Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Drovorub malware: What it is, how it works and how to prevent it | Malware spotlight

Introduction Malware is a threat that has increased exponentially in the last few years, with many sophisticated threads impacting citizens, devices, organi
Read More
Article

What is the difference between the NICE framework and DoDD 8140/8570?

For those looking into government work, or for those just plain interested in the different cybersecurity frameworks out there, have probably encountered two
Read More
Article

Cybersecurity Predictions For 2021

Here we are again for the annual predictions of the trends and events that will impact the cybersecurity landscape in 2021. Let’s try to predict which will b
Read More
Article

Phishing domain lawsuits and the Computer Fraud and Abuse Act

Introduction The worlds of trademark law and marketing seem to be constantly at odds with each other, occasionally collapsing into a court of law where they
Read More
Article

What is a vulnerability disclosure policy (VDP)?

Introduction The vulnerability disclosure policy, or VDP, may be a term that you have heard thrown around at work, in an elevator, at an event and not knowi
Read More
Article

MITRE Shield: An active defense and adversary engagement knowledge base

Introduction When it comes to collecting tips, tricks and workarounds, it is easy to see quickly that certain concepts and methods are strong against partic
Read More
Article

SO SIMPLE 1: CTF walkthrough

In this article, we will solve a capture the flag (CTF) challenge that was posted on the VulnHub website by an author named Roel. As per the description give
Read More
Article

Comparing endpoint security: EPP vs. EDR vs. XDR

What are EDR, EPP and XDR? What is EDR? Endpoint detection and response is a type of security solution that provides real-time visibility into endpoint act
Read More
Article

Top 6 JavaScript plugin security risks

Introduction If you're on the web for more than about two hours, there's a good chance that you'll hear someone use the word “analytics.” This does not nece
Read More
Article

Cybersecurity Weekly: New SolarWinds backdoor found, affects Microsoft and VMWare

A new SUPERNOVA backdoor found in SolarWinds cyberattack analysis. Microsoft says its systems were also breached in the SolarWinds hack. VMware is the latest to confirm breach in SolarWinds hacking campaign. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

Email-based attacks with Python: Phishing, email bombing and more

The ability to send emails using an automated software tool such a python script can be useful in performing mass email based phishing attacks. This article
Read More
Article

Attacking Web Applications With Python: Recommended Tools

Python is a powerful scripting language and it is used in developing several real world tools that are heavily used by security professionals. This article p
Read More
Article

Attacking Web Applications With Python: Exploiting Web Forms and Requests

This article is to introduce web application penetration testers with python and explain how python can be used for making customized HTTP requests – which i
Read More
Article

Security tool investments: Complexity vs. practicality

Introduction As cyber threats rise, there has been a rush of security vendors offering tools to prevent data breaches. Today, security professionals can inv
Read More
Article

Role and purpose of threat modeling in software development

Threat modeling and software development Threat modeling is an exercise designed to identify the potential cybersecurity threats and attack surface of an ap
Read More
Article

Hashcat tutorial for beginners [updated 2021]

Hashcat is a popular password cracker and designed to break even the most complex passwords representation. To do this, it enables the cracking of a specific
Read More
Article

Attacking Web Applications With Python: Web Scraper Python

Web scrapers are useful in extracting information from websites. This article provides an overview of what web scrapers are and how they are related to OSINT
Read More
Article

Python for Network Penetration Testing: Best Practices and Evasion Techniques

Being stealthy is one of the most important aspects of a network penetration test. There will often be intermediary devices like IDS and IPS which can trigge
Read More
Article

5 changes the CPRA makes to the CCPA that you need to know

On election day 2020, Californians did more than vote for a president. They also passed the California Privacy Rights Act (CPRA), which clarified the Califor
Read More
Article

Python for network penetration testing: Hacking Windows domain controllers with impacket Python tools

Impacket is one of the most popular tools available for Network Penetration testing. This toolset is a great example of the power of python in network penetr
Read More
Article

How to hack a phone charger

Introduction We live in an era where malware is targeting smartphones and other devices from the Internet of the Things (IoT) world. This is not a desirable
Read More
Article

Phishing: Reputational damages

Introduction When phishing and damages are thought of in the same sentence, the typical thoughts of many are the loss of data due to theft, identity theft a
Read More
Article

HA: Narak CTF walkthrough

In this article, we will solve a Capture the Flag (CTF) challenge that was posted on the VulnHub website by an author named “Hacking Articles”. As per the de
Read More
Article

Securing the home office: Printer security risks (and mitigations)

The drastic increase in working from home due to the COVID-19 pandemic has brought a traditional weak point within organizational networks to light – the pri
Read More