Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

How a DNS Sinkhole Can Protect Against Malware

The Domain Name Service (DNS) is an integral part of Internet access. It translates human-recognized domain names into computer-readable IP addresses in orde
Read More
Article

Tracking Attackers with a Honeypot - Part 2 (Kippo)

Introduction Unauthorized access to servers occurs on a daily basis. Attackers are constantly searching the Internet for servers that they can use for malici
Read More
Article

Three Security Practices That IoT Will Disrupt

I made it back from DEFCON with both my phone and tablet intact, but I'm happy I didn't bring a light bulb. You see, if had brought a light bulb, and that li
Read More
Article

Data Backups with Bacula: Mobile Devices

Introduction Bacula was specifically designed for backup jobs in a server environment, where servers have IP addresses that don't change regularly and are al
Read More
Article

Phishing WhatsApp Images via USB, From Python With Love

Introduction How many times did your work colleague or a friend of yours find a USB cable from your PC/Laptop and attach his Android phone to recharge its ba
Read More
Article

Preparing for a successful IAM integration project (Part 2 of 2)

Iteration-Based Delivery[pkadzone zone="main_top"] As mentioned before, an identity management implementation project will often extend 18-36 months based o
Read More
Article

Data Backups with Bacula: Notifications

Introduction When the backup solution is already working, we can also take a look at notifications more closely. We can send a notification email for every b
Read More
Article

Alleged Hack of iCloud Exposed Nude Photos of Celebrities Online

The case The gossip news of this week is the alleged hack of Apple's iCloud of many celebrities. Hundreds of naked photos purportedly belonging to more than
Read More
Article

Hacking traffic light systems

Traffic light systems security issues We often see movie scenes in which hackers are able to hack systems for the control of traffic lights, with catastroph
Read More
Article

Data Backups with Bacula: Backup Encryption

Introduction Bacula supports file encryption on the file daemon, which sends encrypted data to the storage daemon for storage. Since the file daemon encrypts
Read More
Article

Data Backups with Bacula: Client Data Backup and Restoration

Introduction When configuring the Bacula client, we don't need the full-blown Bacula installation, but just the bacula-client package that we can simply inst
Read More
Article

Data Backups with Bacula: Bacula Internals

Introduction This article presents the integral concepts of Bacula operation and management, which are integral parts of every Bacula backup solution and mus
Read More
Article

Data Backups with Bacula: Creating the Storage Partition

Introduction In this endeavor I've chosen to use Bacula backup software for the reasons outlined above. First we must talk about the Bacula server, but the o
Read More
Article

iOS Application Security Part 35 - Auditing iOS applications with iDB

In this article, we will look at another cool utility named iDB for pentesting iOS applications. Before that, i would like to apologize for coming up late wi
Read More
Article

Windows registry analysis with RegRipper – A ‘hands-on’ case study

Every analysis begins with specific goals in mind. As a forensics investigator, you are expected to know the type and importance of information you are looki
Read More
Article

Exploiting Systemic Query Vulnerabilities: Why You Should Not Attempt to Re-invent PDO

The particular exploits in this article take advantage of systemic query factory vulnerabilities, vulnerabilities which exist throughout an entire applicatio
Read More
Article

PGP Alternatives for Email Encryption

A few weeks ago, I wrote an article for 2600 Magazine. (If you're curious, publication has been confirmed and you'll probably see it in the Winter 2014-2015
Read More
Article

Getting started with android forensics

This article introduces Android forensics and the techniques used to perform Android forensic investigations. We will discuss Android file systems, data acqu
Read More
Article

Microsoft NAP (Network Access Protection)

In this article we will learn about one of the most important features introduced by Microsoft from the perspective of network access protection (NAP). We wi
Read More
Article

Operation Emmental: Banking Hit by Even More Sophisticated Cyber Attacks

Operation Emmental Security experts at Trend Micro have recently uncovered a hacking campaign dubbed "Operation Emmental" which targeted Swiss bank accounts
Read More
Article

Windows registry forensics using ‘RegRipper’ command-line on Linux

Windows registry is a gold mine for a computer forensics investigator. During case analysis, the registry is capable of supplying the evidence needed to supp
Read More
Article

Cyber Insurance

Introduction Cyber insurance coverage has been available on the market for a decade, but only recently companies have been seeing a significant growth—sales
Read More
Article

Analyzing the mod security logs

In the previous article, we had already configured the Mod-Security Firewall with OWASP Core Rule Set (CRS). But installing and configuring the Mod Security
Read More
Article

Cookies with Secure Flag: Undesired Behavior in Modern Browsers

Introduction When a cookie has secure flag set, it will only be sent over secure HTTPS, which is HTTP over SSL/TLS. This way, the authentication cookie will
Read More