Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Wifite walkthrough part 2

In this article, we will look at cracking access points using WPA-PSK or WPA2-PSK using Wifite. If you have used tools like airodump-ng, aircrack-ng etc t
Read More
Article

Hacking ATMs: The New Wave of Malware

Introduction In recent weeks, security experts at Kaspersky Lab have observed several attacks on Automated Teller Machines (ATMs) which were infected by malw
Read More
Article

Protecting WordPress Installations in an IaaS Environment

Introduction In this article we're going to take a look at how to secure a WordPress installation against attackers in an IaaS virtual machine. Virtual machi
Read More
Article

End of SSL with POODLE

In this article we will learn about the how SSL has reaches its end with various vulnerabilities. This article will also cover the recent vulnerability disco
Read More
Article

Wifite walkthrough part 1

In this article series, we will look at a tool named Wifite suitable for automated auditing of wireless networks. Most of you who have experience in wireless
Read More
Article

Information Security of Nanorobots

1. Introduction The year is 2045. A 31-year-old woman is brought to the hospital complainingof headaches and fever. The doctors identify a species of equine
Read More
Article

The Importance of an Online Encryption Policy within an Organization

Benjamin Franklin once said, "If you fail to plan, you plan to fail." This quote summarizes the importance of online encryption policy and hands-on implement
Read More
Article

Evolution of 3D Printing Technology Raises Security Concerns

Introduction Also known as the term additive manufacturing (AM), 3D printing is a process for making a three-dimensional object of almost any shape starting
Read More
Article

Sharkfest 2013: Part II

In the first part of our article we solved the first three challenges, so in this article we will continue with rest of the challenges. CHALLENGE #4: OUCH![p
Read More
Article

Microsoft DirectAccess

In this article we will learn about a very famous security product of Microsoft known as Microsoft Direct Access. It is a product built over an old security
Read More
Article

Sharkfest 2013

The sharkfest challenge was organized by Wireshark University. There are seven challenges related to the trace files analysis. In each challenge, there are
Read More
Article

Flick Challenge

Here is another interesting challenge we are going to solve. The vulnerable machine name is Flick. As usual, we started the game by hosting the image in a v
Read More
Article

Pricing Policies in the Cyber Criminal Underground

Introduction Underground markets are places on the Internet where criminal gangs offer a wide range of illegal products and services. Black markets are crowd
Read More
Article

IT Security Policies Should Include a Physical Security Policy

We live in a world that's becoming ever more dependent on the various digital products at our disposal. From the average man on the street making purchases o
Read More
Article

Mobile Developer Salary

The world of mobile is taking over desktop applications, and mobile development and people who understand mobile design and architecture are in demand. Mobil
Read More
Article

Windows Resource Protection

In this article, we will learn about a not-so-well known but a very useful security feature in Windows: Windows Resource Protection. This feature can help a
Read More
Article

Shellshock [CVE-2014-6271]: Another Attack Vector - Bluffing IPS/IDS Sensors With Python Crafted Pkts

While a lot of online websites and blogs are explaining the vulnerability damage, providing PoC scripts and repetitive information, here we will look into an
Read More
Article

Why email puts your business data at risk, and what to do about it

In spite of the abundant availability of enterprise software designed to help businesses be more productive, cost-effective, and security conscious, most bus
Read More
Article

The importance of an effective VPN remote access policy

With the number of employees telecommuting, traveling often or working remotely on the rise, the conventional corporate security model is undergoing a major
Read More
Article

SAML, OAuth, OpenID

Introduction In this article, we are going to see what are federation, single sign-on, and three federated identity standards, namely Security Assertion and
Read More
Article

Troll Challenge

Just found an interesting vulnerable machine named Troll. It sounds like the machine will troll the attacker. We booted up the machine in Virtual Box and fi
Read More
Article

Steganalysis: your X-Ray vision through hidden data

Steganography is often mistaken with cryptography, but they are very different in their operations. The major similarity between them is they were coined
Read More
Article

Exploiting and verifying shellshock: CVE-2014-6271

The Bash Bug vulnerability (CVE-2014-6271) A new critical vulnerability, remotely exploitable, dubbed "Bash Bug", is threatening billions of machines all ov
Read More
Article

To Reduce Risk, De-emphasize “C” and Focus on “G”

By their nature, business endeavors involve various elements of risk. These elements may include technological, commercial, legal, financial, and environment
Read More