Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Blockchain and asymmetric cryptography

Blockchain technology makes it possible to solve business problems in ways that were previously impossible.  A major enabler of this is the decentralization
Read More
Article

BlackBerry exposes threat actor group BAHAMUT: Cyberespionage, phishing and other APTs

What do cybercrime, fake news, the Middle East/South Asia and a dragon from the Final Fantasy or the Dungeons & Dragons series all have in common? The an
Read More
Article

Security of the PKI ecosystem

Public Key Infrastructure (PKI) is the backbone of trust for many systems on the Internet.  One of the most common uses of PKI is the HTTPS protocol, which p
Read More
Article

IT auditing and controls: A look at application controls [updated 2021]

Portions of this article, including many of the definitions and terminology, have been sourced and summarized from ISACA.org and course materials published b
Read More
Article

Elliptic curve cryptography

As its name suggests, elliptic curve cryptography (ECC) uses elliptic curves (like the one shown below) to build cryptographic algorithms.  Because of the fe
Read More
Article

AWS APIs abuse: Watch out for these vulnerable APIs

In December 2020, Unit 42 researchers at Palo Alto Networks discovered a class of AWS application programming interfaces (APIs) that can be abused to enumera
Read More
Article

How To Earn CGEIT CPE Credits [updated 2021]

Introduction Earning Continuing Professional Education (CPE) credits is mandatory to keep your CGEIT certification active and alive. CPE policy is designed
Read More
Article

Purple team cyber ranges: Hands-on training for red and blue teams

Businesses are always adapting and innovating when it comes to cybersecurity. While the use of layered defenses and red and blue teams used to be enough, man
Read More
Article

Decrypting SSL/TLS traffic with Wireshark [updated 2021]

The internet wasn’t designed to be secure from the start. Many protocols (such as HTTP and DNS) were designed to serve their purpose of conveying information
Read More
Article

Ghimob Trojan Banker: What it is, how it works and how to prevent it | Malware spotlight

Introduction Malware is a popular term used to classify software with bad proposes that is part of our lives these days. Ghimob Trojan Banker is one of th
Read More
Article

Dumping a complete database using SQL injection [updated 2021]

What is SQL injection? SQL Injection is a web-based attack used by hackers to steal sensitive information from organizations through web applications. I
Read More
Article

Cybersecurity weekly: SolarWinds blames intern, AOL phishing scam, Kia ransomware attack

SolarWinds blames an intern for the weak password that led to a cyberattack. An AOL phishing email states your account will be closed. Kia Motors allegedly suffers a ransomware attack. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

Cyber ranges: Who are they for and how can they help

Why do you need hands-on training? The field of cybersecurity has a number of great books and references. Whether general overviews, deep dives into particu
Read More
Article

Basic snort rules syntax and usage [updated 2021]

In this series of lab exercises, we will demonstrate various techniques in writing Snort rules, from basic rules syntax to writing rules aimed at detecting s
Read More
Article

What types of cybersecurity skills can you learn in a cyber range?

What is a cyber range? A cyber range is an environment designed to provide hands-on learning for cybersecurity concepts. This typically involves a virtual e
Read More
Article

Hack the Box [HTB] machines walkthrough CTF series — Omni

Hack the Box (HTB) is an excellent platform that hosts machines belonging to multiple operating systems. Individuals have to solve the puzzle (simple enumera
Read More
Article

Stacks and Heap

Memory is a crucial resource for any system when conducting reverse engineering. Malware analysts must understand the way memory is assigned to a program.
Read More
Article

Cybersecurity Weekly: Phishing attacks spike, SHAREit patch, NSA exploit

Malformed URL prefix phishing attacks spike 6,000%. SHAREit fixes security bugs in their app with one billion downloads. Hackers used an NSA exploit years before the Shadow Brokers leak. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

ELECTION: 1 VulnHub CTF walkthrough

Information shared in this article is intended for educational purposes only. Infosec and the author are not responsible for nefarious actions associated wit
Read More
Article

Key findings from ESG’s Modern Application Development Security report

A deep dive into security issues In August 2020, the Enterprise Strategy Group (ESG) published its report, “Modern Application Development Security.” ESG is
Read More
Article

CloudGoat walkthrough series: IAM privilege escalation by attachment

This is the fourth in the walkthrough series of the CloudGoat scenarios. CloudGoat is a “vulnerable by design” AWS deployment tool designed by Rhino Security
Read More
Article

How to reserve a CVE: From vulnerability discovery to disclosure

What is a CVE? A CVE, meaning Common Vulnerabilities and Exposure, is a publicly reported vulnerability in software products. Vulnerabilities are assigned C
Read More
Article

SonicWall firewall VPN vulnerability (CVE-2020-5135): Overview and technical walkthrough

A critical stack-based buffer overflow vulnerability was discovered in SonicWall Network Security Appliance (NSA) VPN. In this article, we will address the p
Read More
Article

IDS/IPS overview

A typical corporate network makes use of a number of networking devices for preventing attacks originating from the internet and maintaining the security of
Read More