Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Exploiting CVE-2015-8562 (A New Joomla! RCE)

Introduction: A critical remote code execution(RCE) vulnerability was discovered in Joomla! websites. This is making a lot of noise because of the following
Read More
Article

Application architecture review

Application architecture review can be defined as reviewing the current security controls in the application architecture. This helps a user to identify pote
Read More
Article

Attacking WPA2 enterprise

The widespread use of mobile and portable devices in the enterprise environment requires a proper implementation of the wireless network infrastructure to pr
Read More
Article

Oil and Gas Cyber Security – Interview

In the recent presentation at BlackHat, you mentioned that oil and gas is one of the industries most plagued by cyber-attacks. What makes oil and gas an attr
Read More
Article

When Basic Security Training MIGHT Be Enough

When there are people who still open attachments willy-nilly, who click on links with reckless abandon and who let their guard down even though legitimate-lo
Read More
Article

Why Throwing Away Your Old Boarding Pass is so Risky

Don't throw away your old boarding pass It's the holiday season and probably most of you will travel during the Christmas time. For this reason, I decided to
Read More
Article

Attacks on Hotel Wi-Fi Networks

1. Introduction Wi-Fi (Wireless Network LAN) is a widespread wireless networking technology that is used in various public places (e.g., coffee shops, librar
Read More
Article

Is Safe Harbor 2.0 Another Tug of War between Privacy and Security?

What led to the Safe Harbor's Demise? In Schrems v. Data Protection Commissioner, the Court of Justice of the European Union (also known as CJEU or ECJ) held
Read More
Article

Budgeting for Security Awareness: Who - What - When - Where - Why - How much

1. Introduction The actions and/or inactions by members of an organization who lack security awareness can lead to various security incidents, such as provid
Read More
Article

Securing Your WordPress Admin Panel

Today, anyone can create their own website with tools such as WordPress, Joomla or Drupal. However, many people suffer when they do not take precautions to s
Read More
Article

Reversing the Pony Trojan part II

Pony is a stealer Trojan and has been active for quite a while now. It was responsible for stealing over $200,000 in bitcoins ( https://threatpost.com/latest
Read More
Article

Security vulnerabilities of voice recognition technologies

An increasing number of devices nowadays use voice recognition technologies for performing commands, allowing access to stored information, and transcribing
Read More
Article

XML Secure Coding

ABSTRACT The XML (Extensible markup language) is a buzzword over the internet, rapidly maturing technology with powerful real world application, especially f
Read More
Article

A Case Study of Information Stealers: Part I

Introduction: A stealer is a type of malware that looks for passwords stored on the machine and sends them remotely (e.g. mail, HTTP) to an attacker. Most st
Read More
Article

Introduction to SAP

I decided to start a new series of articles, "SAP Security for beginners". Everyone who is already into security, but wants to know more about SAP Security i
Read More
Article

Security Challenges in the Internet of Things (IoT)

The Global State of Information Security® Survey 2015 issued by PricewaterhouseCoopers comes to the conclusion that about 70% of connected IoT devices lack f
Read More
Article

Will IoT Security Awareness Protect Me From My Toaster?

Introduction The paradigm of the Internet of Things devices is rapidly transforming our relationship with technology. The diffusion of smart objects is capil
Read More
Article

Malware researcher’s handbook (demystifying PE file)

(For the Introduction, click here) PE file Portable executable file format is a type of format that is used in Windows (both x86 and x64). As per Wikipe
Read More
Article

When Your CEO Won’t Take Security Awareness Training

CEOs are often the busiest people in any organization. As security professionals, we should respect that: but what can we do when our CEO won't take securit
Read More
Article

What Is SIEM?

A SIEM (security information and event management) is a software solution that normalizes, filters, correlates, assembles, and centrally manages other operat
Read More
Article

Reversing the Pony Trojan Part I

Pony is a stealer Trojan and has been active for quite a while now. It was responsible for stealing over $200,000 in bitcoins ( https://threatpost.com/latest
Read More
Article

Security Vulnerabilities in Cloud Applications

Introduction There are a number of cloud-based applications that we use every day, without even thinking about it; the email service, search engines, website
Read More
Article

The Cybersecurity Information Sharing Act of 2015 (CISA): Is It the Right Answer?

In attempt to further cybersecurity efforts for the nation, a brand new cybersecurity bill, the S. 754, has just been discussed: the Cybersecurity Informatio
Read More
Article

Nishang: A Post-Exploitation Framework

I was recently doing an external penetration test for one of our clients, where I got shell access to Windows Server 2012(Internal WebServer sitting behind a
Read More