Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Web application testing with Arachni

What is Arachni? In very simple terms, Arachni is a tool that allows you to assess the security of web applications. [pkadzone zone="main_top"] [pka
Read More
Article

Creepy, the geolocation information aggregator

What is creepy? So what is Creepy actually and how does it come into the “Geolocation” picture ? Creepy is a geolocation information aggregation tool. It al
Read More
Article

IT auditing and controls – Auditing organizations, frameworks and standards

What is a standard?  Who defines standards?  Where do we as IT auditors come into contact with standards?  Which framework should we use to do an IT audit an
Read More
Article

The Case of the Great Router Robbery

NEWSFLASH: AnyTown Local News reports this Monday morning that the recent spate of office break-ins has continued with a weekend raid on the downtown branch
Read More
Article

IT auditing and controls - An introduction

Auditing is an evaluation of a person, organization, system, process, enterprise, project or product, performed to ascertain the validity and reliability of
Read More
Article

Microsoft Virtual Server Security: 10 Tips and Settings

Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables
Read More
Article

SQL Injection – Another hacking how-to

We wanted to get up a brief demo of the ubiquitous SQL Injection. We use it here to get control of the OS. We'll have a lot more angles on SQL Injection - as
Read More
Article

Grep Essentials

grep The grep utility, which allows files to be searched for strings of words, uses a syntax similar to the regular expression syntax of the vi, ex, ed, and
Read More
Article

OWASP Top 10 Deeper Dive – A5: Cross-Site Request Forgery (CSRF)

Description: Parsing the OWASP Top Ten with a closer look at Cross-Site Request Forgery (CSRF). No freely available or open source tools "automagically" discovers CSRF vulnerabilities; you have to step through the app as described above and test against locally installed vulnerable applications and devices unless you have explicit permission to test remote applications per an approved penetration testing engagement.
Read More
Article

Computer Forensics: Snort Logs Analysis

Sometimes the best evidence of a network intrusion resides in network or traffic logs. Snort is a well known open-source traffic analysis and network intrusi
Read More
Article

Malware Analysis: Classifying with ClamAV and YARA

On a daily basis,we are encountering thousands of new types of malware with unknown content. This malware can come from honeypots, infected websites or even
Read More
Article

CISA Domain 5 – Protection of Information Assets

Domain 5, Protection of Information Assets is the last domain in the CISA certification area and the most important. ISACA has stated that this domain repres
Read More
Article

How to Learn the IT Skills of a Security Professional

InfoSec Institute's Recommended Course Path for Beginners: A+ Class Network+ class Security+ MCITP track for Server Admin CCNA CCNP Ethical Hacking Advanced
Read More
Article

CISA Domain 2 – Governance and Management of IT

CISA – Domain 2 – Governance and Management of IT ISACA has revamped the CISA material and this domain now contains the Business Continuity section from t
Read More
Article

OWASP top 10 tools and tactics

A tool for each of the OWASP Top 10 to aid in discovering and remediating each of the Top Ten If you've spent any time defending web applications as a sec
Read More
Article

Standards for Penetration Testing

The cost and quality of penetration tests vary wildly between different vendors. As a response to those differences, a group of security professionals have b
Read More
Article

CISSP Domain - Business Continuity and Disaster Recovery

Note: The information in this article is out of date. Check out our CISSP hub for the most up-to-date information. You only have to turn on the TV and wat
Read More
Article

Stack Based Buffer Overflow Tutorial, part 3 - Adding shellcode

This is the third article in a series of three on stack based buffer overflow. Before you read further, you will want to read the first and second articles.
Read More
Article

Stack Based Buffer Overflow Tutorial, part 2 - Exploiting the stack overflow

This is the second article in a series of three on stack based buffer overflow. Before you read further, you will want to read the first article. In that art
Read More
Article

Stack based buffer overflow tutorial, part 1 - Introduction

This tutorial, in three parts, will cover the process of writing a simple stack based buffer overflow exploit based on a known vulnerability in the Vulnserve
Read More
Article

CISSP Domain - Information Security Governance and Risk Management

Note: The information in this article is out of date. Check out our CISSP hub for the most up-to-date information. Today let’s take a look at the CISSP Do
Read More
Article

An introduction to fuzzing: using fuzzers (SPIKE) to find vulnerabilities

This article discusses the process of fuzzing an application to find exploitable bugs. Vulnserver, a TCP server application deliberately written by Stephen B
Read More
Article

Security Incident Response Testing To Meet Audit Requirements

Description: Practical guidance and tools to ensure maximum readiness for incident response teams including drill tactics. PCI-DSS audits often require IR te
Read More
Article

The Device Driver Process Injection Rootkit

New SQL Injection Lab! Skillset Labs walk you through infosec tutorials, step-by-step, with over 30 hands-on penetration testing
Read More