Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

"Frictionless Sharing": Browser History Leaked into the Cloud

I don't want this article to be alarming, and its purpose is not to make you deactivate / delete your Facebook account or make you stop all your social onlin
Read More
Article

Snort Rule Writing for the IT professional: Part 2

Welcome back to my series on Snort rule writing. In my first installment, we covered the basic syntax of a simple rule. We established the fundamental fra
Read More
Article

Protected Mode and the IDT

Introduction The MSDOS system uses IVT (Interrupt Vector Table) to hold the interrupt vectors that are called whenever some action occurs: like an interrupt
Read More
Article

SQLNuke - Simple but fast MySQL Injection load_file() Fuzzer

New SQL Injection Lab! Skillset Labs walk you through infosec tutorials, step-by-step, with over 30 hands-on penetration testing labs available for FR
Read More
Article

Windows Architecture and User/Kernel Mode

Introduction Each process started on x86 version of Windows uses a flat memory model that ranges from 0x00000000 – 0xFFFFFFFF. The lower half of the memory,
Read More
Article

TeamSpy, Miniduke, Red October, and Flame: Analyzing Principal Cyber Espionage Campaigns

Even a layman would notice that cyberspace is in full storm; different entities are increasing malicious activities pursuing various purposes, and cyber espi
Read More
Article

Unit 61398: Chinese Cyber-Espionage and the Advanced Persistent Threat

In the world of computer security, the concept of an "Advanced Persistant Threat" has garnered a great deal of publicity recently. Commonly referred to by th
Read More
Article

Importance of security in mobile platforms

Introduction In this period, security firms are publishing detailed reports on analysis conducted on principal cyber threats detected in 2012, the results pr
Read More
Article

Handling Memory in Protected Mode

Introduction In the past, systems such as MSDOS used the real mode, and it had no protections against accessing any memory address. Programs then were able t
Read More
Article

Visual Studio 2010 Basics

Introduction This article will demonstrate the development life cycle for various .NET framework applications,for instance, executables, console application
Read More
Article

Translating virtual to physical address on Windows: physical addresses

Getting the physical address manually So far we've figured that the virtual address is the same as linear address, so in the next part of the article we can
Read More
Article

The cyber exploitation life cycle

For the purposes of this article, the term "cyber exploitation" will represent all the subversive activities that include interstate "breaking and entering"
Read More
Article

Which weapon should I choose for Web Penetration Testing? 3.0

Introduction So here we are on the third edition of "Which weapon should I choose for Web Penetration Testing?" For this edition, I am going to take a walk t
Read More
Article

What is behind that QR code?

With the huge popularity in mobile devices like the smartphone and tablets, two dimensional barcodes, or the so-called QR codes are beloved by marketers. QR
Read More
Article

Translating Virtual to Physical Address on Windows: Segmentation

Introduction In this tutorial, we'll go over the process of translating a virtual address to physical address the way a processor does it. To begin, let's p
Read More
Article

Pimp my Chrome

You might be wondering about the title. Let me tell that you shall have your answer by the end of this story. Hacking has been considered as a mysterious ac
Read More
Article

Anti-memory dumping techniques

The term "Memory Dumping" in reverse-engineering is essentially a process of taking a snapshot of the executable. Taking a snapshot means capturing the st
Read More
Article

Mobile working – prepare for the worst, deal with the fallout

What if, either from misuse or loss of your organization's mobile technology, your organization's information is compromised? What if, in spite of all the co
Read More
Article

Web Services

Introduction Software developers have struggled to create software components that can be called remotely over local networks and the Internet. In this proc
Read More
Article

Logging Keystrokes with MSDOS: Part 1

Introduction In the previous article, we saw how we can compile the source code to a 16-bit binary executable, create an iso image with the executable stored
Read More
Article

The IA-32 Real Mode and Interrupts

Introduction We all know that the IA-32 processors have two modes of operation: real mode and protected mode. But why would we want to talk about real mode?
Read More
Article

Hacking java applications using JavaSnoop

We are all aware of tools like Burp, Paros, WebInspect, etc… for intercepting web-based traffic and also for automating the security testing process. However
Read More
Article

Exception Handling

Introduction C# and the .NET CLR use exceptions to indicate that an error condition has occurred during program execution. C# programs are under constant th
Read More
Article

MSDOS and the Interrupt Vector Table (IVT)

Introduction Upon booting up MSDOS, we can observe the memory using the "mem /d /p" command, which will show us exactly which part of memory is used by th
Read More