Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Cybersecurity Weekly: REvil decryptor, AT&T loses millions, OMIGOD flaw

A free decryptor for past REvil ransomware victims was released. AT&T lost $200 million to an illegal phone unlocking scheme. Mirai Botnet started exploiting the OMIGOD flaw. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

ISACA CDPSE domain 1: Privacy governance

Domain 1 of the ISACA CDPSE certification covers important privacy aspects and requirements needed within modern organizations.
Read More
Article

Cybersecurity Weekly: Cobalt Strike beacon, REvil is back, IT training pitfalls

Linux Cobalt Strike beacon is being used in ongoing attacks. REvil ransomware is back in full attack mode and leaking data. 7 signs your IT training sucks. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

The real dangers of vulnerable IoT devices

Internet of Things devices pose a very real threat to cybersecurity. And today, they are prevalent in every household.
Read More
Article

How criminals leverage a Firefox fake extension to target Gmail accounts

We walk through a specific Firefox extension called FriarFox that targets Gmail accounts of global Tibetan organizations.
Read More
Article

What to expect during your CMMC assessment

Learn about the specific steps and standards included in the CMMC assessment process and what your organization can expect.
Read More
Article

How cross-site scripting attacks work: Examples and video walkthrough

What are cross-site scripting attacks and how do they work? Find out in this walkthrough from Infosec Skills author John Wagnon.
Read More
Article

Python for active defense: Monitoring

Data is essential to effective active defense, and using Python is a good way to monitor your data sources to identify anomalies.
Read More
Article

ISC2 CSSLP job titles and career outlook

The CSSLP (Certified Secure Software Lifecycle Professionals) from ISC2 is a valuable certification for IT professionals, developers and cybersecurity practitioners.
Read More
Article

HACKSUDO: PROXIMACENTAURI VulnHub CTF Walkthrough, Part 1

Follow along as we solve this Capture the Flag (CTF) from Vulnhub.
Read More
Article

Red teaming: Is it the career for you?

Red teamers go beyond the basics of penetration testing to help test an organization's security against both in-person and online attackers.
Read More
Article

Python for active defense: Network

Python can be used for traffic collection, protocol decoding, and burning in a decoy when it comes to network defense.
Read More
Article

Taidoor malware: what it is, how it works and how to prevent it | malware spotlight

Taidoor is one of the malware criminals have developed to keep their nefarious activity undetectable.
Read More
Article

ISC2 CSSLP exam details and process

CSSLP (Certified Secure Software Lifecycle Professionals) is one of the most popular application-security-related certifications available.
Read More
Article

Cybersecurity Weekly: Fake NFT scam, Atlassian flaw, security analyst interview questions

An NFT collector was tricked into buying fake Banksy. An Atlassian Confluence flaw is being actively exploited to install cryptominers. 8 must-ask security analyst interview questions. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

iOS forensics

Day by day, smartphones and tablets are becoming ever more popular, and as a result, the technology used in development to add new features or improve the se
Read More
Article

Python for active defense: Decoys

Python can be a valuable resource when using decoys and pursuing active defense against cyberthreats.
Read More
Article

Tutorial: How to exfiltrate or execute files in compromised machines with DNS

Go through this tutorial on exfiltrating and executing files between machines using the well-known DNS protocol.
Read More
Article

Cyber risks of digitizing legacy systems in healthcare environments

The benefits of healthcare digitization might benefit a single asset, a process or the hospital as a whole — but it comes with obligations.
Read More
Article

VULNCMS: 1 VulnHub CTF walkthrough part 2

In the last part of this Capture the Flag (CTF), we found four HTTP ports open on the target machine. We tried enumerating the HTTP ports available on the ta
Read More
Article

ISC2 CSSLP domain 8: Secure software supply chain

Learn more about secure software supply chain, the domain 8 topic of the CSSLP certification.
Read More
Article

Incident responder careers: What’s it like to work in incident response?

Take a look at what it is like to work in the field of cybersecurity incident response.
Read More
Article

Cybersecurity Weekly: Phishing attacks using redirects, intermittent file encryption, Ragnarok shuts doors

Widespread phishing attacks are using open redirects. LockFile ransomware bypasses protection using intermittent file encryption. Ragnarok ransomware gang shuts shop and releases decryption key for free. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

SUNBURST backdoor malware: What it is, how it works, and how to prevent it | Malware spotlight

SUNBURST is a backdoor associated with a SolarWinds digitally-signed component of the Orion software framework.
Read More