Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Crooks Exploit Facebook to Spread Crypto-miner Malware

Social networks are a privileged attack vector that could be used by cybercriminals to spread malware to a wide audience. In the last month's security expert
Read More
Article

The basics of IDA pro

IDA Pro is the best disassembler in the business. Although it costs a lot, there's still a free version available. I downloaded IDA Pro 6.2 limited edition,
Read More
Article

Layer Seven DDoS Attacks

What is Layer 7? The process of sending and receiving data from one host to another, data encapsulation, is possible due to the existence of a seven layer pr
Read More
Article

BEC Attacks: How Attorney Impersonation Works

Cases of attorney impersonation are on the rise and often, they are accompanied by fraudulent requests for money or sensitive information. Techniques, such a
Read More
Article

5 reasons why you should report — Not reply to — Suspicious emails

Phishing emails are much harder to identify than most people realize. While you may laugh off the obvious ones, like your great grandmother's long-lost broth
Read More
Article

BEC Attacks: How Fake Invoice Schemes Work

According to Agari's Business Email Compromise (BEC) Attack Trends Report, 96% of companies experienced BEC attacks in the second half of 2017, mainly becaus
Read More
Article

BEC Attacks: How Email Account Compromise Works

Business email compromise (BEC) is a form of phishing attack in which a cyber attacker impersonates a high-level executive (often the CEO). From there, they
Read More
Article

How to Recover from A Business Email Compromise (BEC) Attack

Business email compromise (BEC) is one of the most devastating, and costly, cyber attacks of all time — it's estimated organizations lose over $130,000 per B
Read More
Article

The importance of physical security in the workplace

Physical security in detail Protecting important data, confidential information, networks, software, equipment, facilities, company's assets, and personnel
Read More
Article

Top Five SecurityIQ Phishing Templates: April Edition

With over 1,000 phishing templates in SecurityIQ, it can be difficult to pick the best templates for your team. We took a look back at April’s campaigns and
Read More
Article

Android penetration tools walkthrough series: Frida

Frida is a powerful and extensible instrumentation toolkit – among its many strengths, it is ideally suited to testing and evaluating native Android apps. Fr
Read More
Article

The Art of Fileless Malware

Introduction Malware has become a critical trend for companies around the world. We are looking at ransomware and other threats already lurking around the co
Read More
Article

Threat Hunting – Chthonic Banking Trojan

This is a lab that is conducted in a test bed. The resources were downloaded from malware.trafficanalysis.net. The samples provided came from a case study of
Read More
Article

What is the DoD CSSP (cyber security service provider)?

The DoD Cyber Security Service Provider (CSSP) is a certification issued by the United States Department of Defense (DoD) that indicates a candidate’s fitnes
Read More
Article

Shodan and IoT: The Problem is here!

Introduction Shodan a search engine which collects the information about all IPv4 and IPv6 devices connected to the internet and gives us the ability to sear
Read More
Article

How Criminals Can Exploit AI

Introduction Because tools for developing artificial intelligence (AI) sources and tutorials for its use are widely available in the public domain, it is exp
Read More
Article

How to Prevent BEC With Email Security Features

Business email compromise (BEC) has bilked unsuspecting institutions around the world for more than $9 billion dollars. A whopping two-thirds of these attack
Read More
Article

4 Ways to Integrate BEC Prevention Strategies into Your Organization

Business email compromise (BEC), an international fraud scheme, is seemingly forever on the rise and no company is safe from attack. It’s therefore essential
Read More
Article

Cooperation between Humans and Artificial Intelligence in the Name of Security

Artificial Intelligence (AI) - Machine Learning (ML) - Deep Learning (DL) Artificial intelligence as a term dates back to the 1950s, but only recently is com
Read More
Article

CGEIT Domain 2: Strategic Management [DECOMMISSIONED ARTICLE]

NOTE: This article reflects an older version of the CGEIT Exam -- please see the current CGEIT Certification page for the most up-to-date information.
Read More
Article

Android Penetration Tools Walkthrough Series: Androguard

Today, much of our personal and financial information is tied to mobile and web apps. Penetration testing is an ever-growing enterprise in the tech space, as
Read More
Article

Null byte injection in PHP

The null character is a control character with the value zero. It is presented in many character sets such as ASCII (American Standard Code of for Informatio
Read More
Article

Log analysis for web attacks: A beginner's guide

It is often the case that web applications face suspicious activities due to various reasons, such as a kid scanning a website using an automated vulnerabili
Read More
Article

Configuration of Anti-Virus and Anti-Malware Software within an ICS Environment

Anti-virus/anti-malware (AV) software is a critical component or layer of protection in securing your Industrial Control System (ICS) from external intrusion
Read More