Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

OWASP top 10 application security risks: 2013 vs 2017

The Open Web Application Security Project (OWASP) is a global, nonprofit organization aiming to improve the security of applications and raise awareness of s
Read More
Article

Which Are the Most Exploited Flaws by Cybercriminal Organizations?

Which are the weapons in the arsenal of cybercrime gangs? Which are the most exploited vulnerabilities? To respond to these questions let's analyze the annua
Read More
Article

Introduction to the Nikto web application vulnerability scanner

The increase in web applications on the internet today raises a security concern because in some cases, security is haphazardly considered during development
Read More
Article

Introduction to OWASP ZAP for web application security assessments

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular web application security testing tools. It is made available for free as an open source p
Read More
Article

Windows Subsystem for Linux

Microsoft has started developing cross-platform integrations into Windows 10. The Windows Subsystem for Linux (WSL) is an example of one these integrations t
Read More
Article

File Decoys for Endpoints

In a typical scenario, threat actors try to gather as much information as possible (such as sensitive documents like credit card numbers, SSN details, and pa
Read More
Article

How to identify and mitigate XXE vulnerabilities

Security vulnerabilities that are created through the serialization of sensitive data are well known, yet some developers are still falling into this trap. W
Read More
Article

Avoid Disaster with Monitoring and Logging

If you have ever been at the epicenter of a security breach relating to online web apps and services, you know just how important your system logs can be as
Read More
Article

How WannaCry Ransomware Crippled Healthcare

Perspective What do you get when you combine stolen government hacking tools, an unpatched system, and shady operatives from North Korea? The answer is one s
Read More
Article

Computer Forensics: Administrative Investigations and the CCFE Exam

Introduction One of the best ways to measure and evaluate the technological progressions of the modern age is to examine the evolution of digital forensics.
Read More
Article

Benefits of using a third-party pentesting company

Benefits of pentesting The process of penetration testing (pen testing) is one of the best ways to visualize one’s own computer system—including its potenti
Read More
Article

Computer Forensics: Multimedia and Content Forensics

Introduction Probably one of the most exciting and relevant fields in the computing world today is forensics. Much like its criminal namesake, computer foren
Read More
Article

Computer Forensics: Intellectual Property Investigations and the CCFE

Introduction The characteristics of cybercrime are always shifting, just like the laws that are passed to handle cybercrime. When something goes awry in the
Read More
Article

10 steps to avoid insecure deserialization

You might think that your applications are secure and safe from prying eyes, but hackers are using ever more sophisticated methods to capture your user data
Read More
Article

Nmap cheat sheet: Part 4

This is the fourth part of our Nmap Cheat Sheet. Here we will discuss more about firewall scanning, IDS/IPS Evasion, web server pen testing, etc. Before that
Read More
Article

Nmap cheat sheet: From discovery to exploits, Part 3: Gathering additional information about host and network

As we discussed before, this is our third installment in our Nmap series. Nmap is well known for port scanning, port discovery, and port mapping. But we c
Read More
Article

Anatomy of an attack: gaining reverse shell from SQL injection

SQL injection opens a lot of possibilities for an attacker like dumping the database, causing denial of service, or stealing sensitive information. But it be
Read More
Article

How to Set Up a Web App Pentesting Lab in 4 Easy Steps

A pentesting lab can be a small entity used by one security tester, consisting of one or two computers; or it could be a larger set of networked computers be
Read More
Article

A Guide to XML File Structure & External Entity (XXE) Attacks

Modern forms of markup languages such as HTML, XML and XHTML are mostly used in designing web pages. XML, which stands for Extensible Markup Language, define
Read More
Article

Nmap cheat sheet: From discovery to exploits, part 2: Advance port scanning with Nmap and custom idle scan

This is our second installment of the Nmap cheat sheet. Basically, we will discuss some advanced techniques for Nmap scanning and we will conduct a Man In Th
Read More
Article

Nmap cheat sheet: From discovery to exploits - Part 1: Introduction to Nmap

As always during reconnaissance, scanning is the initial stage for information gathering. What is reconnaissance? Reconnaissance is to collect as much as i
Read More
Article

Computer Forensics: Embedded Device Analysis and Examination Steps

Introduction Nowadays, digital devices are everywhere and everything is connected via the Internet. These devices include digital watches, gaming consoles, m
Read More
Article

Malicious Cryptominer in Wireless Networks

Introduction The Cyber attacker is leveraging covert and malicious ways to produce digital money — often using Crypto miners. This clever technique is known
Read More
Article

Wireshark: An open-source forensic tool

"Today we are at a defining moment in the evolution and growth of the Internet. Large-scale data breaches, uncertainties about the use of our data, cybercrim
Read More