO) is quickly becoming more important as cybersecurity in general becomes more intertwined with compan
Read More
Article

Vulnhub machines walkthrough series — PwnLab-Init

Continuing with our series on Vulnhub machines, in this article we will see a walkthrough of another interesting Vulnhub machine called PwnLab-Init. Note:
Read More
Article

Important SQLMap commands

The SQLMap tool can be found in every penetration tester's toolbox. It is one of the most popular and powerful tools when it comes to exploiting SQL injectio
Read More
Article

QRL jacking

Quick Response Code Login Jacking (also known as QRL Jacking) is a social engineering attack by which the attacker can hijack the session, affecting all appl
Read More
Article

Threat Hunting Methodologies

Introduction Threat hunting is a proactive and iterative approach to detecting threats. It falls under the active defense category of cybersecurity since it
Read More
Article

Threat hunting: IOCs and artifacts

Unusual behavior of information technology assets within an organization may be a hint that the organization is undergoing a cyberattack. Threat-hunting team
Read More
Article

How to Become a Threat Hunter

Introduction A cyberthreat can be defined as any adversary with three basic characteristics: the intent, capability and opportunity to do harm. While a tradi
Read More
Article

Threat-Hunting Process

Introduction Consider this: No system is absolutely protected from cyberthreats. Even in the case where the best, most recent and effective security solutio
Read More
Article

The Ultimate Guide to Threat Hunting

Introduction At its essence, cyberthreat hunting can be quite similar to real-world hunting. It requires a uniquely skilled professional possessed of consid
Read More
Article

Top 5 (deliberately) vulnerable web applications to practice your skills on

The OWASP Top 10 includes the top 10 vulnerabilities which are followed worldwide by security researchers and developers. You must have heard or used lots of
Read More
Article

Women in Cybersecurity: More Credentials, Less Pay & Even Fewer Opportunities

It’s Time for Change Roughly 70 years ago, the U.S. civilian labor force was just 29% female. Huge strides have been made in education and workforce partici
Read More
Article

The Gaming Industry: A Privileged Target for Crooks — The Fortnite Case

Introduction In the past, we've reported many cases of cyberattacks against companies operating in the gaming industry. We observed many attacks, especially
Read More
Article

Spam vs. phishing: Definitions, overview & examples

Spam is usually defined as unsolicited commercial e-mail, often from someone trying to sell something. Spammers are not generally trying to get sensitive inf
Read More
Article

How to Get Your Employer to Pay for Your IT Security Training — 10 Steps

Introduction “Who’s paying for this?” It’s an age-old question, and while it didn’t start with information technology, it certainly seems to be one of the mo
Read More
Article

BabaYaga and the Rise of Malware-Destroying Malware

1. Introduction The team working behind Wordfence (a security plugin for WordPress websites) discovered a new type of malware called BabaYaga. It bears the n
Read More
Article

BSides Vancouver: 2018 Walkthrough

In this article, we will learn to solve a Capture the Flag (CTF) challenge which was posted on VulnHub by "Abatchy." This CTF is a part of BSides Vancouver s
Read More
Article

Can you spot the phishing scams in 3 of our most popular templates?

In a Webroot study of 600 IT decision makers, phishing attacks leapfrog from the number three spot in 2017 to the number one breach concern among organizatio
Read More
Article

All about SamSam Ransomware

Ransomware: Perhaps Today's No.1 Security Threat Threatening and Risky for you and fruitful for hackers, ransomware has taken over as today's no. 1 security
Read More
Article

Five techniques to bypass Office 365 protections used in real phishing campaigns

In the last couple of years, crooks devised several techniques to bypass anti-phishing filters, let's analyze them to understand the way threat actors used t
Read More
Article

Detecting Data Breaches with Honeywords

Introduction Data breaches and security issues related to information leakage are a subject that has been making headlines in recent times. When a data breac
Read More