Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Reverse Engineering of Embedded Devices

Introduction This article is for colleagues who are interested in studying the reverse engineering of embedded devices starting from the introduction of equi
Read More
Article

Cyber Threat Assessment Template For Special Forces

The growing number of cyber threats highlight the risks that US critical infrastructure and Special Forces face. Once considered weak in nature compared to o
Read More
Article

Insider vs. outsider threats: Identify and prevent

In my last article, we discussed on a step-by-step approach on APT attacks. The origin of any kind of cyber-attack is through an external or an internal sour
Read More
Article

Interview: Chris Steel, Chief Solutions Architect at Software AG Government Solutions, Inc.

Chris Steel is the Chief Solutions Architect at Software AG Government Solutions, Inc., a leading software provider for the US federal government. The compan
Read More
Article

Asprox / Kuluoz Botnet Analysis

Introduction Kuluoz, aka Asprox, is a spam botnet that emerged in 2007. It has been known for sending mass of phishing emails used in conjunction with social
Read More
Article

APT28: Cybercrime or State-sponsored Hacking?

Once upon the APT28 In October of 2014, the security firm FireEye published a report that revealed the existence of a group of Russian hackers, dubbed APT28,
Read More
Article

Case Study: Evading Automated Sandbox - Python PoC

Introduction With the increasing of Sandbox technology usage, every penetration tester should be prepared to face it one day. While a plenty of Pentest tools
Read More
Article

Windows Functions in Malware Analysis - Cheat Sheet - Part 2

In the Part 1 of the series, we discuss about windows functions that analysts commonly encounter during malware analysis. In this part, we will conclude the
Read More
Article

ELF File Format

Executable and Linking Format (ELF) is the object format used in UNIX-like operating systems. This post introduces the ELF file format in the big picture of
Read More
Article

Dealing with bad characters & JMP instruction

So far, in previous articles, we have learnt how to develop our own working exploit for the Echo Server program; we used two different payloads with the expl
Read More
Article

15 + Modules for Making Your Drupal Website Secure

Drupal is the popular open-source content management system written in PHP. Although it only powers around 2.5% websites on the web, but it is still importan
Read More
Article

How to Prevent a Domain Name Theft

1. Introduction The domain names may cost far more than a real estate. For instance, Facebook paid USD 8.5 million to buy fb.com. The high prices of the doma
Read More
Article

Interview: J. Wolfgang Goerlich, Cyber Security Strategist for Creative Breakthrough

J. Wolfgang Goerlich is an influential leader and IT management executive with the ability to act as a cultural change agent, driving security initiatives an
Read More
Article

iOS Application Security Part 42 - LLDB Usage continued

In this article, we will look at some of the most important commands in LLDB to debug applications. If you have been following this blog series, you would ha
Read More
Article

Windows functions in malware analysis - cheat sheet - Part 1

In this article, we will learn briefly about the various windows functions commonly encountered by malware analysts. Windows functions Accept: This fun
Read More
Article

Introducing IDA scripting

IDC scripting language is used by IDA disassemblers to programmatically manipulate data assembly and parameter in the loaded IDB database file. Script can ma
Read More
Article

The Basics with Node.js Examples

Introduction Public-facing APIs have tremendously increased in the last couple of years. Businesses have seen that sharing their business data with the publi
Read More
Article

Writing Python Compiled Modules

Any code that you write utilizing any compiled language like C, C++, or Java can be integrated or imported into another Python script. This code is considere
Read More
Article

Mumblehard Malware

Introduction In this article, we will learn about a malware known as Mumblehard which is known for targeting Linux and BSD OS. This malware opens a backdoor
Read More
Article

Sharkfest 2014 Part I

The sharkfest challenge was organized by Wireshark University. There are five challenges related to the trace files analysis. In each challenge, there are so
Read More
Article

The 6 D’s of Cyber Security

In this article, we will discuss the 6 D's of cyber security and how you can implement them in your own cyber-defense strategy -- Deter, Detect, Defend, Defl
Read More
Article

Format String Bug Exploration

ABSTRACT The Format String vulnerability significantly introduced in year 2000 when remote hackers gain root access on host running FTP daemon which had anon
Read More
Article

Cracking 64bit Binaries

Keygenning is a process of finding a valid key for a program. It is used for cracking/piracy. Most of the cracking has been documented on x86, there haven't
Read More
Article

VENOM Vulnerability Opens Millions of Virtual Machines to Attack

The VENOM vulnerability A security vulnerability recently patched is scaring the IT industry, its name is VENOM, and it is coded as CVE-2015-3456. The dreade
Read More