Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

ISC2 CSSLP domain 7: Secure software deployment, operations, maintenance

Learn all about domain 7 of the Certified Secure Software Lifecycle Professional and why it is important.
Read More
Article

CertNexus certification and career path overview

Everything you need to know about the wide range of available technology, data science, and security CertNexus certification and training programs.
Read More
Article

ISC2 CSSLP domain 6: Secure software lifecycle management

Learn all about the Certified Secure Software Lifecycle Professional domain 6 topics.
Read More
Article

ISC2 CSSLP domain 5: Secure software testing

Learn all about the Certified Secure Software Lifecycle Professional certification’s domain 5 topic of secure software testing.
Read More
Article

How to write a port scanner in Python in 5 minutes: Example and walkthrough

What is a port scanner and how does it work? Learn by writing your own basic Python port scanner script in this walkthrough from Keatron Evans.
Read More
Article

Death rays, Death Stars and deathware?

The impact of fatal attacks against cyber-physical systems will reach over $50 billion by 2023. Learn more about this new killware or deathware.
Read More
Article

Using Python for MITRE ATT&CK and data encrypted for impact

The impact tactic in the MITRE ATT&CK framework focuses on how an attacker can cause harm to a target organization.
Read More
Article

Explore Python for MITRE ATT&CK exfiltration and non-application layer protocol

Detecting data exfiltration is important when protecting an organization against a cyberattack.
Read More
Article

7 steps to building a successful career in information security

Learn how to break in and build your cybersecurity career with these popular tips.
Read More
Article

Explore Python for MITRE ATT&CK command-and-control

Python can be used to implement command and control in a variety of different ways when it comes to using encrypted channels and protocol tunneling.
Read More
Article

Explore Python for MITRE ATT&CK email collection and clipboard data

It is possible to collect data from a number of different sources, including the system clipboard and local repositories of emails, by using Python.
Read More
Article

Explore Python for MITRE ATT&CK lateral movement and remote services

You can explore through Python how exploitation of admin shares and web session cookie hijacking can be used to achieve remote hijacking.
Read More
Article

VULNCMS: 1 VulnHub CTF Walkthrough, Part 1

In this article, we will solve a Capture the Flag (CTF) challenge posted on the VulnHub website called VULNCMS.
Read More
Article

ISC2 CSSLP domain 4: Secure software implementation

Domain 4 of the CSSLP ensures that applicants have the knowledge and experience to avoid security blunders while writing code.
Read More
Article

How to become a Chief Information Security Officer (CISO)

Learn the steps necessary to become a Chief Information Security Officer (CISO) and succeed in the role.
Read More
Article

Explore Python for MITRE ATT&CK account and directory discovery

Python can use account and directory discovery to find user data such as accounts, which is valuable to attackers.
Read More
Article

ZHtrap botnet: How it works and how to prevent it

Learn about the ZHTrap botnet, which is hijacking infrastructures. Plus, we have some tips on protecting against these attacks.
Read More
Article

ISC2 CSSLP domain 3: Secure software architecture and design

In Domain 3 of the CSSLP, applicants demonstrate knowledge of software secure design best practices and risk management.
Read More
Article

Explore Python for MITRE ATT&CK credential access and network sniffing

Python is used to access credentials in many ways, including extracting them from web browsers’ credential caches and sniffing network traffic.
Read More
Article

ISC2 CSSLP domain 2: Secure software requirements

Domain 2 of the ISC2 CSSLP evaluates applicants’ ability to develop security requirements for software.
Read More
Article

ISC2 CSSLP domain 1: Secure software concepts

Domain 1 of ISC2’s CSSLP certification tests foundational knowledge of secure software development.
Read More
Article

Attackers don’t hack in: They log in with your credentials

Find out how and why cyberattacks happen the way they do via the methods used. It could help you make your organization a little bit safer.
Read More
Article

How to use Wireshark for protocol analysis: Video walkthrough

Learn how to analyze network traffic with the free protocol analyzer Wireshark and sniffing tool tcpdump. Then try it yourself!
Read More
Article

Beginner’s guide to the basics of data encryption

Encryption is one of the best ways to protect data from being exposed due to different types of cyber incidents. Learn how it works.
Read More