Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Cybersecurity Weekly: UScellular data breach, Emotet takedown, Washington State breach

UScellular suffers a data breach. Europol announces a takedown of the Emotet botnet. A data breach exposes 1.6 million jobless claims filed in Washington state. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

Wireless attacks and mitigation

Wireless networks have become an inherent part of our life and we all use wireless networks in some form in our day to day life. Of all the utilities provid
Read More
Article

Zerologon CVE-2020-1472: Technical overview and walkthrough

Read More
Article

Wireless network overview

Wireless networks have become an inherent part of our life and we all use wireless networks in some form in our day to day life. Of all the utilities provide
Read More
Article

Incident response and recovery best practices for industrial control systems

Introduction  In collaboration with the North American Electric Reliability Corporation (NERC), the Federal Energy Regulatory Commission (FERC) developed a
Read More
Article

Introduction to full disk encryption

Encryption is the process of converting plaintext to encrypted text. Encrypted text hides the original data from unauthorized users since encrypted text cann
Read More
Article

Average IT manager salary in 2021

IT management is a competitive career opportunity. Some companies hire from within, but you can still find job opportunities from IT firms looking for qualif
Read More
Article

Upskilling to deepen employee engagement & retention

Having a highly-skilled, engaged and motivated workforce is in everyone’s best interest, and it takes a combination of factors to support employees in becomi
Read More
Article

Hack the Box (HTB) machines walkthrough series — Buff

Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named B
Read More
Article

8 reasons you may not want to use VPNs

You probably have heard about VPNs before. It’s even possible that you might have used one. In this post, we will be learning about VPN, some of its basic co
Read More
Article

Security vs. usability: Pros and cons of risk-based authentication

Introduction Risk-based authentication (RBA) has to become part of the enterprise lexicon for a good reason. The authentication measures used to protect acc
Read More
Article

Email forensics: desktop-based clients

Emails are the most commonly used technology for exchanging messages between people/businesses using electronic media. With every technology, there comes a r
Read More
Article

What is a Honey Pot? [updated 2021]

Introduction: What is a Honeypot? Honeypots are special programs that are written for one purpose: to be exploited. Honeypots emulate the appearance of a vu
Read More
Article

Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]

In this tutorial, we’ll take a look at how we can hack clients in the local network by using WPAD (Web Proxy Auto-Discovery). The WPAD protocol allows automa
Read More
Article

CloudGoat walkthrough series: Remote code execution

This is the sixth in our walkthrough series of CloudGoat scenarios. CloudGoat is a “vulnerable by design” AWS deployment tool designed by Rhino Security Labs
Read More
Article

PenTest+: DoDD 8570 overview

In November 2020, the US Department of Defense (DoD) has selected CompTIA PenTest+ as an approved certification for military personnel and defense contractor
Read More
Article

Proper use and training are the keys to mastering secure C++, says Infosec Skills author Martin Dubois

“When we started, we simply didn’t think about security. We were alone in the world, and no one could connect to what we were doing,”
Read More
Article

Open source IDS: Snort or Suricata? [updated 2021]

Although early types of Network Intrusion Detection Systems go back all the way to the early 1980s, the concept of IDS took off when Martin Roesch created hi
Read More
Article

Email forensics: Web-based clients

This article discusses how to perform forensic investigations of Web-based email clients. While many organizations use Desktop based email clients for their
Read More
Article

Email analysis

In this article, we will explore the fundamentals concepts associated with email that will help us to perform email analysis. We will begin by understanding
Read More
Article

Software maturity models for AppSec initiatives

Introduction Software is on the front lines of security: a 2019 report from GitLab found that almost half of respondents deploy software on-demand or multip
Read More
Article

Investigating wireless attacks

In an earlier article, we discussed the fundamentals of wireless networks: the common types of wireless devices, terminology used, WLAN security types, 802.1
Read More
Article

Wireless networking fundamentals for forensics

With the evolution of Internet of Things (IoT) devices, there are countless wireless devices around us these days. Many people carry small-sized wireless net
Read More
Article

What is enumeration? [updated 2021]

Enumeration is defined as a process which establishes an active connection to the target hosts to discover potential attack vectors in the system, and the sa
Read More