Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Process: Pre-Engagement

Penetration Testing involves actions that can go beyond scope to a large extent thereby presenting the need to invest more time in understanding the goals of
Read More
Article

Common malware persistence mechanisms

As we know, malware becomes stealthier by somehow achieving persistence on the exploited machine. This helps malware authors to inject/exploit once, and the
Read More
Article

The Breach of Anthem Health - the Largest Healthcare Breach in History

It was February 4, 2015, and an announcement that would shake the medical and insurance industries to their core was about to be made. Anthem, Inc., experien
Read More
Article

Building Serialized Phishing Simulation and Security Awareness Campaigns

The Science of Forming Habits As we discussed earlier, the main goal of an organizational security awareness education program is to modify the participants’
Read More
Article

Ethical hacking vs. penetration testing

History of ethical hacking It all began in the 1960s at MIT when the notion "hacker" was coined to mean someone dedicated to solving technical problems in m
Read More
Article

Why GIAC? A Suitable Choice that Meets Professional Needs

The protection of information assets is a top priority for any business or organization; this explains the growing need for experts in a number of different
Read More
Article

New Wave of Cyber-attacks on Banks

1. Introduction In the past two years, the financial world has been stunned by three major cyber-attacks on banks, namely, (1) the attack on Ecuadorian Banc
Read More
Article

Hooking and Patching Android Apps Using Cydia Substrate Extensions

Introduction: In one of the previous articles, we have discussed how to exploit debuggable applications on Android. You can find that one here. Exploiting de
Read More
Article

Ransomware: A Highly-Profitable Evolving Threat

Introduction Ransomware is considered by the security industry one of the most dangerous threats to Internet users and organizations across the world. Malwar
Read More
Article

Data sanitization for cloud storage

Any good security professional is familiar with the term Data Sanitization. This is the process of deliberately, permanently, and irreversibly removing or de
Read More
Article

Ransomware Mitigation and Prevention

Crypto ransomware continues to be a scourge on the computer security arena. Not only do these infections grab and hold end users' files hostage, but they hav
Read More
Article

Phishing: Denial of Service (DoS) Implications

A denial of service attack can be bewildering to victims. It’s like an ambush of boy scouts by a team of fully armed United States Marines. Incidents of thes
Read More
Article

Financial Losses from Phishing

The Cost of Data Breaches The cost of spear-phishing attacks in 2015 averaged more than $1.5 million per incident, with only some 3% of companies getting by
Read More
Article

Android Malware Analysis

Objective: This exercise covers the techniques to analyze Android malware by using a custom malware sample. The malware, when running on an Android device,
Read More
Article

Firmware Analysis for IoT Devices

Introduction This is the second post in the IoT Exploitation and Penetration Testing series. In this post, we are going to have a look at a key component in
Read More
Article

Phishing Simulation – How Do You Calculate Effectiveness and ROI? (Part 2 of 2)

In our first article about calculating the effectiveness and return on investment (ROI) of a phishing simulation, we discussed theoretical or model situation
Read More
Article

Metasploit Certification Overview

Metasploit, a well-known security framework, it is widely used by information security experts during the penetration testing process for developing and exec
Read More
Article

Phishing Definition, Prevention, and Examples

Phishing Definition, Prevention, and Examples Related articles in this section: [clist id="1470243405619" post="35256"] What is Phishing? Phishing is a play
Read More
Article

The Dark Web: a Paradise for Scammers

Introduction Journalists and laymen of matter believe that black markets hosted on the dark web are places where criminals can do their business in total sec
Read More
Article

Relevance of Windows EventIDs in investigation

In this article, we will take a look at important Windows Event IDs, what we normally see in logs and how different EventID can be used to construct the late
Read More
Article

Phishing Attacks in the Government and Military

Phishing Targets: Government and Military Phishing Targets by Industry: Financial Phishing Government and Military Phishing Healthcare Phishing Retail Phish
Read More
Article

Ransomware as a Service: 8 Known RaaS Threats

The rapid rise of crypto-ransomware over the past several years is undoubtedly the number one security concern that antimalware labs are yet to tackle in tan
Read More
Article

Case Study of Phishing for Data Theft/Ransom: Locky Ransomware

Phishing & Ransomware - Locky Ransomware Case Study Related Phishing Articles: [clist id="1470243405619" post="35256"] Prologue to Ransomware Ransomware
Read More
Article

Website Forgery

We visit websites in search of a desired result: information, a transaction, interaction, or some free or paid service. The natural tendency is to assume tha
Read More