Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Cybersecurity Weekly: California phished, ransomware tied to Hafnium, MobiKwik breach

A phishing attack leads to a breach at California State Controller. Microsoft Exchange servers are now targeted by BlackKingdom ransomware. A Zoom screen sharing bug lets users access restricted apps. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

Volodya/BuggiCorp Windows exploit developer: What you need to know

Check Point researchers unveiled the identity of two authors responsible for zero-day attacks on Windows using a novel technique that allows them to recogniz
Read More
Article

CGEIT certification exam study resources [updated 2021]

So, you want to be Certified in the Governance of Enterprise IT (CGEIT). To make this happen, you’ll need to be mindful of the best books, study guides, onli
Read More
Article

5 cybersecurity talent initiatives working to close the skills gap

As data breaches and cyberattacks get more and more sophisticated and frequent, organizations are feeling the impact of a cyber skills gap even more acutely.
Read More
Article

Tomato 1: VulnHub CTF walkthrough

Information shared in this article is intended for educational purposes only. Infosec and the author are not responsible for nefarious actions associated wit
Read More
Article

CGEIT certification exam Domain 1: Governance of Enterprise IT [updated 2021]

Introduction Those working in enterprise IT responsible for managing, directing and supporting governance of IT have the option of gaining certifications to
Read More
Article

Python for network penetration testing: An overview

Python is an extremely powerful and versatile scripting language.  It is designed to be easy to write, and its large number of libraries provide a great deal
Read More
Article

CEWLKID: 1 VulnHub CTF walkthrough, part 2

Information shared in this article is intended for educational purposes only. Infosec and the author are not responsible for nefarious actions associated wit
Read More
Article

Python for exploit development: Common vulnerabilities and exploits

Python is one of the most famous and popular programming languages for a variety of reasons.  It is a very easy language to learn and use, yet is also very v
Read More
Article

Certifications compared: CISSP vs. GSEC [updated 2021]

CISSP and GSEC are both popular cybersecurity certifications, but they serve different purposes. Find out which one is right for you.
Read More
Article

Python for exploit development: All about buffer overflows

What is a buffer overflow? Any application that takes users’ input needs somewhere to store that user input. This requires the application to allocate memor
Read More
Article

Python language basics: understanding exception handling

Introduction to exceptions Ideally, an application will always work exactly as expected. In reality, things can go wrong for several reasons. A design flaw
Read More
Article

Python for pentesting: Programming, exploits and attacks

Why use Python for pentesting? Python is one of the most popular programming languages in existence for several reasons. It’s easy to use, has a large numbe
Read More
Article

MRBMiner malware: What it is, how it works and how to prevent it | Malware spotlight

MrbMiner is a recent malware discovered and documented by the Tencent Team last September. It targets MSSQL databases and implants cryptomining modules on ta
Read More
Article

CGEIT certification: Overview and career path [updated 2021]

A cert that targets enterprise leadership The importance of IT governance for a company is impossible to ignore. Its goal is to ensure that the IT infrastru
Read More
Article

Cybersecurity weekly: Acer hacked, Exchange targeted, Zoom bugs

The REvil ransomware gang hacked Acer and is demanding a $50 million ransom. Microsoft Exchange servers are now targeted by BlackKingdom ransomware. A Zoom screen sharing bug lets users access restricted apps. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

Machine learning for social engineering

Social engineering is a form of communication that aims at gaining people’s trust at first and then prompting them to share sensitive information or do somet
Read More
Article

ICS/SCADA threats and threat actors

Industrial control systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems play a critical role in critical infrastructure and industrial
Read More
Article

Cellular Networks and Mobile Security

Despite their seemingly endless coverage (your mileage will definitely vary), cellular network security has proven to be surprisingly robust over the years.
Read More
Article

ICS cyber ranges: Hands-on training for industrial control system security teams

Incident response has been a pillar of cybersecurity for decades. But plans to account for the unique risks surrounding the specialized command and control s
Read More
Article

Secure network protocols

For a very long time, having devices just work on a network was a feat in itself. This meant that the protocols involved didn't necessarily need to be secure
Read More
Article

CEWLKID: 1 VulnHub CTF walkthrough, part 1

Information shared in this article is intended for educational purposes only. Infosec and the author are not responsible for nefarious actions associated wit
Read More
Article

Network security (101)

When we're building a network, the first time it comes online can always be a rush — seeing systems be detected, being able to make their way to your test si
Read More
Article

Fileless Windows Error Reporting (WER) malware attack: Technical overview and walkthrough

In October 2020, a newly uncovered malware named Kraken was observed in the wild. This malicious piece of malware is abusing the Windows Error Reporting serv
Read More