Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Installing and configuring CentOS 8 on Virtualbox [updated 2021]

Unix-based operating systems are ruling the webserver OS market. According to data from W3techs, in 2017 Unix servers were used by 66.5% of all the websites,
Read More
Article

Implementing global security awareness programs: Collaboration & cultural relevance

There’s more to the bits and bytes that make up the world of cybersecurity. The languages, cultural norms, preferences and learning styles of the professiona
Read More
Article

Capture the flag: A walkthrough of SunCSR’s Katana

Introduction Welcome to my write-up for the Katana machine from VulnHub. This is an intermediate-level, intentionally vulnerable virtual machine created for
Read More
Article

Introduction to variables

What is a variable? A variable is simply a concept to make programming easier and more efficient. It is entirely possible to have a programming language wit
Read More
Article

7 best computer forensics tools [updated 2021]

Computer forensics deals with the collection of evidence from digital media, such as desktops, mobile devices, cloud computing and IoT devices. This evidence
Read More
Article

Lazarus’s VHD ransomware: What it is, how it works and how to prevent it | Malware spotlight

Introduction Data encryption malware is one of the most popular malware families in recent years and targets mass volumes of users and companies around the
Read More
Article

Pysa 101: Overview of Facebook’s open-source Python code analysis tool

Introduction to Pyre and Pysa Pyre is a performance type-checker created by Facebook for the Python programming language. It is designed to rapidly identify
Read More
Article

How to mitigate Race Conditions vulnerabilities

Race condition vulnerabilities can exist when an application has multiple threads of execution that are running in parallel. This can occur either internal t
Read More
Article

Cryptography Errors

Many organizations make use of cryptography for securing their applications. A large portion of banking applications rely on some sort of cryptography. When
Read More
Article

How to avoid Cryptography errors

In the previous articles of the series on Cryptography errors in applications, we discussed how the use of Crypto in applications can go wrong and what type
Read More
Article

Cryptography errors Exploitation Case Study

In the previous articles of this series on Cryptography errors, we discussed how Cryptography is used in applications and how the use of Cryptography can go
Read More
Article

How to exploit Cryptography errors in applications

In the previous articles of this series on Cryptography errors, we discussed how Cryptography is used in applications and how the use of Cryptography can go
Read More
Article

Rethinking the human factor in security awareness

Moving employees from a “have-to” to a “want-to” mindset As organizations begin to understand that security is everyone’s understanding, cybersecurity cultu
Read More
Article

NSA report: Indicators of compromise on personal networks

Introduction The advent of the novel coronavirus pandemic has brought with it a sharp rise in the number of government workers that work telework, typically
Read More
Article

Improving web application security with purple teams

What is the purple team in cyber security? The cybersecurity industry - and especially the area of security assessments - is very fond of color-based terms.
Read More
Article

Cybersecurity Weekly: Paypal phishing texts, Facebook ad phishing, T-Mobile data breach

PayPal phishing texts state users accounts are limited. Facebook ads are being used to steal 615,000+ credentials in a phishing campaign. T-Mobile disclosed
Read More
Article

Average chief security officer salary [updated 2021]

The role of a chief security officer is one that combines management with a deep understanding of information technology and data protection. A chief securit
Read More
Article

How to exploit race conditions

Race conditions vulnerabilities can exist in applications that contain parallel processing. These vulnerabilities exist if multiple threads of execution do n
Read More
Article

Storytelling in cybersecurity: The impact of a great story (with Sarah Moffatt)

“It's not people, armies, gold or flags that unites people; it's stories. There's nothing more powerful in the world than a good story.”  The power of a g
Read More
Article

Hack the Box (HTB) machines walkthrough series — Node

Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named N
Read More
Article

Software vulnerability patching best practices: Patch everything, even if vendors downplay risks

Software vulnerability continues to be a challenging cybersecurity risk. Cybercriminals are able to seize on these vulnerabilities and breach systems. The ti
Read More
Article

Arrays, Structs and Linked Lists

Reverse engineering is the practice of analyzing a software system, either in whole or in part, to extract design and implementation information 1. This arti
Read More
Article

What senior citizens need to know about security awareness

Introduction As a result of the coronavirus pandemic, many older adults sought out new technologies. Whether as a means to connect with friends or grandchil
Read More
Article

Cybersecurity Weekly: Ledger account leak, SUPERNOVA malware, Citrix NetScaler attacks

Physical addresses of 270,000 Ledger owners were leaked on a hacker forum. A new SolarWinds flaw likely let hackers install SUPERNOVA malware. Attackers are abusing Citrix NetScaler devices to launch amplified DDoS attacks. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More