Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

IBM Rational Appscan: Part 2

The first part of this article focused on configuring a scan in Rational Appscan, and as mentioned earlier, it's important to configure the scan based on you
Read More
Article

New Linux Distro for Mobile Security, Malware Analysis, and Forensics

Yes, you read the title right and I hope I just grabbed your attention! A new GNU/Linux distribution or distro designed for helping you in every aspect of yo
Read More
Article

Achieving Anonymity with Tor Part 2: Proxies and DNS servers

1. Using Burp with Tor So far we've looked at how to set up our web browser to use Privoxy, which in turn uses Tor to achieve anonymity on the Internet. But
Read More
Article

Interview with Project Leader Sebastian Poeplau

Introduction Malware threats have become very common these days. In the past, many honeypots have been created to detect malware propagation over the netw
Read More
Article

The Evolution of a Technical Information Security Professional

During my years of work as a consultant and trainer in the information security world, I've noticed a few patterns that usually exist in those who do very we
Read More
Article

Introduction to HTTP Response Headers for Security

Hyper Text Transfer Protocol (HTTP) is a stateless protocol. The implication of this is, at the protocol level there is no record of what happened in the pas
Read More
Article

Risk Management in Agile

In this article, we will explore the business concerns of Agile methodologies in project management. Recently, I read an article by Chris Matts and Olav Maas
Read More
Article

Achieving Anonymity with Tor Part 1

We all know that Tor enables us to be anonymous on the Internet. In this article we'll look at how to achieve this and truly know what we're up against. Firs
Read More
Article

Reversing Malware Loaders - The Matsnu-A Case

The AV industry is growing every day along with the underground industry that produces all types of malware from simple file infectors to more sophisticated
Read More
Article

Defcon 20 Day 3 Review

Defcon day 3 started with one of the most awaited talks of Defcon 20. It was the talk "Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2" by Moxie Marli
Read More
Article

A Review of the eSoft InstaGate UTM Appliance

It can take an organization several years to build out an information security infrastructure capable of providing them with sufficient protection. This is e
Read More
Article

IBM Rational Appscan Part 1

IBM Rational Appscan is one of the most widely used tools in the arena of web application penetration testing. It is a desktop application which aids securit
Read More
Article

Sulley Fuzzing Framework Intro

1. Sulley Fuzzing Framework Sulley is python fuzzing framework that can be used to fuzz file formats, network protocols, command line arguments, and other co
Read More
Article

Chapter 10 - Virtualization Security

Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables
Read More
Article

Defending the Internet with Project Meshnet

Introduction Topics related to Internet censorship have been debated frequently in the last few years. The main purpose of most Internet censorship action
Read More
Article

WebDAV Application DLL Hijacking Exploitation

In this article, I will explain WebDAV application DLL hijacking exploitation using our all time favorite, Metasploit. Here we will cover the module which ha
Read More
Article

Social Engineering 2—What Do We Have To Watch?

In my previous article we focused on providing an introduction to social engineering. For the purposes of this article, I want readers to consider the words
Read More
Article

Social Engineering - We Start Playing

If hacking is known as entering a computer system through a breach of security, social engineering can be referred to as an intrusion into the mind. That rea
Read More
Article

Intrusion Prevention System: First Line of Defense

In the past few years, advancements in technology have grown hand in hand with a substantial increase in hacking and cyber espionage. The whole world is deep
Read More
Article

Malicious code execution in PCI expansion ROM

The malicious code in x86/x64 firmware can potentially reside in many places. One of them is in the PCI expansion ROM. In the past, the small amount of memor
Read More
Article

Reconnaissance with Images

Gathering data on a target is extremely important if we plan to execute an attack in a more efficient manner. A typical attack scenario starts with a long re
Read More
Article

Chapter 9: Securing remote access

Remote access is no longer just about a laptop or home desktop user connecting to catch up on some work or update customer and order information. The explosi
Read More
Article

Complete file upload vulnerabilities

Allowing an end user to upload files to your website is like opening another door for a malicious user to compromise your server. However, uploading files is
Read More
Article

Simple router pawning techniques - Getting the administrative privileges

[pkadzone zone="main_top"] Securing the Access Point (AP) of your router's web page and the Telnet or SSH access should be considered as part of the ove
Read More