Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Web Services Penetration Testing, Part 6: Fuzzing Parameters with Burp

In the previous article we discussed in what cases we might face challenges performing manual web services penetration testing and how SoapUI will help in th
Read More
Article

Reinventing Threat Intelligence

Effective threat intelligence is one major service that most companies offer to alert about the latest threats. Threat intelligence alerts about the latest t
Read More
Article

A Close Look at the NSA Monitor Catalog – Server Hacking

Introduction Summing up what happened, Der Spiegel published an internal NSA catalog that contains detailed information on spies' backdoors used by the agenc
Read More
Article

IOS Application Security Part 28 - Patching IOS Application with Hopper

In Part 26 of this series, we looked at how we can use IDA Pro and Hex Fiend to patch an IOS application and modify its implementation. Patching an applicati
Read More
Article

Dejan Kosutic on Business Continuity and Disaster Preparedness

From an organizational point of view, the concept of resilience is basically the same as the concept of business continuity: An organization’s ability to rea
Read More
Article

IOS Application Security Part 27 - Setting up a mobile pentesting environment with IOS 7 Jailbreak

In this article we will look at how we can set up a mobile pentesting platform on our device with the new IOS 7 jailbreak. There has been quite a lot of disc
Read More
Article

ECC: A Case for Mobile Encryption

Introduction: It is needless to start this article by talking about the rise of mobile devices in the last few years. We all know how smart phones have swept
Read More
Article

Buyer Beware: Your Credit Card and Debit Card Data Can Be Stolen at the Cash Register

Most adults in the developed world have bank accounts and credit cards. Most of us use debit cards and credit cards at the cash registers of our favorite ret
Read More
Article

Advanced exploits using XSS SHELL

Before understanding what XSS Shell is, let us recall a few basics of XSS (Cross Site Scripting). XSS is one of the most common vulnerabilities that exist
Read More
Article

Manual Web Application Penetration Testing: Identifying Application Entry Points

Introduction In this article, I will show you how to find injection points for your target host and how the webpage is encoded when it comes to the client si
Read More
Article

Manual Web Application Penetration Testing: Introduction

In this series of articles, I am going to demonstrate how you can manually exploit the vulnerability of a web application, compared to using any automation t
Read More
Article

Securing Your Java Code 3

For Part 2[pkadzone zone="main_top"] Sensitive Data Exposure A web application is vulnerable if it does not store sensitive information like password, bank
Read More
Article

Disassembler Mechanized Part 4: DLL Injector Development

Introduction We have already presented a couple of papers on modifying binaries through IDA Pro and OllyDbg disassembler, where we added functionality to an
Read More
Article

Disassembler Mechanized Part 3: Code Injection Operation

Introduction This article is a continuation of the previous effort of writing the "Disassembler-Mechanized" series, in which we are showing the process of de
Read More
Article

Debugging TLS callbacks

TLS (thread local storage) calls are subroutines that are executed before the entry point . There is a section in the PE header that describes the place of a
Read More
Article

Introduction to the Business of Stolen Card Data

Introduction I receive many questions from people who don't work in the security field about the use of stolen credit card data in the cyber-crime ecosystem,
Read More
Article

Cyber Extortion

Data Held Hostage In the digital age, data has incredible value. Not only for business purposes, but also for criminal intent. It draws the interest of cyber
Read More
Article

Disassembler Mechanized Part 2: Generating C# and MSIL code

Introduction In the previous papers, we have showcased the essential configuration in terms of external DLL importing into the solution and NuGet package ins
Read More
Article

R00t This Box

Here's a challenge, root this box. We found a vulnerable machine named Hackademic RTB1. The main challlenge is to root the box with admin privileges and capt
Read More
Article

IT Security 101: Prevent Weak Passwords

Passwords have been part of IT since long before the age of the desktop PC. However, now more than ever, systems administrators need to re-examine their pass
Read More
Article

How the NSA Monitors Target Computers with Radar Wave Devices

Introduction Germany's Der Spiegel has published a couple of disturbing articles on the NSA surveillance activities. The media agency has focused its article
Read More
Article

2014 - The year of changes

The year 2014 will be a year of continued change in the ICT security world. It will be a year in which some very fundamental, unfinished business that origin
Read More
Article

System address map initialization in x86/x64 architecture part 2: PCI express-based systems

This article is the second part of a series that clarifies PCI expansion ROM address mapping to the system address map. The mapping was not sufficiently cove
Read More
Article

Cyber Security During The Holidays

Introduction It's the holidays, a key time for cybercrime that exploits the bad habits of unaware internet users. Attackers can defraud and monetize their ac
Read More