Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

The IoT Security Skills Gap

The Internet of Things (IoT) is changing the cybersecurity landscape. This shift in skills along with the already shortfall of IT workers is widening the gap
Read More
Article

Missed GDPR Deadline? 6 Steps You Need to Take Right Now

Despite the recent mad dash to comply with European Union’s General Data Protection Regulation (GDPR), many organizations missed the May 25 deadline. We all
Read More
Article

Why DevOps Need Penetration Testing

When your goal is to innovate and deliver products and services at higher speed, security can be a bit of an afterthought. This is especially true when you c
Read More
Article

Do Security Managers Need an IAPP Certificate?

You are probably looking into expanding your career in IT security, perhaps even aspiring to become a security manager, but you’re not sure about attaining a
Read More
Article

What Your Data Protection Officer Should Know About Privacy Requirements

Data privacy suddenly got hot a few years ago when Edward Snowden made his revelations about the NSA snooping on U.S. citizens’ data. Since then, data privac
Read More
Article

What Should a Security Manager Know About US and UK Privacy Laws?

George Bernard Shaw once said that the U.K. and U.S. were “two nations divided by a common language.” You can say a similar thing about security managers.  S
Read More
Article

[FREE Training Resources] Posters, Infographics and more!

Here at InfoSec Institute, we get pretty excited about events like National Cyber Security Awareness Month (NCSAM) and European Cyber Security Month (ECSM).
Read More
Article

How a Data Protection Officer Will Benefit Your Organization

In May of 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. This wide-reaching law touches any company, no matter what si
Read More
Article

Spam or Phish? How to tell the difference between a marketing email and a malicious spam email

Virtual crime is a side effect of the convenience of technology. With greater strides in technology making everything from banking to communication faster an
Read More
Article

What Is Protected Health Information (PHI)?

Healthcare is a data-rich industry. These data are created across the entire healthcare ecosystem; they represent a wealth of information that can be used to
Read More
Article

Spam Filtering Cheat Sheet: 14 Ways to Reduce Spam

What Is Spam? Spam is usually defined as irrelevant or unsolicited messages sent over the Internet, typically to a large number of users, for the purposes of
Read More
Article

Nine Major Phishing Attacks of 2018 (and How to Spot Them)

Phishing attacks are the most common type of cyberattack for good reason: because they work. If an attacker can convince you to click on a link in a phishing
Read More
Article

Android hacking and security, part 2: Content provider leakage

In the previous article, we discussed how an attacker exploits vulnerable Activity Components and ways to secure them. In this article, we will discuss "Cont
Read More
Article

An overview of the OWASP security champions playbook

The OWASP Security Champions Playbook is a project that was initiated for the purpose of gearing up the OWASP Open Web Application Security Project — nam
Read More
Article

How to Become Your Own Security Champion

In the last year, you may have heard the term “security champion” and wondered if this was a specific job or just another buzzword. In this article, we’ll ta
Read More
Article

pWeb Suite - A Set of Web Pentesting Tools

pWeb Suite (formerly known as pCrack Suite) is a set of Perl-based penetration testing tools primarily focused on web application security and vulnerability
Read More
Article

Anatomy of an APT attack: Step by step approach

This article will explore the technique, design and the inner workings of an APT (Advanced Persistent Threat) attack. It will also relate various stages of a
Read More
Article

Drunk Admin Web Hacking Challenge

This challenge includes a web application generally designed for image hosting. The application has a few vulnerabilities. The challenge is to exploit the ap
Read More
Article

Creating an undetectable custom SSH backdoor in Python [A – Z]

During penetration testing, sometimes you get stuck with a secure environment where all the servers and end-clients are fully patched, updated, firewalled, a
Read More
Article

Temple of Doom 1: CTF Walkthrough Part 2

In this article, we’ll continue to solve the Temple of Doom CTF challenge which was posted on VulnHub website by 0katz. This is the part two of this CTF. In
Read More
Article

Bulldog: 2 CTF Walkthrough

In this article we will solve a capture-the-flag (CTF) challenge named “Bulldog 2.” This CTF was posted on VulnHub by the author Nick Frichette. As per t
Read More
Article

Hotspot honeypot

The Hotspot Honeypot is an illegitimate Wi-Fi access point which can appear as an authorized and secure hotspot. Despite appearances, it is actually set up b
Read More
Article

PowerShell for Pentesters Part 4: Modules with PowerShell

Introduction The more we advance in our lab series, the more we notice the power of PowerShell. And it will only  become more noticeable. In this lab we wil
Read More
Article

Assembly programming with Visual Studio.NET

MASM is maintained by Microsoft and is an x86 assembler that consumes Windows and Intel syntax to produce a COFF executable. It is compatible for both 16 bit
Read More