Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Reverse Engineering with Reflector

Abstract We have already got the taste of reverse engineering with Reflector in the previous paper. It was basically a kick-start about this dissembling tool
Read More
Article

Android application security testing guide: Part 1

Android is a Linux kernel mobile platform that has been popular throughout its existence on a huge variety of devices, especially mobile smartphones. Most or
Read More
Article

Applied Reverse Engineering with IDA Pro

This editorial is committed to subverting the essential security restriction mechanisms of a native binary executable by employing the IDA Pro Dissembler. Th
Read More
Article

NSA Backdoor Part 2, BULLDOZER: And, Learn How to DIY a NSA Hardware Implant

This article is the second part of a series on NSA BIOS Backdoor internals. This part focuses on BULLDOZER, a hardware implant acting as malware dropper and
Read More
Article

Injecting spyware in an EXE (code injection)

Implanting malicious code in the form of spyware to an existing running process is one of the more sophisticated tasks. Before the advent of disassembler or
Read More
Article

Malvertising: A Growing Threat at the Start of 2014

Word Meaning The term "malvertising" is coined through the combination of two words – "malware" (i.e., "malicious software") and "advertising."[pkadzone zone
Read More
Article

Recycle bin forensics

An icon on the Windows desktop represents a directory in which deleted files are temporarily stored. This enables you to retrieve files that you may have acc
Read More
Article

Limiting Automated Access

Automated tools are used to carry out many security attacks to online services. There are different protection mechanisms to narrow down such attacks and one
Read More
Article

Malware-based Attacks Against POS Systems

Introduction A sequence of data breaches suffered by principal US retailers Target and Neiman Marcus has put Americans on alert. A total of more than a hundr
Read More
Article

The Debate Over Network Neutrality in the EU and the USA

1. Introduction Network neutrality (also known as net neutrality or Internet neutrality) refers to a general principle that Internet service providers (ISPs)
Read More
Article

Manual Web Application Penetration Testing – Suffix & Prefix in Fuzzing

Introduction In this series of articles, last time we talked about fuzzing and various SQL statement special characters which can be used in fuzzing a web ap
Read More
Article

Skype Forensics

Skype is an application that enables voice and video calls, instant messaging, file transfers, and screen sharing between users. Millions of people download
Read More
Article

Privacy Implications of Automatic License Plate Recognition Technology

ALPR – Technical Specifications The majority of ALPR devices are mounted on bridges, road signs, and poles near traffic lights or outside public buildings
Read More
Article

C# Compiler Development

Introduction This article elaborates the complete life cycle of making a custom interactive C# compiler, much like one of an existing CSC.exe. It is hard to
Read More
Article

RansomWar(e)

There is a notable upsurge in the number of ransomware attacks in the past couple of months, and undoubtedly the emergence of the CryptoLocker ransomware is
Read More
Article

Hidden Phishing Threats

By now, the risks associated with phishing are well-known and well-documented. What is often misunderstood or overlooked is a hidden threat related to phishi
Read More
Article

When APTs Attack

Countless organizations have fallen prey to cyber attacks - from high profile retailers to enterprises and government agencies. Some attacks have been high p
Read More
Article

Android App Permissions and Security: What You Need to Know

As of this article, Android has the greatest OS market share on both smartphones and tablets. If you don't own an Android device, chances are that your frien
Read More
Article

Hack I-Bank Pro

In this article we are going to see some major vulnerabilities typical of a remote banking application. We found an interesting vulnerable machine created b
Read More
Article

How to Plan a Social Engineering Assessment

A social engineering assessment is a very valuable tool in understanding the security exposure of most organizations. Since human beings tend to be the weake
Read More
Article

Hacking android apps using backup techniques

In the previous article, we had an introduction on how to analyze Android application-specific data using Android backup techniques. This article builds on t
Read More
Article

Java bytecode reverse engineering

This article is designed to show how to crack a Java executable by disassembling the corresponding bytes code. Disassembling Java bytecode is the act of tran
Read More
Article

Manually Web Application Penetration Testing: Fuzzing

Introduction When we test a web application, we do not test a single page, but a lot of pages of a single web application. Each page may have more than one v
Read More
Article

IOS Application Security Part 29 - Insecure or Broken Cryptography

In this article we will look at an example of Insecure or Broken Cryptography which is a common vulnerability found in most IOS applications. This vulnerabil
Read More