Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Malware Threat Assessment Template for Financial Institutions

Financial institutions conducting online brokerage, alternative payments, Internet banking and other similar activities have been facing a growing number of
Read More
Article

All about AGDLP group scope for active directory - account, global, domain local, permissions

Lately I've gotten a few questions from prospective clients about AD security group scope. I wanted to take a minute to give an overview of what group scopes
Read More
Article

What Apple Knows about Us

Introduction Every day, we share information about us or what we do on the Internet, and our information is targeted by multinational companies in order to b
Read More
Article

StingRay Technology: How Government Tracks Cellular Devices

StingRay Technology StingRay is an IMSI-catcher (International Mobile Subscriber Identity) designed and commercialized by the Harris Corporation. The cellula
Read More
Article

How to Test the Security of IoT Smart Devices

Just when we thought we had our applications secured, they pull us back in. No, this isn't a case of directory traversal bugs reappearing in IIS, access bugs
Read More
Article

Online Defamation Cases - Part II

Introduction We all know how important it is nowadays to have a clean online record, almost as important as having no previous criminal offences. That is why
Read More
Article

Online Defamation Cases - Part I

Introduction We all know how important it is nowadays to have a clean online record, almost as important as having no previous criminal offences. That is why
Read More
Article

Acceptable Use Policy Template for User Level Passwords

As technology radically shapes the working environment of users across the globe, we are also responsible for keeping up with the security trends to avoid da
Read More
Article

Checklist for Next Gen Firewalls

Due to the ever-changing threat landscape, a few security products such as firewalls, IDS/IPS, etc. are becoming obsolete because of the older technologies b
Read More
Article

Practical shellshock exploitation – part two

Topics Covered Background Prerequisites Configuring SSH server Adding a new user Creating authorized keys for a specific client Adding au
Read More
Article

Practical Shellshock exploitation – Part 1

Topics covered Introduction What is Shellshock? When can it be exploited? How to check if you are vulnerable Checking your bash version
Read More
Article

iOS Application Security Part 36 - Bypassing certificate pinning using SSL Kill switch

In this article, we will look at how we can analyze network traffic for applications that use certificate pinning. One of the best definitions I found of cer
Read More
Article

DDoS Security Policy Template to Prevent Massive Attacks

It sounds like the 90s sci-fi horror thriller, "Tremors". Unfortunately, today, it could easily be a headline from the recent space of distributed-denial-of-
Read More
Article

What is Online Defamation /a.k.a. Cyber Libel/ and How it Pertains to some Contemporary Legal Systems

Preface: Balancing Freedom of Expression and Reputation Protection [pkadzone zone="main_top"] The right to freedom of expression – is there a better way to b
Read More
Article

NAT-PMP Vulnerability

In this article we will learn about the latest NAT-PMP vulnerability being discovered, which will affect around 1.2 billion SOHO routers worldwide. What is a
Read More
Article

Wifite walkthrough part 2

In this article, we will look at cracking access points using WPA-PSK or WPA2-PSK using Wifite. If you have used tools like airodump-ng, aircrack-ng etc t
Read More
Article

Hacking ATMs: The New Wave of Malware

Introduction In recent weeks, security experts at Kaspersky Lab have observed several attacks on Automated Teller Machines (ATMs) which were infected by malw
Read More
Article

Protecting WordPress Installations in an IaaS Environment

Introduction In this article we're going to take a look at how to secure a WordPress installation against attackers in an IaaS virtual machine. Virtual machi
Read More
Article

End of SSL with POODLE

In this article we will learn about the how SSL has reaches its end with various vulnerabilities. This article will also cover the recent vulnerability disco
Read More
Article

Wifite walkthrough part 1

In this article series, we will look at a tool named Wifite suitable for automated auditing of wireless networks. Most of you who have experience in wireless
Read More
Article

Information Security of Nanorobots

1. Introduction The year is 2045. A 31-year-old woman is brought to the hospital complainingof headaches and fever. The doctors identify a species of equine
Read More
Article

The Importance of an Online Encryption Policy within an Organization

Benjamin Franklin once said, "If you fail to plan, you plan to fail." This quote summarizes the importance of online encryption policy and hands-on implement
Read More
Article

Evolution of 3D Printing Technology Raises Security Concerns

Introduction Also known as the term additive manufacturing (AM), 3D printing is a process for making a three-dimensional object of almost any shape starting
Read More
Article

Sharkfest 2013: Part II

In the first part of our article we solved the first three challenges, so in this article we will continue with rest of the challenges. CHALLENGE #4: OUCH![p
Read More