Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Public Key Infrastructure: Concepts & Lab Setup

Executive Summary This article is a detailed theoretical and hands-on with Public Key Infrastructure (PKI) and OpenSSL based Certificate Authority. In the f
Read More
Article

Phishing Definition and History

Phishing Definition and History Related articles in this section: [clist id="1470243405619" post="35256"] If you’re new to the concept of phishing, it’s a g
Read More
Article

Information Security Vulnerabilities of Trains

1. Introduction Since the invention of the steam locomotive, there have been continuous technological developments in the field of railway transport. For ex
Read More
Article

Android forensics labs

Exercise 1: Getting started with ADB Objective: "adb" is an essential tool for interacting with Android devices. We use this utility in multiple scenarios
Read More
Article

Snort Lab: Rule Performance Analysis

There are various for analyzing Snort rules performance. In this lab, we are going to focus on the one that directly applies to rules: Rule Profiling. With t
Read More
Article

Cryptographic algorithms lab

For this lab we'll be using GPG, OpenSSL to demonstrate symmetric and asymmetric encryption/decryption and MD5, SHA1 to demonstrate hash functions. Virtua
Read More
Article

Encryption Everywhere?

This article discusses opportunistic encryption (OE) and ways to set up systems so that they will automatically encrypt whenever they can, rather than just w
Read More
Article

Panama Papers - How Hackers Breached the Mossack Fonseca Firm

Introduction The Panama Papers are a huge trove of high confidential documents stolen from the computer systems of the Panamanian law firm Mossack Fonseca th
Read More
Article

Snort Lab: Blinding IDS

IDSs and IPSs can be attacked by generating false positives. If you can generate enough false positives, you can potentially: Overwhelm the IDS console tool
Read More
Article

CISA 2016 - What's New

ISACA just recently released the 26th Edition of the CISA Review Manual to recognize and map to the new task/knowledge statements which can about as a result
Read More
Article

Implementation of a Virtual IDS Device in Passive Mode

The arrival of server, desktop and network virtualization has brought along enormous flexibility in configuration options and a huge drop in installation and
Read More
Article

How to write Phishing templates that work

Phish me once Phishing isn't hard. Despite all the frightening news reports about ransomware and millions of stolen dollars and identities, people still hap
Read More
Article

Lessons from Writing Multiple-Choice Test InfoSec Questions

Writing multiple-choice test questions for InfoSec certification exams is challenging. By multiple-choice, I mean those questions that ask students to identi
Read More
Article

Snort Lab: Custom SCADA Protocol IDS Signatures

In this lab, you are going to learn how to create custom Snort signatures for the Modbus/TCP protocol. [pkadzone zone="main_top"] First, let's take some tim
Read More
Article

Forensic investigation with Redline

This lab covers how to conduct a Memory investigation of malware using Redline from FireEye. In our lab we will analyze the Biscuit malware which is mostl
Read More
Article

Important Code Constructs in Assembly Language: Advanced

We have covered some basic operations and conditional statements in Part 1. In this article, we will cover some more complex data structures to recognize in
Read More
Article

Ransomware in the Wild: It’s an Emergency

Every week, new ransomware-based attacks are in the headlines. Malware authors are implementing new threats and new features to make these malicious codes ev
Read More
Article

Snort lab: Payload detection rules (PCRE)

Until now, when we used Snort to look for certain content within the payload, we've always looked for some specific values. What if we wanted to look for som
Read More
Article

Important Code Constructs in Assembly Language: Basics

This article represents a continuing of the malware analysis course we began with the complete structure of PE and ELF earlier. Another important concept whi
Read More
Article

Snort Session Sniping with FlexResp

Exercise 1: Packet Sniping FlexResp is a keyword used within Snort to snipe or tear down existing connections. The resp keyword is used to close sessions whe
Read More
Article

Complete Tour of PE and ELF: Section Headers

In the previous part, we have discussed the ELF and Program Header. In this article, we will cover the remaining part i.e. section headers. We will also see
Read More
Article

SAP Security – Think Different

Today we will discuss how SAP Security differs from traditional IT security. While in most cases security is security, no matter what we discuss, in SAP area
Read More
Article

Complete Tour of PE and ELF: Structure

Since we have completed the PE structure, now it is time to look at the ELF structure which is somewhat easier to understand as compared to PE. For ELF struc
Read More
Article

Snort Tracking Exploit Progress with Flowbits

Lab 4: Tracking Exploit Progress with Flowbits So far in our exercises, we used individual rules against specific activities. The flowbits keyword allows sev
Read More