Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Simple yet Effective Methods to Solve Java Security Issues

It is true that Java cannot take credit in being among the safest options to use online, due to the vulnerabilities that emerge within its applications on a
Read More
Article

Aggressive Chinese IP Highlights Attribution Issues

Recently, the Norse DarkWolf Labs noted that the IP address 218.77.79.43 had jumped into the top quadrant for malicious activity. Investigation into the acti
Read More
Article

Android Application hacking with Insecure Bank Part 1

In this article series, we will learn at the various concepts of Android application security while exploiting a vulnerable app InsecureBankv2. We will be lo
Read More
Article

Foreign Hackers Constantly Target US Critical Infrastructure

US critical infrastructure under attack US authorities are warning companies operating in every industry of a significant increase in the number of cyber att
Read More
Article

Penetration Testing Methodology for Web Applications

Establishing a penetration testing methodology is becoming increasingly important when considering data security in web applications. The more we come to rel
Read More
Article

The Windows Kerberos Vulnerability: What You Need to Know

A mythological three-headed dog was supposed to guard the gates of Redmond. But it turns out that Kerberos was very poorly implemented in numerous versions o
Read More
Article

The dos and don’ts of sharing sensitive business data

All businesses handle sensitive data of one kind or another. Whether this is confidential client information, financial details, or even employee addresses,
Read More
Article

Maximizing SSH Security Service in the Cloud

SSH service running on port 22 is one of the most widely used services on the Internet. There are numerous reasons for its widespread use, among which is dir
Read More
Article

Understanding Disk Encryption on Android and iOS

Introduction Mobile devices these days handle lots of sensitive information – messages, photos, contacts and more. The question about how this data is stored
Read More
Article

Malware Threat Assessment Template for Financial Institutions

Financial institutions conducting online brokerage, alternative payments, Internet banking and other similar activities have been facing a growing number of
Read More
Article

All about AGDLP group scope for active directory - account, global, domain local, permissions

Lately I've gotten a few questions from prospective clients about AD security group scope. I wanted to take a minute to give an overview of what group scopes
Read More
Article

What Apple Knows about Us

Introduction Every day, we share information about us or what we do on the Internet, and our information is targeted by multinational companies in order to b
Read More
Article

StingRay Technology: How Government Tracks Cellular Devices

StingRay Technology StingRay is an IMSI-catcher (International Mobile Subscriber Identity) designed and commercialized by the Harris Corporation. The cellula
Read More
Article

How to Test the Security of IoT Smart Devices

Just when we thought we had our applications secured, they pull us back in. No, this isn't a case of directory traversal bugs reappearing in IIS, access bugs
Read More
Article

Online Defamation Cases - Part II

Introduction We all know how important it is nowadays to have a clean online record, almost as important as having no previous criminal offences. That is why
Read More
Article

Online Defamation Cases - Part I

Introduction We all know how important it is nowadays to have a clean online record, almost as important as having no previous criminal offences. That is why
Read More
Article

Acceptable Use Policy Template for User Level Passwords

As technology radically shapes the working environment of users across the globe, we are also responsible for keeping up with the security trends to avoid da
Read More
Article

Checklist for Next Gen Firewalls

Due to the ever-changing threat landscape, a few security products such as firewalls, IDS/IPS, etc. are becoming obsolete because of the older technologies b
Read More
Article

Practical shellshock exploitation – part two

Topics Covered Background Prerequisites Configuring SSH server Adding a new user Creating authorized keys for a specific client Adding au
Read More
Article

Practical Shellshock exploitation – Part 1

Topics covered Introduction What is Shellshock? When can it be exploited? How to check if you are vulnerable Checking your bash version
Read More
Article

iOS Application Security Part 36 - Bypassing certificate pinning using SSL Kill switch

In this article, we will look at how we can analyze network traffic for applications that use certificate pinning. One of the best definitions I found of cer
Read More
Article

DDoS Security Policy Template to Prevent Massive Attacks

It sounds like the 90s sci-fi horror thriller, "Tremors". Unfortunately, today, it could easily be a headline from the recent space of distributed-denial-of-
Read More
Article

What is Online Defamation /a.k.a. Cyber Libel/ and How it Pertains to some Contemporary Legal Systems

Preface: Balancing Freedom of Expression and Reputation Protection [pkadzone zone="main_top"] The right to freedom of expression – is there a better way to b
Read More
Article

NAT-PMP Vulnerability

In this article we will learn about the latest NAT-PMP vulnerability being discovered, which will affect around 1.2 billion SOHO routers worldwide. What is a
Read More