Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Using Zeek for network analysis and detections

Learn about how to use Zeek, a free, powerful open-source network traffic analyzer.
Read More
Article

Suricata: What is it and how can we use it

Learn about the open-source threat detection engine that is an intrusion detection system (IDS) and an intrusion prevention system (IPS).
Read More
Article

FINDING MY FRIEND 1 VulnHub CTF Walkthrough - Part 2

Continue pursuing the capture the flag challenge from Vulnhub in part two of this task.
Read More
Article

CompTIA PenTest+ domain 2: Information gathering and vulnerability scanning

Learn how Domain 2 of the CompTIA PenTest+ exam tests candidates’ knowledge of gathering threat intelligence via reconnaissance.
Read More
Article

How to choose and harden your VPN: Best practices from NSA & CISA

These five best practices will steer you on course for choosing and hardening your VPN.
Read More
Article

Can bug bounty programs replace dedicated security testing?

Bug bounty programs don’t replace the need for a security consulting company that you work directly with for your security testing program. 
Read More
Article

Rook ransomware analysis

In this article, we will go through the details of rook, describe the most effective techniques, and provide some measures to fight ransomware.
Read More
Article

Red teaming: Initial access and foothold

Learn how red teaming techniques are used to gain a foothold in target attacks like social engineering.
Read More
Article

CompTIA PenTest+ domain 1: Planning and scoping

Learn how Domain 1 of the CompTIA PenTest+ exam prepares candidates to plan, scope and ethically perform a penetration test.
Read More
Article

Intelligence brief: Russian invasion of Ukraine and its cybersecurity impact

The Russian invasion of Ukraine will have a global impact. Here's what you should know to keep your organization safe from potential cyber threats.
Read More
Article

Skills and experience needed to support a CSIRT, SOC or SIEM team

Who works on an incident response team or in a security operations center? What skills do they need to succeed? Find out.
Read More
Article

Cybersecurity Weekly: Hidden costs of data breaches, CISA and FBI warn of recent malware attacks and halted Toyota production

The often-forgotten costs of a data breach, new CISA and FBI malware warnings and halted vehicle production due to supplier cyberattack. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

Top tools for red teaming

Explore several of the top tools used for red teaming.
Read More
Article

FINDING MY FRIEND: 1 VulnHub CTF Walkthrough - Part 1

As per the description given by the author, there are four flags in this CTF that needs to capture to complete the challenge. Pre-requisites would be knowled
Read More
Article

Intrusion detection software best practices

Learn intrusion detection systems fundamentals and some of the best practices behind maintaining and tuning them.
Read More
Article

What is intrusion detection?

Gain fundamental knowledge of intrusion detection and learn why it's crucial for network and endpoint security.
Read More
Article

HOGWARTS: DOBBY VulnHub CTF Walkthrough

Solve a capture the flag (CTF) challenge that was posted on Vulnhub.
Read More
Article

Looking to the future: A CISOs biggest challenges

Find out what some of the biggest challenges are for a CISO.
Read More
Article

CompTIA PenTest+ certification exam: Overview of domains

Learn about what is covered by the five domains of the CompTIA PenTest+ examination
Read More
Article

Log4j vulnerability explained: Zero-day attacks and how to contain them

The Log4j zero-day vulnerability continues to be exploited by malicious actors. Learn why, and what it takes to stop a potential exploit.
Read More
Article

The 7 steps of ethical hacking

To beat hackers at their own game, you need to think like them.
Read More
Article

Modus operandi of BlackByte ransomware

Learn about BlackByte, a data encryption malware targeting various organizations.
Read More
Article

Cybersecurity Weekly: 2022 email security trends, vulnerabilities in WordPress plugin and resources from CISA

Predicting 2022 email security trends, vulnerabilities detected in popular WordPress plugin and cybersecurity resources. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

Reducing cybersecurity risks with strong awareness reporting

With increasing cyberattacks and data breach costs, Infosec experts provide concrete ways to improve the impact of your cybersecurity awareness program.
Read More