Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Building a Secure API in a Cloud Environment

Introduction In the last couple of years there has been a boom in cloud computing, but mainly just the term is new, as we've been using cloud services for ye
Read More
Article

Qualitative risk analysis with the DREAD model

This article introduces two types of risk analysis (quantitative, qualitative) and presents how to perform qualitative risk analysis with the DREAD model. Fi
Read More
Article

Penetration testing apps for android devices

According to recent research, the amount of mobile phone users is larger than PC users. At the same time, the number of people who own Android phones is incr
Read More
Article

A History of Malware: Part Two, 1989-1992

In my previous article, I told the story of the very first worms and viruses. Interestingly, a groundbreaking mathemetician, John von Neumann, and a science
Read More
Article

Android Application Security Testing Guide: Part 2

In our last part of this series (Android Application Security Testing Guide: Part 1), we discussed static analysis of Android APK files on the security backg
Read More
Article

Heartbleed: What can be Learned from Playing the "Blame Game"?

By now, everybody who hasn't been living under a rock since April 7th this year has heard of Heartbleed. Most know that it is a devastating blow to security
Read More
Article

Android Tamer – A Walk Through

Are you a Backtrack/Kali freak? Ever thought of having a similar distribution in your arsenal dedicated for Android Security? "Android Tamer" is the solution
Read More
Article

A History of Malware: Part One, 1949-1988

These days, malware is an everyday concern, even among ordinary end users. A countless amount of money is lost every year worldwide due to malware, possibly
Read More
Article

Debugging Java Applications Using JDB

This article walks the readers through debugging Java programs using a command line tool called JDB. Though this article doesn't touch Android concepts, this
Read More
Article

2013 Data Breaches: All You Need to Know

Introduction: Statistics 2013 may be remembered as the "year of the retailer breach". This statement was reported in the last Verizon Data Breach Investigati
Read More
Article

Exploiting Windows 2003 server reverse shell

This paper is intended to explain several Metasploit approaches to exploit the vulnerable Windows 2003 server operating system, especially through msfconsole
Read More
Article

Encrypted code reverse engineering: Bypassing obfuscation

Obfuscation is a distinctive mechanism equivalent to hiding, often applied by security developers, to harden or protect the source code (which is deemed as i
Read More
Article

Public Key Cryptography and PuTTYgen – Program for Generating Private and Public Keys

In today's electronic world where everything is done online, "trust" is hard to come by. Conversations can be snooped on, credit card numbers can be stolen,
Read More
Article

Cloud-Based File Sharing Websites: A Data Security Disaster Waiting to Happen?

Have you ever stopped to consider the sensitivity and potential value of the information you have distributed using the many widely available file sharing we
Read More
Article

iOS Application Security Part 34 - Tracing Method calls using Logify

In the previous articles, we have seen how applications like Snoop-it can trace method calls specific to the application at runtime. This is very important i
Read More
Article

Fool the Network Hunters (Hackers)

Portspoof is meant to be a lightweight, fast, portable, and secure addition to any firewall system or security system. The general goal of the program is to
Read More
Article

Exploiting unintended data leakage (side channel data leakage)

In the previous articles, we discussed attacks associated with activity components, content providers, broadcast receivers, and ways to secure them. In this
Read More
Article

Securing IIS Server Checklists

Abstract This paper is designed to demonstrate the common IIS web server security specifications in the form of a checklist that aids web masters or penetrat
Read More
Article

Hacking Implantable Medical Devices

Preface: Modern Medical Devices and their Software Contemporary healthcare relies heavily on medical devices to help patients lead normal and healthy lives.
Read More
Article

David & Goliath – Winning Strategies in Cyber Warfare

Fortunately fashion is not key to helping us win the Cyber-War because sartorial elegance has never been a strong suit of the IT profession, but David and Go
Read More
Article

Privacy and Security Issues for the Usage of Civil Drones

In December, Amazon.com, the world's largest online retailer, announced that it is testing unmanned drones to deliver products ordered by its customers. The
Read More
Article

Remote access tool

Remote Access Tool is a piece of software used to remotely access or control a computer. This tool can be used legitimately by system administrators for acce
Read More
Article

Android hacking and security, part 3: Exploiting broadcast receivers

In the first two articles, we discussed attacks associated with Activity Components, content provider leakage and ways to secure them. In this article, we wi
Read More
Article

Buffer Overflow Attack & Defense

Abstract This paper attempts to explain one of the critical buffer overflow vulnerabilities and its detection approaches that check the referenced buffers at
Read More