Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Evolution of Banking Malwares, Part 1

Introduction Why are malware authors so interested in banking malware? Simply because this is where the money is! Nowadays, banking malware, specifically ban
Read More
Article

2015 Security Predictions: The Rise of Hacking Campaigns

Introduction With just a few days until the end of 2014, it's time to analyze what's happened in the last twelve months. I would like to analyze with you the
Read More
Article

Fast Flux Networks Working and Detection, Part 2

With the assumption that readers have read Part 1 of this topic, this article will contain the other part of this article, i.e. what benefits an attacker get
Read More
Article

Pattern-Based Approach for In-Memory ShellCodes Detection

Introduction During an analysis, it can be really useful to know some common instructions with which malware, and more specifically shellcodes, achieve their
Read More
Article

Cloud VPN Security Recommendations

Introduction A VPN (Virtual Private Network) enables connections between clients and servers from multiple different internal networks across a public networ
Read More
Article

Breaking Software Protection - RSA

Introduction Hopefully you are familiar with Assembly language and have some little knowledge on how to use reverse engineering tools such as Debuggers, Disa
Read More
Article

New Developments in Net Neutrality

Introduction Years of discussion on the right to have a free and open Internet have not yet solved the matter, and the issue is still a subject of heated deb
Read More
Article

Cracking Android App Binaries

In this article, we will see how a developer can perform basic checks to programmatically detect if the app is running on an emulator and stop executing the
Read More
Article

Fast Flux Networks Working and Detection, Part 1

Introduction In this series of articles, we will learn about a not-so-new type of attack, but one of the most difficult attacks to control. Yes, we will lean
Read More
Article

User Behavior Modeling with Mobile Device Sensors

Introduction The rapid diffusion of mobile technology and the convergence of numerous services that use the paradigms, including social networking, cloud com
Read More
Article

Legality of Jailbreaking Mobile Phones

1. Introduction The term "jailbreaking" refers to circumventing security measures of a mobile operating system with the aim to install unauthorized software.
Read More
Article

Broken cryptography

In this article, we will discuss broken cryptography in Android applications. Broken cryptography attacks come into the picture when an app developer wants t
Read More
Article

The Importance of POS Threat Analysis for the Retail Sector

The rising intensity of POS threats has created a precarious environment for retailers looking to protect their customers' financial and personal data. POS s
Read More
Article

Website Hacking Part V

Introduction In this part of the Website Hacking series we are going to take a look at how to minimize damages from XSS attacks considering our web applicati
Read More
Article

File inclusion attacks

A file inclusion vulnerability allows an attacker to access unauthorized or sensitive files available on the web server or to execute malicious files on the
Read More
Article

Cyber attack on Sony Pictures is much more than a data breach - updated

Sony Pictures corporate network compromised by a major cyber attack At the end of November, computer systems at the corporate network of Sony Pictures were
Read More
Article

Privacy risks of beacons

On October 6th 2014, buzzfeed.com published a report stating that Titan, a company controlling a number of New York City's phone booth advertising displays,
Read More
Article

Windows Azure Platform

In Depth The software industry is relentlessly moving toward centralized computing. Due to this trend, software and data are being taken away from convention
Read More
Article

How to Stop DNS Hijacking

You have (probably more than once in your life) keyed in a familiar domain name and ended up in an entirely different page that was not even close to what yo
Read More
Article

Avoiding mod security false positives with white-listing

We have already discussed in my previous articles how to configure Mod Security Firewall with OWASP rules and also analysed the different types of logs which
Read More
Article

WebSocket security issues

In this article, we will dive into the concept of WebSocket introduced in HTML 5, security issues around the WebSocket model, and the best practices that sho
Read More
Article

A physical security policy can save your company thousands of dollars

Investments in cybersecurity and physical security are proportionally connected to your organization's improved financial picture for a long-term perspective
Read More
Article

Examining Android App Specific Data on Non-Rooted Devices

In all of our previous articles so far in this series, we discussed all the examples only on rooted devices and emulators. Generally, there are people who ar
Read More
Article

Regin: State-Sponsored Malware or Cybercrime?

Regin, a highly advanced spying tool A few weeks ago, Symantec security firm published the results of its investigation on the backdoor Regin, a highly advan
Read More