Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Arrays: A Brief Tutorial

Introduction Arrays are powerful data structures that can be used to solve many programming problems. You have seen during the creation of different variabl
Read More
Article

GFI LanGuard – Network Security Scanner

Introduction: In a corporate environment, every computer connected to the network poses a security threat. As more and more computers get added into the net
Read More
Article

Reversing Loops

Introduction Every program nowdays contains branch statements where the decision making happens and loops where we're repeating some piece of code. Obviously
Read More
Article

IDA program patching

It's not a rare occurrence when we want to load a binary executable in a debugger, change some bytes and then save the changed binary to a hard drive, making
Read More
Article

Implementing Secure SDLC – Part 4

Background So far we have covered all the necessary information regarding what is Secure SDLC and strategically how to go about implementing it. Detailed in
Read More
Article

Snort Rule Writing for the IT Professional

Snort--the open source intrusion detection and prevention (IDS/IPS) system—for over a decade now has proven its value and efficacy and is ranked among the be
Read More
Article

Android: WhatsApp chat forensic analysis

We all love messaging and using IMs on our smartphones to stay in touch with our friends and family. We use various mobile apps like WhatsApp to IM without h
Read More
Article

Linear sweep vs recursive disassembling algorithm

We know that there are two ways of disassembling a binary executable into its assembler instructions. The first technique is linear sweep algorithm and the s
Read More
Article

Awesome modules of Recon-ng used for Web Recon testing

In my previous article, I wrote an introduction to the Recon-ng Framework and its basic usage, which is primarily used for automatic information gathering an
Read More
Article

Application security testing of thick client applications

In this article, we will learn about thick client applications, their vulnerabilities and ways to carry out security assessment of these applications. What
Read More
Article

Which Weapon Should I Choose for Web Penetration Testing? 2.0

Introduction This is the second edition of "Which weapon should I choose for Web Penetration Testing?" I hope that you liked the first edition. The same r
Read More
Article

Identity Management Solutions

Identity management as a platform is an emerging branch of Information security. Top vendors such as Microsoft, IBM, and Oracle have taken serious plunges in
Read More
Article

Anatomy of a Risk Assessment

To an organization that is serious about security and wants to identify the most efficient way to invest in security solutions, a risk assessment is absolute
Read More
Article

Anti-debugging: Detecting system debugger

In the previous tutorial, we've talked about techniques that harden the reverse engineering of the executable and then we looked at anti-debugging techniques
Read More
Article

Unpacking, reversing, patching

This article is an introduction of packing, how to unpack, to reverse an exe and finally patching it. I have chosen to show reversing of a sample exe file an
Read More
Article

Implementing Secure Software Development Program – Part 3

Background: In the previous parts we covered the approach for implementing Secure SDLC (S-SDLC) and Gap Analysis. In this part we are going to cover Roa
Read More
Article

Object Oriented Programming in C#.net

OOP's overview Object-oriented programming is the core ingredient of the .NET framework. OOP is so important that before embarking on the road to .NET, you
Read More
Article

Cyber-espionage: The greatest transfer of wealth in history

Introduction In recent months, the world-wide security community has discovered many cyber espionage campaigns that hit governments, intelligence agencies an
Read More
Article

IDA Pro Configuration Options

Configuration Files We know that some of the Ida's settings are saved in the .idb archive database files, but are not actually persisted across global Ida se
Read More
Article

Cryptography 101 with SSL

To Start With Whenever you are connecting to a site via HTTPS, the complete session is encrypted and all the application data is sent over a secured encrypte
Read More
Article

IDA Pro: IDC, SDK and Remote Debugging Overview

In this article, we won't be going too deep into Ida scripting. Instead, we'll present what an IDC is and how it can be used to enhance the capabilities of I
Read More
Article

Facebook malware: How do they work, how to protect yourself against them and what to do if you get infected

1. Introduction Social media's history precedes the 21th century and ever since then malevolent people have attempted to infiltrate the computers of innocen
Read More
Article

Implementing Secure Software Development Program

Background: This article follows my earlier one: "Secure Software Development Life Cycle" (from now on referenced as S-SDLC), being one Implementation of th
Read More
Article

Secure code review: A practical approach

This article is about different code review techniques and their application in the real world What you will learn What is secure code review and how to
Read More