Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Introduction to Kernel Debugging

Introduction Before trying to debug the kernel, we must first understand a few things. We must know what the Rings in computer security are. Let's take a lo
Read More
Article

Phishing Techniques: Similarities, Differences and Trends - Part I: (Mass) Phishing

Introduction The term "phishing" actually originated from the word fishing because the manner of attack defined by the term resembled fishing ever since its
Read More
Article

Reverse Engineering If Statements

Introduction Summary: In this article, we'll present a simple program that uses 'if' statements and then we'll try to reverse engineer the compiled version o
Read More
Article

Building an Incident Response Team and IR Process

In our world today, we have an abundance of many things, among which are -unexpected events. Falling meteorites, terrorist attacks, hacktivist demonstrations
Read More
Article

DOUBLE QUERY INJECTIONS DEMYSTIFIED

New SQL Injection Lab! Skillset Labs walk you through infosec tutorials, step-by-step, with over 30 hands-on penetration testing
Read More
Article

Reversing Switch Statements

Introduction In this article we'll take a look at all the optimizations the compilers use to assembly the high-level switch statements into their assembly re
Read More
Article

Introduction to application risk rating & assessment

Understanding today's threat landscape and looking at the pace with which organizations are adopting secure development practices, there seems to be a huge g
Read More
Article

Introduction to SoftICE

It's often the case that we need to debug a kernel application, like device driverS, system calls, interrupt routines, or some other kernel application. In t
Read More
Article

Collection

Objective of the Module: Introduction ArrayList Hashtable BitArray [pkadzone zone="main_top"] Introduction .NET offers a variety of collections such
Read More
Article

Cracking the Defender: The Deobfuscated Code

Introduction So far we've taken a look at the obfuscation routine and how it deobfuscates the instructions in the loc_4033D1. At the beginning point, the ove
Read More
Article

Cyber Exploitation

Introduction Over the past couple of years, cyber exploitation has established a reputation of something more than mere nuisance. The repercussions of these
Read More
Article

InfoSec Institute Interview: Alexander Polyakov – CTO at ERPSCAN

How it started It started pretty much as usual. When you have a ZX Spectrum at home as a child, you will turn to the technology area anyway, but the questio
Read More
Article

The Exponential Nature of Password Cracking Costs

Let's assume for a moment that you suffered a security breach for a web application accessed by your customers. Somehow, an intruder was able to evade all th
Read More
Article

Arrays: A Brief Tutorial

Introduction Arrays are powerful data structures that can be used to solve many programming problems. You have seen during the creation of different variabl
Read More
Article

GFI LanGuard – Network Security Scanner

Introduction: In a corporate environment, every computer connected to the network poses a security threat. As more and more computers get added into the net
Read More
Article

Reversing Loops

Introduction Every program nowdays contains branch statements where the decision making happens and loops where we're repeating some piece of code. Obviously
Read More
Article

IDA program patching

It's not a rare occurrence when we want to load a binary executable in a debugger, change some bytes and then save the changed binary to a hard drive, making
Read More
Article

Implementing Secure SDLC – Part 4

Background So far we have covered all the necessary information regarding what is Secure SDLC and strategically how to go about implementing it. Detailed in
Read More
Article

Snort Rule Writing for the IT Professional

Snort--the open source intrusion detection and prevention (IDS/IPS) system—for over a decade now has proven its value and efficacy and is ranked among the be
Read More
Article

Android: WhatsApp chat forensic analysis

We all love messaging and using IMs on our smartphones to stay in touch with our friends and family. We use various mobile apps like WhatsApp to IM without h
Read More
Article

Linear sweep vs recursive disassembling algorithm

We know that there are two ways of disassembling a binary executable into its assembler instructions. The first technique is linear sweep algorithm and the s
Read More
Article

Awesome modules of Recon-ng used for Web Recon testing

In my previous article, I wrote an introduction to the Recon-ng Framework and its basic usage, which is primarily used for automatic information gathering an
Read More
Article

Application security testing of thick client applications

In this article, we will learn about thick client applications, their vulnerabilities and ways to carry out security assessment of these applications. What
Read More
Article

Which Weapon Should I Choose for Web Penetration Testing? 2.0

Introduction This is the second edition of "Which weapon should I choose for Web Penetration Testing?" I hope that you liked the first edition. The same r
Read More