Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Phishing Attacks by Demographic

Those who believe that no one falls for phishing anymore couldn’t be more wrong. Phishing is still on the rise, as shown by the 2016 Verizon’s Data Breach In
Read More
Article

Test Lab V8: Recon and Dev-test

This is the last part of our Test Lab solutions in this article we are going to find two tokens from Recon and Dev-test system. Recon is not any system in th
Read More
Article

The Call for Online Voting: Are We Ready?

Nowadays, people can do anything online, even vote in elections. In fact, some form of remote electronic voting (e-voting) is taking place at this moment thr
Read More
Article

Non Technical Countermeasures

Non-Technical Anti-Phishing Countermeasures articles: [clist id="1470331352967" post="35744"] [pkadzone zone="main_top"] Overview Today’s cybe
Read More
Article

Getting Started with IoT Security - Mapping the attack surface

IoT or the Internet of Things is the new buzzword all around. However, not enough attention has been paid to the security aspect of these so-called "smart" d
Read More
Article

Memory analysis using redline

Memory Analysis has become very useful for malware hunting and investigation purposes. Redline is a tool which is used to analyze the memory samples collecte
Read More
Article

Android hacking: Dumping and analyzing application’s memory

In this article, we will discuss how to dump the memory of a specific application using Android Studio's heap dump feature. We will also explore EclipseMemor
Read More
Article

Black Box network penetration testing walkthrough

A Black Box penetration testing means that an ethical hacker has no knowledge of the target network. The idea is to simulate an attack which a hacker might
Read More
Article

Gamification of Security Awareness Campaigns

Game On People like playing games. It’s a fact. We can leave the “life’s a game” discussion to philosophers and turn to some hard numbers. The 2015 resear
Read More
Article

Phishing on Social Networks - Gathering information

Phishing on Social Networks - Gathering information Most people will remember the scandalizing 2015 new headlines when sensitive personal data (email address
Read More
Article

Phishing Attacks on the Retail Industry

Phishing Attacks in the Retail Industry Phishing Targets by Industry: Financial Phishing Government and Military Phishing Healthcare Phishing Retail Phishin
Read More
Article

Penetration Testing and Cloud Platforms.

A holistic security approach also encompasses the aspect of penetration testing. Not only is it good practice to conduct regular penetration tests on all IT
Read More
Article

The art of searching for open source intelligence

The Internet is a big ocean, and it carries loads of information you might be interested in or looking for, but where and how to find that information? Thank
Read More
Article

A Hacker’s Tips for Running a Security Company

There's always the sting of irony when a cyber security company gets hacked. Not to mention the embarrassment and bottom line impact suffered by the victim.
Read More
Article

Mobile device penetration testing

For this lab, we'll be using Kali Linux and android emulator to do mobile penetration testing. Kali Linux is one of the Debian-based operating system with se
Read More
Article

ISIS Cyber Capabilities

Introduction At the end of April 2015, the US Government announced the first attack conducted by the Cyber Command against online activities conducted by mem
Read More
Article

Penetration testing of a citrix server

Here I'll discuss how I did a pentest of a Citrix server in a lab network. First, let us understand about Windows terminal service. [pkadzone zone="mai
Read More
Article

Phishing Simulation - How Do You Calculate Effectiveness and ROI? (Part 1 of 2)

We now know that the best way to instill people with a healthy degree of "inbox suspicion" is to flood them with harmless but realistic-looking phishing mess
Read More
Article

Snort Lab: Activate / Dynamic Rules

We've already learned that using flowbits allows us to make Snort rules work as a group. In this lab, we are going to look at different, and a more narrowly
Read More
Article

Memory Forensics

This mini-course started with forensic memory basics, in this mini-course, we have explained how you can and what you can find artifacts from memory. As Memo
Read More
Article

SS7 protocol: How hackers might find you

The Signalling System No 7 (SS7), also known as Common Channel Signalling System 7 (CCSS7) or Common Channel Interoffice Signaling 7 (CCIS7), is a set of pro
Read More
Article

5 Reasons for Segmenting Your Phishing Simulation Campaigns

Phishing campaigns are part of security awareness education and training There are several important reasons for why you would want to segment your phishi
Read More
Article

Mastering Mobile Forensics

Smartphone forensics is relatively new and quickly emerging field of interest in the digital forensic community and law enforcement, today's mobile devices a
Read More
Article

SNMP pentesting

In the previous article about SNMP, we have discussed how to set up your own vulnerable lab where we have configured pfSense and VyOS with SNMP misconfigurat
Read More