Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

How to Use Windows 10 Action Center and Security & Maintenance App for Hardening

When you hear someone mention "Action Center" in regards to security, you may picture a team of specialists running through a facility- trying to get to thei
Read More
Article

Setting up a virtual lab for cybersecurity data science

"Giant Rabbit uses Carrot Smash. You take 9999 damage. Game over."  "Aww! All right, this time I’ll get it for sure."  "Do you want to reload your last
Read More
Article

Data Security in Windows 10: NTFS Permissions (Standard)

"I don't have anything to hide." "What about your credit card numbers?" "Well yeah, okay but…" "Bank account number? Social Security Number? Social Media Pas
Read More
Article

LazyAdmin: CTF walkthrough

Today’s Capture the Flag (CTF) walkthrough will be performed via TryHackMe, a platform in which you can set up CTF machine over the cloud and access using Op
Read More
Article

CloudGoat walkthrough series: Cloud Breach S3

This is the second in the walkthrough series of the CloudGoat scenarios. CloudGoat is a “vulnerable by design” AWS deployment tool designed by Rhino Security
Read More
Article

Hack the Box (HTB) machines walkthrough series — Admirer

Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named A
Read More
Article

Top 6 ransomware strains to watch out for in 2020

Ransomware remains the number one security risk to businesses and users, even though attacks have slowed down — or have they? Key findings from the 2020 Veri
Read More
Article

Common vulnerability assessment types

A vulnerability assessment is a process so complicated that it often requires a comprehensive approach. This would mean that a multiple sub-assessments are t
Read More
Article

Common security threats discovered through vulnerability assessments

A vulnerability assessment can efficiently highlight a huge number of diverse security issues. Here are our top 10 security threats that companies may stumbl
Read More
Article

Octopus Scanner malware: What it is, how it works and how to prevent it | Malware spotlight

Introduction Octopus Scanner appeared somewhere in 2018. Although its creators are still unknown, the operation of Octopus Scanner has been extensively disc
Read More
Article

Cybersecurity Weekly: Software skimmer, Android app flaws, Google ad phish

Hackers hide software skimmer in social media sharing icons. Unpatched Android apps put millions of users at risk. MetaMask phishing steals cryptocurrency wallets via Google ads. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

How to Mitigate Poor HTTP Usage Vulnerabilities

In the last few articles, we discussed how HTTP is used and how various types of attacks can be introduced due to the poor use of HTTP. We have also seen a p
Read More
Article

How to Exploit Poor HTTP Usage

In the previous article, we discussed some fundamental concepts associated with the HTTP protocol and risks associated with it if it is used improperly. In t
Read More
Article

Introduction to HTTP (What Makes HTTP Vulnerabilities Possible)

Understanding HTTP protocol and risks associated with the improper use of it in applications is an important step towards understanding application security.
Read More
Article

Hack the Box (HTB) machines walkthrough series — Blunder

Today, we will be continuing with our exploration of Hack the Box (HTB) machines as seen in previous articles. This walkthrough is of an HTB machine named Bl
Read More
Article

CloudGoat walkthrough series: IAM privilege escalation by rollback

This is the first in the walkthrough series of the CloudGoat scenarios. CloudGoat is a “vulnerable by design” AWS deployment tool designed by Rhino Security
Read More
Article

CGEIT certification exam details and process [updated 2021]

Introduction For those seeking certification in enterprise IT governance, the Certified in Governance of Enterprise IT (CGEIT) is a certification that they
Read More
Article

Working with CloudGoat: The “vulnerable by design” AWS environment

Introduction Many organizations today are leveraging the cloud to transform their business. However, the adoption of cloud technology introduces associated
Read More
Article

How to Mitigate Integer Overflow and Underflow Vulnerabilities

Introduction to Integer Overflows and Underflows Integer overflow and underflow vulnerabilities are simple but extremely powerful vulnerabilities.  They exi
Read More
Article

How to exploit integer overflow and underflow

Integer overflows and underflows Integer overflow and underflow vulnerabilities can exist because of how memory and variables are handled in programming lan
Read More
Article

How to mitigate Credential Management Vulnerabilities

Introduction In the previous articles about credential management, we discussed how credentials can be used in applications and what can go wrong when deali
Read More
Article

6 benefits of cyber threat modeling

Continuing Infosec’s series on threat modeling, we are going to explore some of the biggest benefits organizations can realize from performing this important
Read More
Article

WastedLocker malware: What it is, how it works and how to prevent it | Malware spotlight

Introduction WastedLocker is the name of a data encryption malware, also called ransomware, which will be analyzed in this article. Systems infected with th
Read More
Article

How To Exploit Credential Management Vulnerabilities

Introduction In the previous article, we discussed some examples of poor credential management. Hardcoded credentials, improper error handling and insecure
Read More