Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Security+ Study Guide: Domain 1.0 - Network Security

For many years, IT and Security were not usually on speaking terms:  IT’s primary responsibility was to just get everything to work, and if it wasn’t to best
Read More
Article

The Pitfalls of Client-Side Authentication: Solutions to Net-Force JavaScript CTF challenges

Client-side authentication is when authentication checks are performed completely at users' side. The idea is that the authentication procedures, methods, or
Read More
Article

Interview: Cortney Thompson, Chief Technology Officer at Green House Data

Cortney Thompson is the Chief Technology Officer at Green House Data leading the strategic direction of the company's cloud hosting and colocation facilities
Read More
Article

Bypassing Jailbreak Detection Using Xcon

In this small article, we will look at a very handful utility named Xcon for bypassing Jailbreak detection. As per the wiki page ... xCon is a collaborative
Read More
Article

The seven steps of a successful cyber attack

Advanced cyber attacks can now nest inside a network for more than 200 days on average before being discovered. In the infamous Sony Pictures breach, the hac
Read More
Article

Sharkfest 2014 Part II

In the first part of our article, we solved the first three challenges, so in this article we will continue with rest of the challenges. CHALLENGE #4: Browsi
Read More
Article

Build A Simple Cloud Using the Open Hardware Technology

Abstract Data storage has become a critical problem that facing computer scientists. Not only is it the huge amount of data; it is also also the problem of s
Read More
Article

Reverse Engineering of Embedded Devices

Introduction This article is for colleagues who are interested in studying the reverse engineering of embedded devices starting from the introduction of equi
Read More
Article

Cyber Threat Assessment Template For Special Forces

The growing number of cyber threats highlight the risks that US critical infrastructure and Special Forces face. Once considered weak in nature compared to o
Read More
Article

Insider vs. outsider threats: Identify and prevent

In my last article, we discussed on a step-by-step approach on APT attacks. The origin of any kind of cyber-attack is through an external or an internal sour
Read More
Article

Interview: Chris Steel, Chief Solutions Architect at Software AG Government Solutions, Inc.

Chris Steel is the Chief Solutions Architect at Software AG Government Solutions, Inc., a leading software provider for the US federal government. The compan
Read More
Article

Asprox / Kuluoz Botnet Analysis

Introduction Kuluoz, aka Asprox, is a spam botnet that emerged in 2007. It has been known for sending mass of phishing emails used in conjunction with social
Read More
Article

APT28: Cybercrime or State-sponsored Hacking?

Once upon the APT28 In October of 2014, the security firm FireEye published a report that revealed the existence of a group of Russian hackers, dubbed APT28,
Read More
Article

Case Study: Evading Automated Sandbox - Python PoC

Introduction With the increasing of Sandbox technology usage, every penetration tester should be prepared to face it one day. While a plenty of Pentest tools
Read More
Article

Windows Functions in Malware Analysis - Cheat Sheet - Part 2

In the Part 1 of the series, we discuss about windows functions that analysts commonly encounter during malware analysis. In this part, we will conclude the
Read More
Article

ELF File Format

Executable and Linking Format (ELF) is the object format used in UNIX-like operating systems. This post introduces the ELF file format in the big picture of
Read More
Article

Dealing with bad characters & JMP instruction

So far, in previous articles, we have learnt how to develop our own working exploit for the Echo Server program; we used two different payloads with the expl
Read More
Article

15 + Modules for Making Your Drupal Website Secure

Drupal is the popular open-source content management system written in PHP. Although it only powers around 2.5% websites on the web, but it is still importan
Read More
Article

How to Prevent a Domain Name Theft

1. Introduction The domain names may cost far more than a real estate. For instance, Facebook paid USD 8.5 million to buy fb.com. The high prices of the doma
Read More
Article

Interview: J. Wolfgang Goerlich, Cyber Security Strategist for Creative Breakthrough

J. Wolfgang Goerlich is an influential leader and IT management executive with the ability to act as a cultural change agent, driving security initiatives an
Read More
Article

iOS Application Security Part 42 - LLDB Usage continued

In this article, we will look at some of the most important commands in LLDB to debug applications. If you have been following this blog series, you would ha
Read More
Article

Windows functions in malware analysis - cheat sheet - Part 1

In this article, we will learn briefly about the various windows functions commonly encountered by malware analysts. Windows functions Accept: This fun
Read More
Article

Introducing IDA scripting

IDC scripting language is used by IDA disassemblers to programmatically manipulate data assembly and parameter in the loaded IDB database file. Script can ma
Read More
Article

The Basics with Node.js Examples

Introduction Public-facing APIs have tremendously increased in the last couple of years. Businesses have seen that sharing their business data with the publi
Read More