Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

What a Challenger Perceives in most CTF Categories/Challenges

Did you have fun playing our very own Capture the Flag (CTF) challenges? I know it's been a long time though since we launched the n00bs CTF Labs and Practic
Read More
Article

Security in Projects: The Importance of Effective Social and Soft Skills

Security is just one part of a process for enabling information projects. However, it has become one of the most vital components to their success. This is w
Read More
Article

How malware detects virtualized environment (and its countermeasures)

Virtual Machines are usually considered a good way to analyze malware as they can provide an isolated environment for the malware to trigger but their action
Read More
Article

EINSTEIN System is Still Too Immature to Protect Fully the US Government Networks

On Jun 2105, the US Government announced that a major data breach likely backed by Chinese hackers caused the exposure of data belonging to millions of gover
Read More
Article

Why Does No One Talk about BYOD Anymore?

The emergence of BYOD has been a revolution in the work world. For the first time, employees were able to use their own preferred, personal piece of equipmen
Read More
Article

SAP Cybersecurity History

After we got to know what is SAP and why SAP Security is important, we are ready to take the next step, to learn a history of SAP Security and the most signi
Read More
Article

SAP Afaria Security: Attacking Mobile Device Management (MDM) Solution

It is known that the BYOD trend is changing the way enterprises are managed, delivered, and, most importantly, secured. While BYOD has its benefits, such as
Read More
Article

Windows logging for PCI-DSS

Various organizations strive to be PCI-DSS compliant, and they often have a hard time deciding what to log from Windows Systems so as to retain all the essen
Read More
Article

Web Application Firewall 101: How to Prevent Web Hacking

At this point, it's is safe to say that web hacking is a pretty rampant concern. It almost seems that on a weekly basis readers are inundated with major web
Read More
Article

SQL injection analysis

It is one thing to be able to execute a simple SQL injection attack; it is another to do a proper investigation of such an attack. Unfortunately, there is no
Read More
Article

Why ITIL, COBIT and Other Non-Infosec Based Frameworks Are Infosec’s Best Friends

As a current or aspiring security professional, you will know of a range of information security frameworks and enablers. These might include standards, e.g.
Read More
Article

Digital forensics models

In the increasingly dynamic world of technology, the number of smart devices (computers, smartphones) is dramatically increasing leading to a huge amount of
Read More
Article

Creating your Own Simple Exploit Module for a Remote Code Execution in Web Apps

To all readers, a zip file containing the code used in the article can also be downloaded here: [download][pkadzone zone="main_top"] MSF is one of the most p
Read More
Article

Spear phishing: Real life examples

Spear phishing is a more selective and effective scheme than traditional phishing plots. This technique has raised e-scams to a new level and has lately beco
Read More
Article

IoT Security Awareness

The world of interconnected "smart" devices is here. Seizing the opportunity for Internet of Things (IoT) devices are manufacturers, retailers in consumer el
Read More
Article

BlackEnergy Used as a Cyber Weapon Against Ukrainian Critical Infrastructure

Introduction Recently the researchers at ESET firm spotted a new wave of malware-based attacks that are targeting media outlets and energy companies in Ukrai
Read More
Article

Cracking Damn Insecure and Vulnerable App (DIVA) – part 3:

In the first two articles we have seen the solutions for the first 6 challenges in DIVA. In this article we will discuss the "Input Validation Issues" in DIV
Read More
Article

A Case Study of Information Stealers: Part II

Introduction: In the second part of this analysis, we will be exploring how Pony steals data and how it sends it to the C&C server. We are equally intere
Read More
Article

Cellphone Surveillance: The Secret Arsenal

StingRay and the cellphone surveillance In a previous post, I detailed the technologies used to track mobile devices, with a specific reference to the StingR
Read More
Article

Cracking Damn Insecure and Vulnerable App (DIVA) – Part 2:

In the previous article, we have seen the solutions for the first two challenges. In this article we will discuss the insecure data storage vulnerabilities i
Read More
Article

Cracking damn insecure and vulnerable app (DIVA) : Part 1

What is DIVA? DIVA is a vulnerable Android application. According to their official website, "DIVA (Damn insecure and vulnerable App) is an App intentionall
Read More
Article

A Beginner’s Guide to Setting Up an SNMP Pentest Lab Using Vyos and Pfsense

SNMP often provides a great deal of information during the information gathering phase of a penetration test. It is often seen that SNMP protocol is commonly
Read More
Article

Domain-Based Message Authentication Reporting and Conformance

Domain-based message authentication reporting and conformance, also known as DMARC, is a set up created by a group of organizations, having the objective to
Read More
Article

2016 Cyber Security Predictions: From Extortion to Nation-state Attacks

Introduction Here we are, once again, to discuss the current cyber threat landscape, trying to predict possible evolutions of the menaces for the next year.
Read More