Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

MyPublicWiFi – A Windows Utility to manage ICS

Overview: Internet Connection Sharing (ICS), a feature which has been available in Microsoft Windows Operating System since the deployment of Windows 98 seco
Read More
Article

6 Days Lab 1.1 CTF Walkthrough

In this article, we will attempt to complete another Capture the Flag (CTF) challenge which was posted on the VulnHub website by "CanYouPwn.Me." Vulnhub.com
Read More
Article

Business Email Compromise (BEC): How To Avoid CEO Fraud

Introduction Phishers, especially the type that specialize in high-level CEO fraud, are often large criminal organizations with expertise in exploiting open
Read More
Article

Use of Various Windows Utilities to Manage ICS Processes

Introduction Target Audience: Operational Technology (OT) operators of industrial control systems (ICS) that do not have information technology (IT) training
Read More
Article

Differences between Security+ SYO-401 and SYO-501 exams [DECOMMISSIONED ARTICLE]

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Read More
Article

5 Business Email Compromise Attack Examples We Can Learn From

  Business email compromise (BEC) is a type of phishing scheme where the cyber attacker impersonates a high-level executive (CIO, CEO, CFO, etc.) and at
Read More
Article

How to Prevent BEC with Security Awareness Training

Introduction The crime of business email compromise (BEC), which targets a business to facilitate financial theft, is expected to cost business more than $9
Read More
Article

Tools and resources to prepare for a hacker CTF competition or challenge

CTF or Capture the Flag is a traditional competition or war game in any hacker conferences like DEFCON, ROOTCON, HITB and some hackathons. CTF games are usua
Read More
Article

Kali reporting tools

Penetration testing report is the key deliverable in any security assessment activity. In Penetration testing, the final deliverable is the report which show
Read More
Article

Top 10 Open-Source Security Tools Released by Tech Giants

We have always wondered how tech giants have been able to keep their security so tight? Do they use the same tools that are available for the rest of us? Alt
Read More
Article

Guiding principles in information security

 A principle which is a core requirement of information security for the safe utilization, flow, and storage of information is the CIA triad. CIA stands for
Read More
Article

Inspeckage: Dynamic Assessment Tool for Android

If you are pen-testing Android applications, you will need to monitor/check many things at the same time. While doing dynamic analysis, one must take care of
Read More
Article

Tiredful API Part Two

This is the 2nd part of the solving Tiredful-API series. I hope you have gone through the 1st part. If not, please go through it. Tiredful Challenges and Sol
Read More
Article

ZLAB MALWARE ANALYSIS REPORT: RANSOMWARE-AS-A-SERVICE PLATFORMS

Introduction Over the years, the diffusion of darknets has created new illegal business models. Along with classic illegal goods such as drugs and payment c
Read More
Article

Tiredful API Part One

In this post, I will explain how to solve Tiredful-API. Let's start. What is TIREDFUL-API TIREDFUL-API is an intentionally designed broken web application ba
Read More
Article

The Ultimate Guide to EC-Council Certifications: Overview & Career Paths

Of the top ten most valuable companies, four of them are in technology and the rest are based on technology. Out of this explosion of tech and the digitizati
Read More
Article

Android exploitation with Kali

In this tutorial, we shall see how to create an apk file using the tools offered by Kali Linux. Kali Linux is a Linux distro with a preset of hacking tools a
Read More
Article

Free & open source rootkit and malware detection tools

A lot of sniffers, rootkits, botnets, backdoor shells and malwares are still on the wild today, which are used by malicious attackers after successfully pawn
Read More
Article

2017 OWASP A8 Update: Insecure Deserialization

Introduction 2017 saw a new addition to the Open Web Application Security Project’s (OWASP) Top Ten list of web application vulnerabilities — insecure deseri
Read More
Article

2017 OWASP A7 Update: Cross-Site Scripting

Introduction For the past 15 years, the Open Web Application Security Project (OWASP) has helped organizations develop, purchase, and maintain trusted applic
Read More
Article

How Secure Wire Transfer Procedures Can Prevent Business Email Compromise

Introduction Formerly known as the “man in the email attack,” business email compromise (BEC) is a scam that takes control of a senior employee’s email acco
Read More
Article

How Business Email Compromise Attacks Work: A Detailed Case Study

  Business email compromise (BEC) attacks are widespread and growing in frequency. Due to their simplicity and effectiveness, BEC will continue to be on
Read More
Article

5 real-world examples of business email compromise

Business email compromise (BEC) is a type of phishing scheme where the cyber attacker impersonates a high-level executive (CIO, CEO, CFO, etc.) and attempts
Read More
Article

Android vs. iOS Mobile App Penetration Testing

  The adoption rate of smartphones has exploded in recent years. The two dominant smartphone operating systems (OS) of today are the Android OS develope
Read More