Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

IOS Application Security Part 22 - Runtime Analysis and Manipulation using GDB

In this article, we will look at how we can use GDB to perform runtime analysis of IOS applications. In the previous articles, we have looked at how we can u
Read More
Article

How Classified NSA Exploit tools RADON and DEWSWEEPER Work

The NSA FoxAcid Platform Security expert Bruce Schneier is one of the most authoritative experts who revealed that the NSA has a wide-ranging arsenal of zero
Read More
Article

Top Links of Tools Compilation for Pentesting, Forensics, Security, and Hacking

Are you still looking for a suite of tools that may complete your day-to-day activities, or are you just looking for new tools that you can try or play with?
Read More
Article

Fuzzing for SQL injection with Burp Suite intruder

This article introduces Burp Suite Intruder and shows how it can be used for SQL injection fuzzing. Burp suite intruder It is a part of Burp Suite, which i
Read More
Article

IOS Application Security Part 21 - ARM and GDB Basics

All the IOS devices released uptil now are based on the ARM architecture. All the Objective-C code that we write while developing IOS applications is first c
Read More
Article

Web Services Penetration Testing, Part 2: An Automated Approach With SoapUI Pro

In the previous article, we discussed how the sudden increase in the use of web services makes it an important attack vector. Also, we covered different com
Read More
Article

Modern Online Banking Cyber Crime

Introduction In recent years, cyber crime has grown by leaps and bounds. Cyber crime revenue grew to levels comparable to that of a state, and major security
Read More
Article

Remoting Technology

Distributed Computing Abstract[pkadzone zone="main_top"] This article covers the means of cross-process and cross-machine interaction of applications develop
Read More
Article

Gentoo Hardening: Part 3: Using Checksec

Checksec The checksec.sh file is a Bash script used to verify which PaX security features are enabled. The latest version can be downloaded with the wget com
Read More
Article

2013 - The Impact of Cybercrime

Introduction Recent studies published on the evolution of principal cyber threats in the security landscape. They present concerning scenarios, characterized
Read More
Article

Reverse engineering with OllyDbg

The objective of writing this paper is to explain how to crack an executable without peeping at its source code by using the OllyDbg tool. Although, there ar
Read More
Article

Gentoo Hardening: Part 2: Introduction to PaX and Grsecurity

Configuring PaX with Grsecurity We've already briefly discussed PaX, but now it's time to describe it in detail. PaX provides the following security enhancem
Read More
Article

Understanding Session Fixation

1. Introduction Session ID is used to identify the user of web application. It can be sent with the GET method. An attacker can send a link to the user wit
Read More
Article

Gentoo Hardening Part 1: Introduction to Hardened Profile

Introduction In this tutorial, we'll talk about how to harden a Linux system to make it more secure. We'll specifically use Gentoo Linux, but the concepts sh
Read More
Article

What We Learned from APTs in the Current Year

Early this year we witnessed major IT firms suffering from data breaches of one kind or another, and they have come out in the open about the breaches, as we
Read More
Article

Optimizing Managed Code Execution

Abstract As an application grows ever more complex, it is necessary to build a more efficient and faster .NET application that requires a special treatment
Read More
Article

Photo forensics: Detect photoshop manipulation with error level analysis

Error Level Analysis is a forensic method to identify portions of an image with a different level of compression. The technique could be used to determine if
Read More
Article

Symmetric and asymmetric encryption

This article explains how symmetric and asymmetric encryption work. It also describes how to build a secure mail system using these two types of encryption.
Read More
Article

Demystifying Java Internals (An introduction)

Volume 1 Java is a technology that makes it easy to develop distributed applications, which are programs that can be executed by multiple computers across a
Read More
Article

Phishing Counter-Measures Unleashed

In this article, I have done my best to gather and explain all the possible ways by which phishing can be avoided. Here I am going to explain phishing counte
Read More
Article

Brainpan

Brainpan is a vulnerable virtual machine created by superkojiman. It's a vulnerable virtual machine with vulnerable services and it's not intended for produc
Read More
Article

IOS Application Security Part 20 - Local Data Storage (NSUserDefaults, CoreData, Sqlite, Plist files)

In this article, we will look at the different ways in which applicatons can store data locally on the device and look at how secure these methods are. We w
Read More
Article

Will the iPhone 5S Be The Catalyst to Fingerprint Scanners on All Our Devices?

A phone used to be a simple device you would make phone calls with. It could have your contact list, or even a log of recent contacts, but that was about it.
Read More
Article

Port scanning using Scapy

TCP connect scan TCP connect is a three-way handshake between the client and the server. If the three-way handshake takes place, then communication has be
Read More