Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

A guide to preventing common security misconfigurations

Security misconfigurations are still part of OWASP’s Top 10 Security Risk list. This indicates they have been a persistent issue over the years. Security mis
Read More
Article

Computer Forensic Report Writing and Presentation

Introduction The demand for inter-networking keeps increasing amongst users and organizations where access to and sharing of data is a daily requirement. As
Read More
Article

10 Steps to Detect Lateral Movement in a Data Breach

Many enterprises spend millions of dollars on solutions that promise to bolster their security. However, much less focus is placed on the ability to detect l
Read More
Article

Penetration Testing Methodology for Mobile Applications: 5 Key Steps

The astonishing growth in mobile technologies has introduced many new vulnerabilities. According to findings from Verizon's inaugural Mobile Security Index 2
Read More
Article

5 New Threats Every Organization Should be Prepared for in 2018

It is no wonder that 2017 was a year full of surprises in the world of cybersecurity. So far in 2018, we've seen new threats appear, and relatively older one
Read More
Article

How to Complete a Vulnerability Assessment with Nessus

In this lab, we will show you how to conduct and analyze a vulnerability risk assessment using the popular vulnerability scanning tool Nessus. We will:
Read More
Article

Expert Tips on Incident Response Planning & Communication

An organization's ability to recover quickly in the wake of a cyberattack is directly proportional to their incident response capabilities. In essence, incid
Read More
Article

How to Use AlientVault SIEM for Threat Detection & Incident Response

Malware comes via attachments, malvertising, man-in-the-middle, man-in-the-browser, social engineering and countless other vectors. Even the most stringent o
Read More
Article

QuadRooter Attack Overview: Vulnerabilities, Methods & Mitigations

QuadRooter is a threat vector specifically affecting Android devices. The common vulnerabilities and exposures (CVE) for these security issues are: CVE-2016
Read More
Article

Comparing Mobile & Web Application Penetration Testing

Pentesting mobile applications is quite different from pentesting web applications. Comparing the two processes lets us make better choices for our security
Read More
Article

An introduction to penetration testing Node.js applications

In this article, we will have a look at how to proceed when penetration testing Node.js applications or looking for Node.js specific issues. Node.js is a
Read More
Article

Basic Principles of Ensuring iOS Apps Security

The development of any mobile application requires serious attention to privacy and security. This is especially important for applications that work with pe
Read More
Article

Broadpwn Wi-Fi Vulnerability: How to Detect & Mitigate

It can be easy to think our mobile devices are more secure than they are. However, that is just not the case. In the last three years, there have been dozens
Read More
Article

Top 10 Things to Look for or Avoid When Choosing a Pen-Testing Vendor

The penetration testing market is currently booming and will continue to do so; in fact, the international company MarketsandMarkets, a provider of quantifie
Read More
Article

Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I

  Techniques to detect Lateral Movement in the Windows Systems In this article, we will focus on the conventional techniques being used by the threat
Read More
Article

Understanding the Cloak & Dagger Attack: Overview & Tutorial

The Cloak and Dagger Attack is a method dealing with mismatched permission issues to access certain features on an Android device up to version 7.1.2. Certai
Read More
Article

YARA: Simple and effective way of dissecting malware

In this article, we will learn about the YARA tool, which gives a very simple and highly effective way of identifying and classifying malware. We all know th
Read More
Article

ICMP attacks

ICMP stands for Internet Control Message Protocol and is the most used protocol in networking technology. A connectionless protocol, ICMP does not use any po
Read More
Article

Bulldog: 1 CTF Walkthrough

In this article, we will learn to solve another Capture the Flag (CTF) challenge which was posted on VulnHub by Nick Frichette. You all must be aware from my
Read More
Article

Top 6 mobile application penetration testing tools

The widespread use of mobile applications comes with a full range of new attacks formerly not relevant in the classic web application world. Fortunately, pen
Read More
Article

Memcrashed: The Dangerous Trend Behind the Biggest DDoS Attack Ever

Introduction In November 2017, a group of researchers provided a macroscopic characterization of the DoS ecosystem; they shared their findings at the AMC Int
Read More
Article

Top 10 Reasons Why Pentesting is Important to Help Meet Compliance

Compliance is one of the most important aspects an organization needs to address. This means the company and its employees follow strict guidelines that can
Read More
Article

Threat Hunting – Command and Control Center - OFFICE WORK

This is a lab that is conducted in a test bed. The resources were downloaded from malware.trafficanalysis.net. The samples provided came from a case study of
Read More
Article

Top 5 Free Intrusion Detection Tools for Enterprise Network

Due to the complexity of today's data breaches and intrusions, deploying and maintaining network security more frequently requires a promising system to defe
Read More