Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Fixing CSRF vulnerability in PHP applications

Cross Site Request Forgery or CSRF is one of top 10 OWASP vulnerabilities. It exploits the website's trust on the browser. This vulnerability harms users' an
Read More
Article

Linux Kernel Development Process

Introduction When I was listening to the question and answer session at LinuxCon, there was some interesting discussion going on: some of the latest news inf
Read More
Article

Windows systems and artifacts in digital forensics, part I: registry

Learning about artifacts in Windows is crucial for digital forensics examiners, as Windows accounts for most of the traffic in the world (91.8 of traffic com
Read More
Article

IOS Application Security Part 18 - Detecting custom signatures with Introspy

In the previous article, we looked at how we can use Introspy for Black-box assessment of IOS applications. In this article, we will look at how we can use I
Read More
Article

Social engineering: A hacking story

In this article I am going to discuss social engineering attacks, starting with the questions: "What is social engineering?" and "What are the types of these
Read More
Article

Patching .NET Binary Code with CFF Explorer

Abstract The purpose of this article is to show how to bypass various security checks by modifying binary code directly, rather than source code, through th
Read More
Article

Conditional Complexity of Risk Models

Introduction "Conditional complexity" (also called cyclomatic complexity) is a term used to measure the complexity of software. The term refers to the numbe
Read More
Article

Backup Media Encryption

The problem Information Security is like a chain: it is only as strong as its weakest link. You can protect your network with expensive firewalls, use audit
Read More
Article

Web services penetration testing part 1

Web application security is quite popular among the pen testers. So organizations, developers and pen testers treat web applications as a primary attack vect
Read More
Article

Hacking Satellites … Look Up to the Sky

Introduction Satellites have assumed a crucial role in our contemporary society; they are used in both private and public sectors for numerous purposes, from
Read More
Article

Peeping the Social media

1. Synopsis Nowadays it is hard to find a person who doesn't sign in to any social medium at least once a week by using gadgets like a smartphone, tablet, or
Read More
Article

IOS Application Security Part 17 - Black-box assessment of IOS Applications using Introspy

In this article, we will look at how we can use Introspy for Black-box assessment of IOS applications. Introspy is developed by ISEC partners and its github
Read More
Article

Protect Data by Preventing Insecure Cryptographic Storage

Daily, we read news about hacking and data leaks. Hackers are really active these days. So, it is our responsibility to prevent them in getting unauthorized
Read More
Article

System address map initialization in x86/x64 architecture part 1: PCI-based systems

This article serves as a clarification about the PCI expansion ROM address mapping, which was not sufficiently covered in my "Malicious PCI Expansion ROM" ar
Read More
Article

Email encryption: Mailvelope

Between constant password breaches and the NSA looking in on everything you do, you've probably got privacy on the mind lately. If you're looking for a litt
Read More
Article

Online dictionary attack with Hydra

When an attacker wants to learn credentials for an online system, he can use brute force or a dictionary attack. This article introduces these two types of a
Read More
Article

Penetration testing of web services with CGI support

This article shows hands-on penetration testing using an Apache server with CGI access; it identifies some vulnerabilities and performs exploits attacking th
Read More
Article

OSINT (Open-Source Intelligence)

With an estimated 80% of required information available for use in an open source for specific information vital for a deep analysis in newspapers, magazines
Read More
Article

Phishing with Data URI

Phishing Phishing is a method of e-mail fraud that is used to gather personal and financial information from the recipients. According to Wikipedia, phishing
Read More
Article

WSUS (Windows Server Update Services)

Introduction Windows Server Update Services (WSUS) can be used to manage the deployment of the latest Microsoft Windows operating system updates. When usi
Read More
Article

XKeyscore: NSA’s Surveillance Program

Introduction The former contractor for NSA, Edward Snowden, became famous for revealing PRISM, a confidential mass surveillance program run by the U.S. agen
Read More
Article

IOS Application Security Part 16 - Runtime Analysis of IOS Applications using iNalyzer

In the previous article, we looked at how we can perform static analysis of IOS Applications using iNalyzer. In this article, we will look at how we can use
Read More
Article

The Hunt for Memory Malware

Memory forensic is a skill to find out all the artifacts in the memory that is present in the running computer. It is an interesting method to find out what
Read More
Article

Using Hashes in Computer Security

1. Introduction Hashes are often used in computer security. This article presents how data integrity, authenticated data integrity and non-repudiation can
Read More