Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Playing by the Rules: Performing Firewall Audits

Anyone who has ever managed a firewall will know that all too often it's a one way street. From the moment the device is plugged into the network, rules are
Read More
Article

Protect Your Wireless Network from Leechers and Hackers

Nowadays pretty much everyone uses wireless networking from your smart phone to your home and/or business networks. There are many security issues with wirel
Read More
Article

IObit Protected Folder Authentication Bypass

Acknowledgements I would like to dedicate this article to all my friends, they know who they are, and to Irene, for her love and support.[pkadzone zone="main
Read More
Article

Metadata: The Hidden Treasure

In today's Information age, Data is very crucial for every organization. From Information security point of view also data is what everybody is behind, be it
Read More
Article

Chapter 7: The role of cryptography in information security

After its human resources, information is an organization's most important asset. As we have seen in previous chapters, security and risk management is data
Read More
Article

Vulnerability Scanners

Security of a website is very crucial thing for any organization or for personal websites. It's always advised to check the security of the website because i
Read More
Article

Social Media Security

Excerpted from Securing the Clicks: Network Security in the Age of Social Media by Gary Bahadur, Jason Inasi, Alex de Carvalho (McGraw-Hill; 2012) with per
Read More
Article

WebInspect

With the exponential increase in internet usage, companies around the world are now obsessed about having a web application of their own which would provide
Read More
Article

Traffic Anomaly Detection – TCP and DNS

Ever since the computer and the critical data it holds came into headlines, so did the malicious programs, attacks and the threat landscape. We have thousand
Read More
Article

Defending yourself from Google hackers

Before looking how we can prevent ourselves from Google hackers, let's see what Google hacking is. Google Hacking: [pkadzone zone="main_top"] [pkadzone zone=
Read More
Article

w3af walkthrough and tutorial part 4 - w3af tools, profiles and scripting

This is part 4 in a series. Part 1 is available here:w3af Tutorial Part 1 Part 2 is available here:Discovery and Audit plugins Part 3 is available here: Rema
Read More
Article

Firewall Security Testing

Testing firewall and IDS rules is a regular part of penetration testing or security auditing. However, because of the unique complexity involved of different
Read More
Article

Man in the Browser Attack vs. Two Factor Authentication

Authentication or E-authentication (Electronic authentication) is the way, technique, and method to establish a connection between two entities. This connect
Read More
Article

Understanding the Origins of the China - Philippine Cyber War

For many years, there has been a territorial dispute between China and Philippines over the Scarborough Shoal (Philippine Term: Panatag Shoal) or Huangyan Is
Read More
Article

AlienVault OSSIM Review - Open Source SIEM

Introduction As logs never lie, it's very important to aggregate and analyze the internal and external network logs constantly so that companies can prevent
Read More
Article

Hacking AutoUpdate by Injecting Fake Updates

Works against Java, AppleUpdate, Google Analytics, Skype, Blackberry and more Introduction [pkadzone zone="main_top"] [pkadzone zone="main_top"] We all know
Read More
Article

Passive Fingerprinting

During penetration testing, the main objective of the auditor is to exploit and gain access. For that to happen, it is required to have some information abou
Read More
Article

Iframe & the security risk

Web application security is always an important topic to discuss because websites seem to be the first target of malicious hackers. Hackers use websites to s
Read More
Article

OSINT and pre-game show for a on-site WLAN Penetration Test

Wireless Penetration Testing in my opinion is one of the most fun parts of Ethical Hacking. It incorporates application exploits once you are on the WLAN/LAN
Read More
Article

Malware Analysis - Follow along reversing the German government's "Bundestrojaner"

Introduction I'm reasonably sure that anyone reading this particular article has heard about viruses, worms, trojans and malware; as well as numerous antivi
Read More
Article

The Importance of Securing a Linux Web Server

With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux ba
Read More
Article

SQL injection through HTTP headers

During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing
Read More
Article

Mexican Drug Cartels and Cyberspace: Opportunity and Threat

1) Mexican Drug Gangs Kidnap Computer Hackers and Programmers Mexican drug trafficking organizations are increasingly demonstrating a desire to make money f
Read More
Article

DarkComet analysis – Understanding the Trojan used in Syrian uprising

DarkComet used in Syrian conflict? On February 17th the CNN published an interesting article, where some Syrian's regime opponents claimed that the governme
Read More