Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Building Cryptographically Secure Cloud Applications

1. Introduction to the Problem Crypton is an open-source project provided by SpiderOak with the purpose of solving privacy and security problems through clou
Read More
Article

Approaches to Information Gathering in Physical Penetration Testing - Part I: Gathering Information via Photography

1. Introduction The first phase of an attack, and in a security assessment, is to gather as much data on the target as possible. It is actually considered on
Read More
Article

The Future is Now: Car Hacking

Preface: "Modern Cars" As Dr. Charlie Miller & Chris Valasek stated in their research paper Adventures in Automotive Networks and Control Units, "Automob
Read More
Article

Notes On Biometric Template Security

In this article I am going to tell you about biometric template security and current technologies in which researchers are working to improve biometric templ
Read More
Article

Xerxes Challenge

In this article we are going to solve another challenge of Xerxes. Xerxes is historically known as a god king, but here Xerxes is a vulnerable machine and o
Read More
Article

Crimea – The Russian Cyber Strategy to Hit Ukraine

Introduction The year 2014 started with a diplomatic crisis in Crimes and Ukraine. The tension rose just after the 2014 Ukrainian revolution, in which the go
Read More
Article

IOS Application Security Part 30 - Attacking URL schemes

In this article, we will look at how we can use a feature in iOS named url schemes to exploit an application. URL schemes are used by applications to communi
Read More
Article

A Guide to Debugging Android Binaries

In this paper, I'll describe how to start reverse code engineering in Android devices. In this tutorial, you'll learn: Installation & configuration of A
Read More
Article

Applied SSL in Dot NET - Volume 2 –Installation, Testing

The first volume of this series addressed the hypothesis of the secure socket layer (SSL) in the context of .NET based websites. We have obtained a thorough
Read More
Article

The Top 8 Ways That Privileged Accounts Are Exploited

Over the last six months the name Edward Snowden has been appearing in the news on an almost daily basis. He has appeared in articles about the US government
Read More
Article

SSL in Dot NET – Volume 1 - Hypothesis

Abstract Typically, Internet banking and e-commerce websites are considered to be highly secure, with web mechanisms that implement more foolproof solutions
Read More
Article

Kernel debugging with Qemu and WinDbg

If you're used WinDbg before, you might already know that you can debug the whole Windows operating system with it. To do that, you must have two Windows ope
Read More
Article

Car Hacking: You Cannot Have Safety without Security

Introduction The theme of the car hacking is increasingly discussed by the media and within the security community. At one time, the exploits of hackers that
Read More
Article

Shared Folders with Samba and Qemu

In this tutorial we'll take a look at how we can install and configure the Samba server on a host operating system to create a shared folder, which the guest
Read More
Article

Testing Hooks via the Windows Debugger – An Introduction to RevEngX

RevEngX RevEngX is a freely available extension for the Debugging Tools for Windows. It offers several new commands to simplify the work of reverse engineeri
Read More
Article

OpenVPN

Introduction In this tutorial we'll talk about OpenVPN client connection settings, which come in handy when the connection to the OpenVPN server does not wor
Read More
Article

Securing Cloud-Based Applications with Docker

Introduction to Docker In this article, we'll first introduce Docker and try to explain how it works. After setting the stage, we'll simulate the file upload
Read More
Article

Getting started with Damn Vulnerable iOS Application

In this article, I will write about how to get started with Damn Vulnerable iOS Application. Damn Vulnerable iOS App (DVIA) is an iOS application that I wrot
Read More
Article

How to Perform a Safe Password Analysis

It's one of the most exciting moments in a security researcher's work: while looking through an obscure log file, you see strings like "James1984" and "Secur
Read More
Article

Lights and shadows on the capabilities of the NSA

Introduction The documents leaked by Edward Snowden revealed to the world the amazing spying machine built by US intelligence, its capabilities appears virtu
Read More
Article

Common Linux Misconfigurations

Over the numerous configuration reviews and pentest engagements that we have performed for our clients, we’ve observed a common pattern in the configuration
Read More
Article

Top 10 Common Misconceptions About Application Whitelisting

Application Whitelisting is a technology that has been in use in the security world for quite a long time. For those who may not already be familiar with AWL
Read More
Article

The Importance of Session Regeneration

1. Introduction Users of web applications are recognized by session IDs. That's why it's obvious that session management is an important subject. Session man
Read More
Article

Ten Important Privacy Threats

1. Introduction As the Internet becomes more and more important to our lives, the challenge is to enjoy the conveniences of online activities while reducing
Read More