Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Jus in Cyber Bello: How the Law of Armed Conflict Regulates Cyber Attacks Part II

Prohibition of Perfidy Article 37 of AP I - Prohibition of perfidy[pkadzone zone="main_top"] 1. It is prohibited to kill, injure or capture an adversary by
Read More
Article

ASP.NET Website Optimization

Writing optimized website code is considered to be one the most complicated tasks. Hence, this paper explores amazing server side configuration techniques an
Read More
Article

Putting Unstructured Data Into Context: What the Cosmos Can Teach Us About Unstructured Data

How is it that something can be so incredibly large and minutely small at the same time? If you're as fascinated by natural science as I am, then you're like
Read More
Article

Cyber Threats against the Aviation Industry

Introduction The recent incident to the Malaysia Airlines Flight MH370 is fueling the discussion of whether would be possible to hack into an airplane and ga
Read More
Article

8570 Certification and the Way Ahead to 8140 Certification

Background on DoD 8570 Before certifications, the only measurement of someone knowing what they said they know was through an educational degree or an impres
Read More
Article

What Good is Tor?

To the uninitiated, Tor, formerly known as The Onion Router, is probably the most popular proxy network for internet anonmyzing. It's called an onion router
Read More
Article

Cookies with HttpOnly Flag: Problem in Some Browsers

1. Introduction When a cookie has HttpOnly flag set, then JavaScript cannot read it in case of XSS exploitation. This is actually the reason why HttpOnly fla
Read More
Article

3 Cyber Threats, One Simple Solution

Vulnerability management has become a huge challenge in today's malicious cyberspace. SQL Injections, Cross Site Scripting and DDoS Attacks are arguably the
Read More
Article

Hunting Session Fixation Bugs

Improper handling of session variables in asp.NET websites is considered a serious threat and opens various doors to malicious hackers. For instance, a sessi
Read More
Article

CompTIA Security+ SY0-401 vs. SY0-301 Changes [DECOMMISSIONED ARTICLE]

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Read More
Article

Server Side Includes (SSI) injection

Injection is a high-category vulnerability in web applications. Attackers and security auditors alike always try to find the kind of vulnerabilities which al
Read More
Article

SkypeFreak: A Cross-Platform Skype Forensic tool

This is a small tool that can be used to investigate Skype user accounts stored in your PC. First of all, let's learn how to investigate data manually. This
Read More
Article

Can My JavaScript Access Your Page Elements?

We all know that by using JavaScript you can do many things, for example read elements on a page, analyze the DOM, etc. Now assume that you logged into faceb
Read More
Article

Android hacking and security, part 1: Exploiting and securing application components

Mobile Application Security is one of the hottest segments in the security world, as security is really a big concern with growing mobile applications. In
Read More
Article

Information Security Policy For SME

Information security (IS) is a critical part of any small scale company and a big enterprise, and a challenge for any firm. Information security involves ver
Read More
Article

Exploiting by information disclosure, part 1

Information disclosure is considered to be a serious threat, wherein an application reveals too much sensitive information, such as mechanical details of the
Read More
Article

iOS Application Security Part 32 - Automating tasks with iOS Reverse Engineering Toolkit (iRET)

While doing security audit of iOS apps, there are a lot of tasks that we have to repeat every time. This includes finding out the class information for the a
Read More
Article

NJVC and InfoSec Institute Partner to Provide Cyber Security Training Services

CHANTILLY, Va., March 18, 2014— NJVC®, an information technology solutions provider headquartered in northern Virginia,  and InfoSec Institute, an informatio
Read More
Article

From Turbine to Quantum: Implants in the Arsenal of the NSA

Introduction The revelations of Edward Snowden totally changed our perception of NSA cyber capabilities. Day by day, the IT security community is reading abo
Read More
Article

Vulnerable Encoded URL

This paper especially pinpoints the poor practice of cryptography in URL, which is typically implemented to encrypt sensitive data residing in the website UR
Read More
Article

Hooking the System Service Dispatch Table (SSDT)

Introduction In this article we'll present how we can hook the System Service Dispatch Table, but first we have to establish what the SSDT actually is and ho
Read More
Article

Hooking System Calls Through MSRs

Download the code associated with this article by filling out the the form below.  In this article we presented the details of using sysenter instruction to
Read More
Article

Hooking IDT

Download the code associated with this article by filling out the the form below.  Once we've already gained access to the system, we can use various post
Read More
Article

IOS Application Security Part 31 - The problem with using third party libraries for securing your apps

In this article, we will talk about why we shouldn't completely rely on using third party libraries for securing our apps. Usually, some of the things we try
Read More