Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Beyond password length and complexity

(or "Why PCI-DSS-Compliant Passwords Aren't Enough" or "PCI-DSS-Compliant Password Analysis Reveals One-Quarter Still Trivially Compromisable") Thanks t
Read More
Article

HIDS—A Simplified Design Construct

This article will briefly discuss the host-based intrusion detection system (HIDS) and an abstract approach that can be used to design an application firewal
Read More
Article

Coding of Disassembler

We have practiced much disassembling by using assembly de-compilation tools such as Reflector, ILSpy, etc. Although such tools offer many advantages and are
Read More
Article

SCA, For a Secure SDLC

Today's cyberspace has become a dangerous place for individuals and businesses. Vulnerabilities are exploited using sophisticated malware and complex hacking
Read More
Article

OSSEC

Introduction In this article we'll present the open source host-based intrusion detection system, which is needed if we would like to detect host-based attac
Read More
Article

Cloud Forensics: An Overview

Introduction When discussing cloud forensics, we're actually talking about the intersection between cloud computing and network forensic analysis. Cloud comp
Read More
Article

QEMU Windows Guest: Bridged Networking

Bridged networking can be used when we want our guest virtual machine to get the IP address from our router and be able to see the host and all other machine
Read More
Article

QEMU Windows Guest: Networking

There are different kind of backend networks that we can use with QEMU. In order to specify the backend network, we need to use the -netdev command-line opti
Read More
Article

Forensic Investigation on Windows Machines

Digital forensics is the process of identifying and collecting digital evidence from any medium, while preserving its integrity for examination and reporting
Read More
Article

QEMU Windows Guest: Installing the Operating System

Now that we've created the image for our guest, we must continue with installing the operating system on it. In Virtualbox/VMWare, we usually select the CD-R
Read More
Article

Security Predictions for 2014

As the year 2013 draws to a close, we decided to make some predictions for the most popular Security Trends in 2014. Here is what we think are the major poin
Read More
Article

Adobe CQ Pentesting Guide – Part 1

This post deals with the step-by-step security testing guidelines for Adobe CQ installation. Adobe CQ is Adobe's new Web Experience Management software portf
Read More
Article

Securing Your Java Code 2

For Part 3 [pkadzone zone="main_top"] SQL Injection SQL injection occurs when a user sends malicious data to an interpreter as an SQL query. The a
Read More
Article

Vulnerability Scanning with Metasploit: Part II

In the previous article, we learned how to perform a network vulnerability assessment by using the OpenVAS plug-in. In this continuation, we will see how to
Read More
Article

The Mechanics of Metasploit

Metasploit is exquisitely prevalent amongst penetration testers and especially hackers because it makes it very easy to develop and launch exploits for softw
Read More
Article

Business Continuity & Disaster Recovery

Business Continuity Within a business continuity plan exists a few steps: Business Impact Analysis (BIA) This involves determining the operational and f
Read More
Article

Steganography and Steganalysis: Common Image Formats and LSB Part 2

JPEG One of the most common image formats is JPEG. It surely deserves a particular discussion, and, in addition, it's very frequently used as Cover Media, in
Read More
Article

IOS Application Security Part 26 - Patching IOS Applications using IDA Pro and Hex Fiend

In the previous applications we have looked at how we can hijack method implementations during runtime using Cycript, and even change the logic of the code r
Read More
Article

Unordinary Predictions for Information Security in 2014

Introduction The year is closing and it's time for prediction of the evolution of the security landscape in 2014. It's easy to predict an increase in the vol
Read More
Article

Steganography and Steganalysis: Common Image Formats and LSB

Part 1: Introduction The information revolution, which resulted in the Internet and in modern communication technologies, has pushed our society more and mor
Read More
Article

Legality of DDoS: Criminal Deed vs. Act of Civil Disobedience

Introduction This article was inspired by two factors: 1) the petition filed by Anonymous on the White House's We the People website in the beginning of 2013
Read More
Article

Firewall Unleashed

Introduction Firewalls are used to control the inbound and outbound traffic on a protected network. They have an ability to block and allow the internal as w
Read More
Article

Android Application Penetration Testing: Setting up, Certificate Installation and GoatDroid Installation

To begin with mobile application penetration testing on the Android platform, we have multiple tools available that can be easily downloaded and installed to
Read More
Article

Vulnerability Scanning with Metasploit Part I

Metasploit Framework, the Metasploit Project's best-known creation, is a software platform for developing, testing, and executing exploits. It can be used to
Read More