Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Penetration testing of an FTP service

In this article we are going to learn how to configure ProFTPD service in a CentOS machine. After that we will conduct penetration testing to evaluate the se
Read More
Article

Python for Web application security professionals

Introduction: Python is an open source, interactive, object oriented programming language. It's very easy to learn and an extremely powerful high level langu
Read More
Article

IOS Application Security Part 15 - Static Analysis of IOS Applications using iNalyzer

In the previous article, we looked at how we can use Sogeti Data protection tools to boot an iDevice using a custom ramdisk with the help of a bootrom exploi
Read More
Article

PsyOps and Socialbots

Introduction Social media are the principal aggregation "places" in cyberspace; billions of connected people are using it for a wide variety of purposes from
Read More
Article

Keygenning: Part I

Introduction : A key generator or a Keygen is a computer program that will generate a valid « Product Serial or Key » in order to completely register a soft
Read More
Article

Penetration Testing for iPhone Applications — Part 6

In Part 1 of the article we have discussed about the iPhone application traffic analysis. Part 2, Part 3, and Part 4 covered in-depth analysis of insecure da
Read More
Article

Weapon of anonymous

Before starting, I would like to give a small preview about the topic. This article focuses on the world famous hacker group, known as "Anonymous." I will be
Read More
Article

Doxing: The Dark Side of Reconnaissance

Introduction: [pkadzone zone="main_top"] Doxing is a coin with two sides. Doxing can be used for security, research and collecting proof for investigation i
Read More
Article

Android Master Key Vulnerability—PoC

The recently discovered master key vulnerability in Android has given a jolt to the Android team and other parties involved. This vulnerability allows attack
Read More
Article

U.S. Cyber Policy – Course and Legal Aspects

Image courtesy of Gualberto107 / FreeDigitalPhotos.net [pkadzone zone="main_top"] Introduction Cyber policy is an important issue that many would qualify
Read More
Article

IOS Application Security Part 14 - Gathering information using Sogeti Data Protection tools

In the previous article, we looked at how we can boot a device using a custom ramdisk using Sogeti Data protection tools. In this article, we will look at ho
Read More
Article

Databases—vulnerabilities, costs of data breaches and countermeasures

This post introduces principal database vulnerabilities, providing an overview of the possible effects for their exploitation. For each database vulnerabil
Read More
Article

IOS Application Security Part 13 - Booting a custom Ramdisk using Sogeti Data Protection tools

In the previous article, we looked at how we can use Keychain-Dumper and Snoop-it to analyze and dump the contents of the Keychain from an IOS device. In thi
Read More
Article

CBC byte flipping attack—101 approach

As usual, there are some explanations about this attack out there (see references at the end), but some knowledge is required to understand it properly, so h
Read More
Article

Incident Response and Forensic Martial Arts with Helix

Helix3 is a live CD for doing computer forensic investigation and incident response. It is built on top of Ubuntu and comes in both free and commercial forms
Read More
Article

Windows Communication Foundation

Part-1 Abstract [pkadzone zone="main_top"] Over the year, we have learned innumerable ways of consuming services across the network such as Remoting, COM, CO
Read More
Article

One-time passwords with token

1. Introduction One-time passwords are used to achieve higher security than traditional static passwords. They're often generated by tokens. This article pre
Read More
Article

Dictionary attack using Burp Suite

Nowadays internet usage is growing dramatically because of this, a vast majority of companies and individuals that provide services have a website so custome
Read More
Article

SANS Investigate Forensics Toolkit – Forensics Martial Arts Part 2

This is a continuation of the first article on SANS Investigate Forensics Toolkit. In this article we will be covering the rest of the tools discussed earlie
Read More
Article

SANS investigate forensics toolkit—Forensics martial arts part 1

The SANS Investigate Forensic Toolkit (SIFT) is an interesting tool created by the SANS Forensic Team and is available publicly and freely for the whole comm
Read More
Article

Android forensics: Cracking the pattern lock protection

In this paper I'll show you how to find an Android's user pattern lock. I assume that the technique that I'll demonstrate can work only on a rooted device. A
Read More
Article

WEB SERVER SECURITY

This article gives you a short and understandable summary about web servers, the different types of servers, the security add-on software installation proces
Read More
Article

Keyloggers: How they work and more

Below is a graphic that enumerates some methods of password pilfering, which serves as an introduction to the matter discussed: [pkadzone zone="main_t
Read More
Article

Steganography: What your eyes don’t see

Steganography is the art of hiding information to prevent detection of a hidden message. It has been used throughout history by many methods and variation, a
Read More