Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Gauss: Between technology and politics

Introduction The purpose of this work is to present the reader research of the Gauss malware platform as one of the ultimate nation-state cyber exploitation
Read More
Article

IOS Application security Part 2 - Getting class information of IOS apps

Introduction Have you ever checked out an IOS app and thought it was cool, and wondered if you could find some information about the source code of the app,
Read More
Article

Portable Malware Lab for Beginners

With the ever increasing cases of malware, many of the youngsters are switching over to analyzing malwares and its various aspects. A simple search in Google
Read More
Article

How to profit illegally from Bitcoin … cybercrime and much more

The interest in Bitcoin, one of the most popular currency schemas is high, financial world, small savers, merchants and of course, cyber-criminals observing
Read More
Article

Cyber Weapon of Mass Destruction- The Blackhole Exploit Kit

Recent security advisories reveal that the web exploit kits like the Blackhole Exploit Kit are responsible for the vast majority of web attacks and malware i
Read More
Article

Search engine hacking – Manual and automation

We are all aware of Google/Yahoo/Bing Search engines; they need no introduction. We use them every now and then to solve our day-to-day queries. [pkadzone
Read More
Article

Google Hacking – For fun and profit - I

Google has been used ever since its beginning to find answers for most if not all of our questions from the beginning of the universe to even finding cure fo
Read More
Article

Google Hacking: The hidden face of Google

No need for an introduction, Google is quite possibly the more powerful search engine used today, even used sometimes to check our connectivity; except that
Read More
Article

GhostNet - Part II

Behind the GhostNet notion stands an entire international worldwide network of infected computers belonging to places having high political, economic, media,
Read More
Article

IOS application security Part 1 - Setting up a mobile pentesting platform

In this article series, we will be learning about the tools and techniques required to perform penetration testing and Vulnerability assessment on IOS Applic
Read More
Article

Windows Authentication: Dot NET Security Part 2

Introduction The .NET framework caters to different types of authentication mechanisms to use within your applications - —including basic authentication, di
Read More
Article

Botnets and Cybercrime – Botnets hunting – Part 3

Botnets and cybercrime – Introduction can be found here Botnets, how do they work? Architectures and case studies – Part 2 can be found here Introduction Sec
Read More
Article

Phishing Techniques: Similarities, Differences, and Trends: Part III: Vishing

For Part I, which discusses Mass Phishing and which sets the objects of examination in this paper, please check here. For Part II, which discusses Targeted P
Read More
Article

GhostNet - Part I

Introduction Several years after the revelation of GhostNet, a massive case of cyber exploitation directed mostly against the Tibetan community, in terms of
Read More
Article

The Import Directory: Part 1

We know that when the operating system loads the executable, it will scan through its IAT table to locate the DLLs and functions the executable is using. Thi
Read More
Article

Cracked Web Applications Leak Credentials and Data

If you've been paying attention to vulnerabilities in web applications, you've certainly heard of attacks involving SQL injections, cross-site scripting, and
Read More
Article

Running Metasploitable2 on virtualBox

Metasploitable is a Linux-based vulnerable virtual machine. It is designed especially for people interested in learning system exploitation. Rapid7 maintains
Read More
Article

Botnets, how do they work? Architectures and case studies – Part 2

In the first part of this of this mini-series on the botnet cyber threat, we have shown the current scenario and the technological evolution in security land
Read More
Article

Snort Rule Writing for the IT Professional: Part 3

Welcome back to my continuing series of articles on Snort rule writing. My first couple of installments in this series addressed some very simple rules in o
Read More
Article

Software Patent Law: EU, New Zealand, and the US compared

1. Introduction A patent is defined as an exclusive right or rights provided by a government to an inventor for a certain period of time in exchange for the
Read More
Article

Massive Vulnerability CVE-2013-0027 Owns/Strikes Internet Explorer 6 to 10

The recent major vulnerability CVE-2013-0027 flooded almost all versions of Microsoft Internet Explorer and affected operating systems like Windows XP, Vista
Read More
Article

The export directory

Example of the export directory Let's take a look at a simple example to understand how the export directory is used by the executables/libraries. Let's sup
Read More
Article

Phishing and social engineering techniques

Internet usage is growing dramatically, but the vast majority of internet users don't have any security backgrounds. Neither do a large majority of companies
Read More
Article

Android Forensics

The article tries to cover various Android forensic techniques that can be helpful in a variety of situations. The techniques or discussions below can be eit
Read More