Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Security Dangers of Web Management Interfaces

Web based interfaces are convenient for managing networking equipment, but under no circumstances should these be open to the world and the internet. Many ne
Read More
Article

Cookie-based SQL injection

Did you say a "cookie" ? A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to
Read More
Article

Pivoting from the age old ARP attack

Translating layer 2 local addresses to layer 3 globally routable addresses is the sole responsibility of the Address Resolution Protocol. ARP spoofing is a f
Read More
Article

W3af walkthrough and tutorial

w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be loo
Read More
Article

InfoSec Book Excerpt: Security Metrics - Chapter 17

We like to read the latest and greatest security books, andsometimes the author and/or publisher is generous enough to share an extended with us - and you. W
Read More
Article

Soft Skills: A Peek into the Mind of a Hiring Manager

As a recruiter, I often have the question posed to me in a variety of ways, "Exactly what is it that hiring managers want?" What is it that they are looking
Read More
Article

How to Build a Secure RPC Interface for AJAX Apps With Google Web Toolkit

Why use GWT? Most modern web applications utilize an AJAX functionality of some sort to make them highly interactive and to have a user interface that works
Read More
Article

Circumventing NAT with UDP hole punching

A lot of networks use NAT (Network Address Translation) these days. This allows the systems on the same network to have a single global IP address. This also
Read More
Article

CSRF and XSS: A Lethal Combination - Part I

Introduction In the second installment of this series, we discussed one of the most prevalent attacks to applications: SQL Injection. The previous discussion
Read More
Article

Information Gathering Using Maltego

The first phase in security assessment is to focus on collecting as much information as possible about a target application. According to OWASP, information
Read More
Article

pcAnywhere Leaked Source Code - An Anonymous Review

[highlight color=yellow]DISCLAIMER: InfoSec Institute received an anonymous submission concerning the leaked pcAnywhere source code. The article is published
Read More
Article

Attack Surface Reduction – Chapter 4

This is Chapter 4 in Tom Olzak‘s book, “Enterprise Security: A practitioner’s guide.” Chapter 3 is available here: Building the Foundation: Architecture Desi
Read More
Article

Virtualization Security: Hacking VMware with VASTO

With the advancement of the technology in the field of computers, requirement for hybrid setups has also escalated. Nowadays every company is using a heterog
Read More
Article

Extending Burp Suite

Introduction There are multiple intercepting proxy tools available and Burp Suite is one of the best tools available for interception. If you are not yet fam
Read More
Article

A New DNS Exploitation Technique: Ghost Domain Names

DNS is a naming system which coverts human readable domain names into computer readable IP addresses. Whenever there is a query for a domain which is not in
Read More
Article

RootSmart Android Malware

Summary Android's increasing popularity, combined with the possibility to create alternative markets, makes this platform a fertile ground for malware author
Read More
Article

Attacking the Phishers: An Autopsy on Compromised Phishing Websites

In this article we will cover the results of an informal investigation I performed into phishing websites. Rather than simply reviewing them externally as
Read More
Article

Creating backdoors using SQL injection

If you're reading this article than I'm reasonably sure that you have heard of a virus, otherwise refered to as a Trojan horse or worm, which can infect your
Read More
Article

Top 10 Tips for Securely Managing Your Employee’s BYOD

Overview: The BYOD (Bring Your Own Device) phenomenon is expanding at an incredible rate. It is something that affects every business, from the smallest to t
Read More
Article

Building the Foundation: Architecture Design - Chapter 3

In this chapter, we define the various types of enterprise architectures, how to integrate them into strategic and tactical business objectives, and how to build from business need to system and network design.
Read More
Article

Writing Self-Modifying Code Part 3: Antivirus Evasion

This is the third article in a series on the topic of self-modifying code.
Read More
Article

Hacking In The World’s Largest Mall

Figure 1. Yes there is a ship in the mall, and a whole bunch of wireless[pkadzone zone="main_top"] [pkadzone zone="main_top"] Much has been made in the medi
Read More
Article

Wi-Fi Security: The Rise and Fall of WPS

Wireless local-area networks which are also referred to as WLANs or Wi-Fi are prevalent these days. They are so popular that they can be found installed in o
Read More
Article

Burp suite walkthrough

Burp Suite is one of the best tools available for web application testing. Its wide variety of features helps us perform various tasks, from intercepting a r
Read More