Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Maintaining Your CGEIT Certification: Renewal Requirements [updated 2021]

Introduction The Certified in Governance of Enterprise IT certification, or CGEIT, is a vendor-neutral IT governance certification hosted by ISACA. The cert
Read More
Article

FUNBOX: VulnHub CTF walkthrough

Explore this Vulnhub.com capture the flag (CTF) to gain some experience gaining root access and reading the flag file.
Read More
Article

TeamTNT evades detection with new malware using ld_preload technique

A new piece of malware from the TeamTNT threat group is using a different Unix technique to evade detection and to install a bot in the compromised machines
Read More
Article

PMP®️ domain information & overview [updated 2021]

A Project Management Professional (PMP) certificate from the Project Management Institute can enhance and progress your career.
Read More
Article

Encryption and etcd: The key to securing Kubernetes

Kubernetes is great for container orchestration, but is it secure? Learn about etcd and encryption — and how they relate to cybersecurity.
Read More
Article

Cybersecurity Weekly: One-click hack, Discord Nitro ransomware, Codecov hacked

A one-click hack was found in popular desktop apps. Discord Nitro gift codes are now demanded as ransomware payments. The Codecov code coverage tool was hacked to steal dev credentials. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

Kira 1: VulnHub CTF walkthrough

Bassam Assiri is the author of this VulnHub CTF, which challenges users to gain root access and read the flag file.
Read More
Article

Rapid threat model prototyping: Introduction and overview

Choosing a form of threat modeling can help protect your organization from security threats.
Read More
Article

What is a security champion? Definition, necessity and employee empowerment [Updated 2021]

Does your organization need a security champion? Learn how they can help elevate cybersecurity and empower employees through your organization.
Read More
Article

Turla Crutch backdoor: analysis and recommendations

Crutch is a newly discovered backdoor from Turla advanced persistent threat (APT), a Russian-linked threat actor, used in a recent cyberattack against an cou
Read More
Article

Cybersecurity Weekly: DNS vulnerabilities, W-2 phishing scam, Google URL malware

DNS vulnerabilities affect over 100 million devices. A W-2 phishing scam is targeting the 2021 tax season. Microsoft warns of malware delivery via Google URLs. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

Blackrota abused Docker remote API to deliver CobalStrike beacon

The Blackrota backdoor is a piece of malware analyzed by NetLab and is the most obfuscated Go-developed executable and linkable format (ELF) malware found to date.
Read More
Article

Uncovering and remediating malicious activity: From discovery to incident handling

Need a “cybersecurity playbook” for incident response? A recent CISA alert used threat intel from five counties to create this best practice guide.
Read More
Article

JavaScript obfuscator: Overview and technical overview

JavaScript cyberattacks are on the rise, meaning you need to be extra careful when opening your emails.
Read More
Article

Common job titles and salaries for CGEIT-certified professionals [updated 2021]

Introduction  ISACA's Certified in the Governance of Enterprise IT (CGEIT) certification gives you the credibility to discuss critical issues around governa
Read More
Article

3 tips to build a stronger cybersecurity team with Katie Boswell and Jason Jury

Learn how to build a stronger cybersecurity team with tips from KPMG Cyber’s Katie Boswell and Booz Allen Hamilton’s Jason Jury.
Read More
Article

APT Sandworm (NotPetya) technical overview

Sandworm, also known as Telebots, is one of the most dangerous Russian threat actors impacting industrial control systems.
Read More
Article

Cybersecurity Weekly: Vaccine phish, firewall evasion, VMware authentication fix

Phishing attacks use vaccine surveys to steal personal info. Hackers are using a Windows OS feature to evade firewalls. VMware fixes an authentication bypass
Read More
Article

Excel 4.0 malicious macro exploits: What you need to know

Adversaries are finding new ways to weaponize Excel 4.0 macros for delivering additional, more sophisticated malware.
Read More
Article

CGEIT certification exam Domain 4: Risk optimization [updated 2021]

Introduction The Certified in Governance of Enterprise IT, or CGEIT, is an IT governance certification offered by ISACA. The certification exam received a r
Read More
Article

CGEIT certification exam Domain 3: Benefits Realization [updated 2021]

Introduction The Certified in Governance of Enterprise IT, or CGEIT, is an IT governance certification offered by ISACA. In July of 2020, ISACA released a n
Read More
Article

CGEIT certification exam Domain 2: IT Resources [Updated 2021]

Introduction The Certified in Governance of Enterprise IT, or CGEIT, is an IT governance certification offered by ISACA. Comparing the 2020 CGEIT syllabus t
Read More
Article

Y0usef 1 VulnHub CTF walkthrough

This is an easy CTF tasking you with gaining root access to the machine. To complete this task, two flags will need to be read.
Read More
Article

Malicious Excel attachments bypass security controls using .NET library

A recent threat group called Epic Manchego is using a new technique to create Excel files to bypass antivirus (AV) and and get low detection rates. By explor
Read More