Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

IDA Functions

Ida is a very good disassembler and its automatic analysis upon loading the executable is quite intense and useful, but nevertheless, it can't always be righ
Read More
Article

Identity Theft: The Means, Methods and Recourse

Introduction Identity theft occurs when a person uses the identity of another person with the intent to obtain benefits illegally. The victim of the identity
Read More
Article

Hide your Online Identity with Whonix

The primary reason for writing this is to educate journalists and investigators who want to fight crime anonymously. However, the contents of this article ca
Read More
Article

Fun with email headers

Email is still, to this day, the most used method of online communication. Even though many people predicted email would eventually get replaced by instant m
Read More
Article

IDA: Cross references / Xrefs

Cross references can help us determine where certain functions were called from, which can be useful for a number of reasons. Let's say that we found the fun
Read More
Article

Interview: CEO Mark Aiello of The Revolution Group

[caption id="attachment_14278" align="alignleft" width="169"] Mark Aiello[/caption] secureRevGroup, a Wakefield, Massachusetts-based information security pro
Read More
Article

Differences between the privacy laws in the EU and the US

Everything we do in the Internet leaves digital fingerprints. Therefore, it is only logical that many web users are worried about the issue of privacy. Their
Read More
Article

Leveraging the command line for windows: malware analysis and forensics. Part I

cmd.exe - Leveraging the command line for windows: malware analysis and forensics. Part I Abstract : The command prompt for windows is a dark horse of sort
Read More
Article

NMAP Scripting Engine and Categories

1. Introduction We all know what Nmap is and what we can do with it, but for those of you who don't, here's a short overview. Nmap is an open source security
Read More
Article

Demystifying dot NET reverse engineering: Introducing Round-trip engineering

Introduction After covering the basics of dot NET reverse engineering in first articles (refer to the references), it's time to go more in depth of the dot
Read More
Article

What is an SQL Injection? SQL Injections: An Introduction

New SQL Injection Lab! Skillset Labs walk you through infosec tutorials, step-by-step, with over 30 hands-on penetration testing
Read More
Article

Forensic Artifact: Malware Analysis in Windows 8

Windows is the most used operating system worldwide. I have met a lot of IT guys in my country and also other computer elites. My discovery was that 90 perc
Read More
Article

Hello world: C, assembly, object file and executable

Summary: In this article we'll take a look at the C program that prints "Hello World!" to the screen, which we'll assemble and compile. Then we'll compare th
Read More
Article

Burp Suite tutorial: Session handling mechanisms

Web applications, nowadays, handle sessions and state by implementing session expiration and sessionid lifecycle in a more secure manner to avoid security is
Read More
Article

Reverse Engineering a Malicious Word Document

In this post, I am going to explain in detail how to go about reversing an exploit with which one can easily insert his/her own payload, providing an exploit
Read More
Article

A prototype model for web application fingerprinting: w3 scrape

Introduction: Web application fingerprinting is one of the most important aspects of the information gathering phase of ethical hacking. This allows us to n
Read More
Article

Domain name parking of gTLDs

Introduction Over the past ten years, there has been a steady increase in the number of generic top-level domain names (gTLD). As a result, people can curre
Read More
Article

Importance of a BYOD Policy for Companies

[highlight color="blue"]Interested in formal iPhone forensics training? Check out our 3 day iPhone and iOS forensics course now available. [/highlight] Intro
Read More
Article

Virtual Honeypots

At the beginning of this series of tutorials, I would like to note one thing: All the activities that we usually take to increase the security of information
Read More
Article

PHP Session ID’s – The Risks

In today's article I want to address a very important topic. Namely, I want to talk about PHP session security. I know and understand that this is a very bro
Read More
Article

Sniffing Network Traffic on Android

Introduction There has been a lot of talk about how to connect your laptop though the Android network and use the bandwidth that you're already paying for. U
Read More
Article

Handy Devices Revolution: Handy Pentesting and Hacking Part III

And now is the time for the third article of the Handy Devices Revolution series! In the second article we talked about Arduino and Power Pwn; this time we w
Read More
Article

Cyberterrorism Defined (as distinct from “Cybercrime”)

Introduction Technology is developing at an extremely vigorous pace over the last couple of decades. There are many unknown terms that come along with this
Read More
Article

Mobile Security – Basic Challenges

[highlight color="blue"]Interested in formal iPhone forensics training? Check out our 3 day iPhone and iOS forensics course now available. [/highlight] "Dat
Read More