Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

When APTs Attack

Countless organizations have fallen prey to cyber attacks - from high profile retailers to enterprises and government agencies. Some attacks have been high p
Read More
Article

Android App Permissions and Security: What You Need to Know

As of this article, Android has the greatest OS market share on both smartphones and tablets. If you don't own an Android device, chances are that your frien
Read More
Article

Hack I-Bank Pro

In this article we are going to see some major vulnerabilities typical of a remote banking application. We found an interesting vulnerable machine created b
Read More
Article

How to Plan a Social Engineering Assessment

A social engineering assessment is a very valuable tool in understanding the security exposure of most organizations. Since human beings tend to be the weake
Read More
Article

Hacking android apps using backup techniques

In the previous article, we had an introduction on how to analyze Android application-specific data using Android backup techniques. This article builds on t
Read More
Article

Java bytecode reverse engineering

This article is designed to show how to crack a Java executable by disassembling the corresponding bytes code. Disassembling Java bytecode is the act of tran
Read More
Article

Manually Web Application Penetration Testing: Fuzzing

Introduction When we test a web application, we do not test a single page, but a lot of pages of a single web application. Each page may have more than one v
Read More
Article

IOS Application Security Part 29 - Insecure or Broken Cryptography

In this article we will look at an example of Insecure or Broken Cryptography which is a common vulnerability found in most IOS applications. This vulnerabil
Read More
Article

Web Services Penetration Testing, Part 6: Fuzzing Parameters with Burp

In the previous article we discussed in what cases we might face challenges performing manual web services penetration testing and how SoapUI will help in th
Read More
Article

Reinventing Threat Intelligence

Effective threat intelligence is one major service that most companies offer to alert about the latest threats. Threat intelligence alerts about the latest t
Read More
Article

A Close Look at the NSA Monitor Catalog – Server Hacking

Introduction Summing up what happened, Der Spiegel published an internal NSA catalog that contains detailed information on spies' backdoors used by the agenc
Read More
Article

IOS Application Security Part 28 - Patching IOS Application with Hopper

In Part 26 of this series, we looked at how we can use IDA Pro and Hex Fiend to patch an IOS application and modify its implementation. Patching an applicati
Read More
Article

Dejan Kosutic on Business Continuity and Disaster Preparedness

From an organizational point of view, the concept of resilience is basically the same as the concept of business continuity: An organization’s ability to rea
Read More
Article

IOS Application Security Part 27 - Setting up a mobile pentesting environment with IOS 7 Jailbreak

In this article we will look at how we can set up a mobile pentesting platform on our device with the new IOS 7 jailbreak. There has been quite a lot of disc
Read More
Article

ECC: A Case for Mobile Encryption

Introduction: It is needless to start this article by talking about the rise of mobile devices in the last few years. We all know how smart phones have swept
Read More
Article

Buyer Beware: Your Credit Card and Debit Card Data Can Be Stolen at the Cash Register

Most adults in the developed world have bank accounts and credit cards. Most of us use debit cards and credit cards at the cash registers of our favorite ret
Read More
Article

Advanced exploits using XSS SHELL

Before understanding what XSS Shell is, let us recall a few basics of XSS (Cross Site Scripting). XSS is one of the most common vulnerabilities that exist
Read More
Article

Manual Web Application Penetration Testing: Identifying Application Entry Points

Introduction In this article, I will show you how to find injection points for your target host and how the webpage is encoded when it comes to the client si
Read More
Article

Manual Web Application Penetration Testing: Introduction

In this series of articles, I am going to demonstrate how you can manually exploit the vulnerability of a web application, compared to using any automation t
Read More
Article

Securing Your Java Code 3

For Part 2[pkadzone zone="main_top"] Sensitive Data Exposure A web application is vulnerable if it does not store sensitive information like password, bank
Read More
Article

Disassembler Mechanized Part 4: DLL Injector Development

Introduction We have already presented a couple of papers on modifying binaries through IDA Pro and OllyDbg disassembler, where we added functionality to an
Read More
Article

Disassembler Mechanized Part 3: Code Injection Operation

Introduction This article is a continuation of the previous effort of writing the "Disassembler-Mechanized" series, in which we are showing the process of de
Read More
Article

Debugging TLS callbacks

TLS (thread local storage) calls are subroutines that are executed before the entry point . There is a section in the PE header that describes the place of a
Read More
Article

Introduction to the Business of Stolen Card Data

Introduction I receive many questions from people who don't work in the security field about the use of stolen credit card data in the cyber-crime ecosystem,
Read More