Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Securing VoIP systems

Voice over Internet Protocol (VoIP) is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet
Read More
Article

Securing Shared Preferences with Third Party Libraries

In one of the previous articles, we have seen how developers implement Shared Preferences in Android applications. We have also seen how one can compromise t
Read More
Article

Blackbox Assessments with Introspy

This article explains how to start performing black box assessments on Android applications using Introspy. Introspy is one of the important tools in an Andr
Read More
Article

Bringing Down Security Risks With A BYOD Encryption Policy

The number of employees using their personal devices for work-related purposes is absurd. Let's just say there's an employee or two in every organization usi
Read More
Article

Have New Backdoors Been Discovered in iOS? An Interview With iOS Developer and Digital Forensics Expert Jonathan Zdziarski

When the HOPE X (Hackers On Planet Earth) 2014 convention started on July 18th, one particular presentation caught the undivided attention of information sec
Read More
Article

Xplico

Downloading Xplico In this article we'll present Xplico, which is a network forensics tool installed in major digital forensics Linux distributions like Kali
Read More
Article

Shellcode Detection and Emulation with Libemu

Introduction Libemu is a library which can be used for x86 emulation and shellcode detection. Libemu can be used in IDS/IPS/Honeypot systems for emulating th
Read More
Article

Crowdsensing: State of the Art and Privacy Aspects

1. Introduction It is estimated that today approximately three-quarters of the human population has a mobile phone. Crowdsensing, a new business model, allow
Read More
Article

How cybercrime exploits digital certificates

What is a digital certificate? The digital certificate is a critical component of a public key infrastructure. It is an electronic document that associates
Read More
Article

Padding oracle attack

Firstly, this vulnerability is not related to the Oracle database or the Oracle Company in any way. In cryptography, an 'oracle' is a system that performs cr
Read More
Article

Pafish (Paranoid Fish)

Introduction In this tutorial we'll take a look at a Pafish tool, which performs anti debugger/vm/sandbox tricks to detect whether the malware is being execu
Read More
Article

Explaining cyberterrorism

Introduction People feel endangered by cyberterrorists, and this topic has raised an alarm in many societies. Many experts in the IT field and many political
Read More
Article

Configuring the ModSecurity Firewall with OWASP Rules

In today's world, over 70% of all attacks carried out over are done so at the web application level, so we need to implement security at multiple levels, as
Read More
Article

File integrity monitoring (FIM) and PCI-DSS

In this article, we will learn about the requirement of file integrity monitoring in PCI-DSS (Payment Card Industry Data Security Standard). If we talk about
Read More
Article

Computer Forensics with P2 Commander

Introduction Computer Forensics is the methodical series of procedures and techniques used for procuring evidence from computer systems and storage media.
Read More
Article

DragonFly, Cosmic Duke and Pitty Tiger: From State-Sponsored Espionage to Campaign of Independent APTs

Introduction Cyber espionage is one of the most aggressive cyber threats for private companies and government entities. In recent years, the number of cyber
Read More
Article

Honey Encryption

Current Scenario In today's world, cyber criminals often use software to brute force passwords, and some may lead to successful attacks. Since there are many
Read More
Article

Windows Cryptography API

Microsoft Windows provides a sleek API for cryptographic purposes. It is a generic interface for accessing cryptographic services provided by Microsoft Windo
Read More
Article

Advanced sqlmap

sqlmap is an attack tool which can be effectively used to perform SQL injection attacks and post exploitation acts. It is a versatile tool when it comes to S
Read More
Article

Data loss prevention (DLP) strategy guide

In this article, we'll learn about the concept of data loss prevention: why it is needed, what are the different types of DLP and its modes of operations, wh
Read More
Article

Insecure local storage: Shared preferences

In the previous article, we discussed the common techniques of how application developers check for a rooted device and then how an attacker can bypass some
Read More
Article

Islamic State of Iraq and Syria (ISIS) a Global Threat: Analysis of the Effects on Cyberspace of the Iraqi Situation

What is ISIS and why it is menacing the world? The Islamic State of Iraq and Syria and Islamic State of Iraq and al-Sham, also known as ISIS, is an unrecogni
Read More
Article

Root detection and evasion

In this article, we will look at the techniques being used by Android developers to detect if a device on which the app is running is rooted or not. There ar
Read More
Article

Why Passwords Won’t Die

"What I would really love to be able to do is to kill the password dead," said White House cybersecurity coordinator Michael Daniel recently. A simple and un
Read More