Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Padding oracle attack

Firstly, this vulnerability is not related to the Oracle database or the Oracle Company in any way. In cryptography, an 'oracle' is a system that performs cr
Read More
Article

iSCSI Security Considerations in the Cloud

Introduction to SCSI The SCSI (Small Computer System Interface) defines a way to exchange data between a computer and its peripheral devices, like a hard dri
Read More
Article

Pafish (Paranoid Fish)

Introduction In this tutorial we'll take a look at a Pafish tool, which performs anti debugger/vm/sandbox tricks to detect whether the malware is being execu
Read More
Article

Explaining cyberterrorism

Introduction People feel endangered by cyberterrorists, and this topic has raised an alarm in many societies. Many experts in the IT field and many political
Read More
Article

Configuring the ModSecurity Firewall with OWASP Rules

In today's world, over 70% of all attacks carried out over are done so at the web application level, so we need to implement security at multiple levels, as
Read More
Article

File integrity monitoring (FIM) and PCI-DSS

In this article, we will learn about the requirement of file integrity monitoring in PCI-DSS (Payment Card Industry Data Security Standard). If we talk about
Read More
Article

Computer Forensics with P2 Commander

Introduction Computer Forensics is the methodical series of procedures and techniques used for procuring evidence from computer systems and storage media.
Read More
Article

DragonFly, Cosmic Duke and Pitty Tiger: From State-Sponsored Espionage to Campaign of Independent APTs

Introduction Cyber espionage is one of the most aggressive cyber threats for private companies and government entities. In recent years, the number of cyber
Read More
Article

Honey Encryption

Current Scenario In today's world, cyber criminals often use software to brute force passwords, and some may lead to successful attacks. Since there are many
Read More
Article

Windows Cryptography API

Microsoft Windows provides a sleek API for cryptographic purposes. It is a generic interface for accessing cryptographic services provided by Microsoft Windo
Read More
Article

Advanced sqlmap

sqlmap is an attack tool which can be effectively used to perform SQL injection attacks and post exploitation acts. It is a versatile tool when it comes to S
Read More
Article

Data loss prevention (DLP) strategy guide

In this article, we'll learn about the concept of data loss prevention: why it is needed, what are the different types of DLP and its modes of operations, wh
Read More
Article

Insecure local storage: Shared preferences

In the previous article, we discussed the common techniques of how application developers check for a rooted device and then how an attacker can bypass some
Read More
Article

Islamic State of Iraq and Syria (ISIS) a Global Threat: Analysis of the Effects on Cyberspace of the Iraqi Situation

What is ISIS and why it is menacing the world? The Islamic State of Iraq and Syria and Islamic State of Iraq and al-Sham, also known as ISIS, is an unrecogni
Read More
Article

Root detection and evasion

In this article, we will look at the techniques being used by Android developers to detect if a device on which the app is running is rooted or not. There ar
Read More
Article

Why Passwords Won’t Die

"What I would really love to be able to do is to kill the password dead," said White House cybersecurity coordinator Michael Daniel recently. A simple and un
Read More
Article

How Russia Controls the Internet

Russia and Internet Freedom The Russian government is increasing its pressure on social media. Many experts maintain that the population is suffering a serio
Read More
Article

Public Key Infrastructure (PKI) in the Cloud

As the adoption of various forms of cloud models (i.e. public, private, and hybrid) in various industry verticals are increasing, the cloud buzzword is on a
Read More
Article

Key Elements of an E-mail Retention Policy

1. What is an E-mail Retention Policy? Simply put, an e-mail retention policy/ERP is the process of keeping emails for compliance or business reasons. It dif
Read More
Article

Extending Debuggers

Sometimes we come across situations when we are in need of doing something inside our debuggers or to extend the functionality of them. For such things, debu
Read More
Article

Network Time Protocol (NTP): Threats and countermeasures

In this article I am going to illustrate how NTP is vulnerable to attacks like replay-delay attacks, MITM, and a very recent attack termed as NTP DDoS (which
Read More
Article

Data Access Governance: Security's Biggest Unaddressed To-Do

If you are like me, there are many things you can check off your to-do list every day. However, if you are really like me, then there are some things which s
Read More
Article

Domain Generation Algorithm (DGA)

Introduction We all know there have been (and still is) a lot of malware lurking around the Internet. It's quite usual today that once the victims get infect
Read More
Article

What you must know about OS fingerprinting

For those of us in the information technology field, there are two reasons why we should understand operating system fingerprinting. The first reason is t
Read More