Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Legality of Electronic Signatures in the EU and the US

1. Introduction Electronic signatures were used for the first time in 1861 when agreements were signed by telegraphy using Morse code. In 1869, the New Hamps
Read More
Article

Cryptography Fundamentals, Part 5 – Certificate Authentication

Certificate Authentication Here's how to verify that the certificate is from the original sender with GnuPG. [download]Download the Cryptography Fundamentals
Read More
Article

Cryptography Fundamentals, Part 4 – PKI

PKI PKI (public key infrastructure) is a hybrid of symmetric and asymmetric encryption. The handshake uses asymmetric encryption to exchange the secret key
Read More
Article

Cryptography fundamentals, part three - Hashing

Hashing A hash value, also called a message digest, is a number generated from a string of text. As per the hash definition, no two different texts should p
Read More
Article

Cryptography Fundamentals, Part 2 – Encryption

Encryption These are the main types of encryption. Symmetric Encryption: A single key is used to encrypt and decrypt the message sent between two parties. Sy
Read More
Article

Cryptography Fundamentals – Part 1

Introduction In this mini-course, we will learn about various aspects of cryptography. We'll start with cryptography objectives, the need for it, various typ
Read More
Article

Setting up a pentest Lab with pfSense in virtualBox

Penetration testing requirements often force penetration testers to do both external as well as internal assessments. This article covers the concepts that a
Read More
Article

Android Application hacking with Insecure Bank Part 2

In the previous article, we looked at setting up a mobile pentesting platform for Android applications. By now, you must have set up an emulator using genymo
Read More
Article

OWASP ProActive Controls: Part 1

What is OWASP ProActive Controls? In one line, this project can be explained as "Secure Coding Practices by Developers for Developers".[pkadzone zone="main_t
Read More
Article

Dridex Downloader Analysis

Introduction Yesterday I received in my company inbox an email with an attached .xlsm file named D92724446.xlsm coming from Clare588@78-83-77-53.spectrumnet.
Read More
Article

Cyber Threat Analysis for the Aviation Industry

Cyber attacks on the aviation industry are becoming a sensitive issue. Considering that cyberspace provides a low-cost haven for carrying out a broad range o
Read More
Article

OWASP ZAP Reconnaissance – Without Permission!

How To Assess a Third Party Web Site or Cloud Service with the OWASP ZAP Attack Proxy When You Don't Have Permission to Pentest As a security professional, y
Read More
Article

Cybersecurity and Artificial Intelligence: A Dangerous Mix

Artificial Intelligence would be the biggest event in human history Artificial Intelligence explores the possibility to create intelligent systems that can r
Read More
Article

Windows Exploit Mitigation Technology – Part 2

In Part 1, we explained GS cookies and Safe SEH. If you haven't read that part, it is highly recommended to read it first. The Enhanced Mitigation Experience
Read More
Article

Data Traffic & Network Security

Introduction Last year – dubbed "the Year of the Hack" – saw numerous major cyber attacks against prominent corporations, including JP Morgan bank and Sony P
Read More
Article

PCI compliance interview questions

The payment card industry (PCI) standard is a methodology used to ensure that customer data is protected such as credit cards and store transmissions of tran
Read More
Article

Comparison of Cloud Automated Malware Analysis Tools

Cloud malware analysis services In this section, we're providing a list of cloud automated online malware analysis tools that are not available anymore due t
Read More
Article

Gh0st RAT Part 2: Packet Structure and Defense Measures

We have seen in Part 1 of this series how sophisticated Gh0st RAT is and how difficult it is to identify this attack because of the variants it comes in. In
Read More
Article

Clean up Your WordPress Site after Hack and Secure it against Future Threats

WordPress is the most popular CMS (Content Management System) available nowadays online, used by the vast majority of all sites. If you have a look at this r
Read More
Article

Current Trends in the APT World

In recent times, cybercriminals have been responsible for a number of Advanced Persistent Threat (APT) attacks. This type of cyberattack often comes from wel
Read More
Article

Carbanak Cybergang Swipes Over $1 Billion from Banks

The New York Times on the "Carbanak cybergang" On Valentine's Day, The New York Times published the news that a group of cybercriminals used a malware to ste
Read More
Article

TrueCrypt Security: Securing Yourself against Practical TrueCrypt Attacks

The need to defend confidentiality of our sensitive information against persistently rising cyber threats has turned most of us toward using encryption on a
Read More
Article

Windows Exploit Mitigation Technology – Part 1

The spree of exploits on Windows has led to the creation of a certain type of exploit protection mechanism on Windows. Protection from things like buffer ove
Read More
Article

Introduction to Smartcard Security

Introduction In 1968 and 1969, the smartcard was patented in German by Helmut Gröttrup and Jürgen Dethloff. The smartcard is simply a card with an Integrated
Read More