Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Debugging Java Applications Using JDB

This article walks the readers through debugging Java programs using a command line tool called JDB. Though this article doesn't touch Android concepts, this
Read More
Article

2013 Data Breaches: All You Need to Know

Introduction: Statistics 2013 may be remembered as the "year of the retailer breach". This statement was reported in the last Verizon Data Breach Investigati
Read More
Article

Exploiting Windows 2003 server reverse shell

This paper is intended to explain several Metasploit approaches to exploit the vulnerable Windows 2003 server operating system, especially through msfconsole
Read More
Article

Encrypted code reverse engineering: Bypassing obfuscation

Obfuscation is a distinctive mechanism equivalent to hiding, often applied by security developers, to harden or protect the source code (which is deemed as i
Read More
Article

Public Key Cryptography and PuTTYgen – Program for Generating Private and Public Keys

In today's electronic world where everything is done online, "trust" is hard to come by. Conversations can be snooped on, credit card numbers can be stolen,
Read More
Article

Cloud-Based File Sharing Websites: A Data Security Disaster Waiting to Happen?

Have you ever stopped to consider the sensitivity and potential value of the information you have distributed using the many widely available file sharing we
Read More
Article

iOS Application Security Part 34 - Tracing Method calls using Logify

In the previous articles, we have seen how applications like Snoop-it can trace method calls specific to the application at runtime. This is very important i
Read More
Article

Fool the Network Hunters (Hackers)

Portspoof is meant to be a lightweight, fast, portable, and secure addition to any firewall system or security system. The general goal of the program is to
Read More
Article

Exploiting unintended data leakage (side channel data leakage)

In the previous articles, we discussed attacks associated with activity components, content providers, broadcast receivers, and ways to secure them. In this
Read More
Article

Securing IIS Server Checklists

Abstract This paper is designed to demonstrate the common IIS web server security specifications in the form of a checklist that aids web masters or penetrat
Read More
Article

Hacking Implantable Medical Devices

Preface: Modern Medical Devices and their Software Contemporary healthcare relies heavily on medical devices to help patients lead normal and healthy lives.
Read More
Article

David & Goliath – Winning Strategies in Cyber Warfare

Fortunately fashion is not key to helping us win the Cyber-War because sartorial elegance has never been a strong suit of the IT profession, but David and Go
Read More
Article

Privacy and Security Issues for the Usage of Civil Drones

In December, Amazon.com, the world's largest online retailer, announced that it is testing unmanned drones to deliver products ordered by its customers. The
Read More
Article

Remote access tool

Remote Access Tool is a piece of software used to remotely access or control a computer. This tool can be used legitimately by system administrators for acce
Read More
Article

Android hacking and security, part 3: Exploiting broadcast receivers

In the first two articles, we discussed attacks associated with Activity Components, content provider leakage and ways to secure them. In this article, we wi
Read More
Article

Buffer Overflow Attack & Defense

Abstract This paper attempts to explain one of the critical buffer overflow vulnerabilities and its detection approaches that check the referenced buffers at
Read More
Article

API hooking

API hooking is a technique by which we can instrument and modify the behavior and flow of API calls. API hooking can be done using various methods on Windows
Read More
Article

iOS Application Security Part 33 - Writing tweaks using Theos (Cydia Substrate)

In some of the previous articles in this series, we have looked at how we can modify the behaviour of an application by patching it using IDA Pro, Hopper etc
Read More
Article

Invoking Assembly Code in C#

Abstract This article explains the techniques of inline Assembly programming by linking or invoking the CPU-dependent Native Assembly 32-bit code to C#.NET m
Read More
Article

Human-implanted RFID chips

In 1945, Léon Theremin, a Russian inventor, invented one of the first covert listening devices, also known as "bugs." The device was a predecessor of the Rad
Read More
Article

Information Security Policies

Organisations are giving more priority to development of information security policies, as protecting their assets is one of the prominent things that needs
Read More
Article

Murdering Dexter

In this article we are going to solve a Bot challenge. The name of the bot is Dexter and the vulnerable VM which we are going to use is created by Brian Wal
Read More
Article

Virtualization and Cloud Computing

In cloud computing, there are a number of components used to build the cloud infrastructure. At the lowest layer there are actual hardware components like se
Read More
Article

Information gathering using Metasploit

Your goals during information gathering should be to gain accurate information about your targets without revealing your presence or your intentions, to lear
Read More