Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Increasing security by hardening the CI/CD build infrastructure

CI/CD pipelines are made up of various different components such as application code, source code repositories, image repositories, build servers, containers
Read More
Article

ATP group MontysThree uses MT3 toolset in industrial cyberespionage

The age of cyber spying Targeted malware is often an issue for officials such as diplomats and telecom operators. In rare cases, industries become a target,
Read More
Article

Pros and cons of public vs internal container image repositories

Docker registry is a key component in IT environments that use containers. Small businesses and individuals can rely on publicly available registry services
Read More
Article

Cybersecurity Weekly: Exchange malware, Trickbot surges, new Nim malware

Hackers are targeting Microsoft Exchange servers with ransomware. TrickBot takes over after cops kneecap Emotet. Researchers spotted malware written in Nim programming language. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

CI/CD container security considerations

Containers are heavily used in the CI/CD environments. There are various phases, where security needs to be taken care of in a CI/CD pipeline. The developers
Read More
Article

Bandook malware: What it is, how it works and how to prevent it

Bandook malware is a remote access trojan (RAT) first seen in 2007 and active for several years. Bandook RAT, written in both Delphi and C++, was first se
Read More
Article

Quantum cyberattacks: Preparing your organization for the unknown

Quantum computing days are coming Quantum computing has been a buzzword for several years. And while it’s still the early days, several industries have been
Read More
Article

Vulnerability scanning inside and outside the container

With the wide acceptance of the concept of containerized applications due to the benefits they bring, one should not overlook the security in container envir
Read More
Article

An Introduction to asymmetric vs symmetric cryptography

Most people are aware of the basic idea behind cryptography — hiding a message with a code that can only be decoded by your intended recipient. However, this
Read More
Article

How Docker primitives secure container environments

Docker makes heavy use of Linux kernel features. One of the fundamental aspects that containers make use of from Linux Kernel are namespaces and cgroups. Thi
Read More
Article

Top 4 Zapier security risks

Zapier is a platform that allows you to integrate web apps across an organization. It can make fast work of data from various web applications; however, it i
Read More
Article

Common container misconfigurations and how to prevent them

Docker is a containerization software that comes with a great set of features that make it easy to build and run containers. With the great features Docker p
Read More
Article

Hack the Box (HTB) machines walkthrough series — Teacher

Hack the Box (HTB) is an excellent platform that hosts machines belonging to multiple operating systems. Individuals have to solve the puzzle (simple enumera
Read More
Article

Worst passwords of the decade: A historical analysis

Cybersecurity breaches are on the rise, so it’s perplexing that so many people continue to use the same basic passwords. Perhaps it’s the exhaustion of havin
Read More
Article

Building container images using Dockerfile best practices

Docker images are built by writing all the build instructions in a configuration file named Dockerfile. Once an image is built using this Dockerfile, contain
Read More
Article

Securing containers using Docker isolation

In the previous article, we discussed an overview of common container security misconfigurations such as mounting docker.sock, use of root users accounts and
Read More
Article

Introduction to container security

Containers are becoming the new normal to deploy software applications and many organizations are embracing container technologies at a great speed. This art
Read More
Article

Commercial off-the-shelf IoT system solutions: A risk assessment

The rise of the Internet of Things (IoT) The Internet of Things (IoT) is growing rapidly. IoT devices provide convenience and can be a more efficient and co
Read More
Article

Most common MITRE ATT&CK tactics and techniques: CISA shares most common RVAs

Introduction CISA has released a list of Risk and Vulnerability Assessments, or RVAs, to the MITRE ATT&CK Framework and have released their findings to
Read More
Article

Breaking misused stream ciphers

Encryption algorithms can be classified in a couple of different ways.  A top-level distinction is between symmetric encryption algorithms (which use the sam
Read More
Article

Entropy calculations

Entropy is a measure of the randomness in a system.  The more random the system, the less predictable it is and the higher its entropy. [pkadzone zone="ma
Read More
Article

Top 8 Microsoft Teams security issues

Due to the COVID-19 pandemic and remote work, there has been an increase in the use of collaboration tools such as Microsoft Teams, Zoom and Google Meet. It
Read More
Article

Blockchain and hash functions

Hash functions are cryptographic algorithms designed to protect the integrity of data.  Hash functions have a few useful properties, including: One-way:
Read More
Article

A school district's guide for Education Law §2-d compliance

During the 2014-2105 fiscal year, the New York State Education Department enacted Education Law §2-d, which includes a series of provisions designed to enhan
Read More