Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

How Are Credentials Used In Applications?

Introduction Use of credentials is one of the most common aspects of applications. Be it a web application or a mobile client application, applications ofte
Read More
Article

How To Exploit Least Privilege Vulnerabilities

Introduction In the previous article, we discussed the importance of access controls and understood that the principle of least privilege is an essential co
Read More
Article

Phishing attack timeline: 21 hours from target to detection

Introduction Phishing seems to be ever-present in the modern cyber-threat landscape. During the COVID-19 pandemic, there has even been an increase in phishi
Read More
Article

XSS Vulnerabilities Exploitation Case Study

Introduction In the earlier articles about SQL Injection, we discussed how SQL Injection vulnerabilities can be identified and exploited. We also discussed
Read More
Article

What is is integer overflow and underflow?

This article provides an overview of Integer Overflow and Overflow vulnerabilities and how they can be exploited. Integer Overflows and Underflows occur due
Read More
Article

SQL Injection Vulnerabilities Exploitation Case Study

Introduction In the earlier articles about SQL Injection, we discussed how SQL Injection vulnerabilities can be identified and exploited. We also discussed
Read More
Article

CyberSploit 2 VulnHub CTF walkthrough

In this article, we will solve a Capture the Flag (CTF) challenge published on VulnHub by the author “CyberSploit”. As per the information given by the autho
Read More
Article

Malicious Amazon Machine Images (AMIs)

Introduction As organizations move their infrastructure, data and workload to the cloud, it is important to ensure that the Amazon Machine Images (AMI) from
Read More
Article

CyberSploit 1: VulnHub CTF walkthrough

In this article, we will find an answer to a Capture the Flag (CTF) challenge published on VulnHub website by the author “CyberSploit”. As per the informatio
Read More
Article

First Safe Harbor, then Privacy Shield: What EU-US data-sharing agreement is next?

What is data sharing? The EU has become known internationally as an organization that takes data privacy very seriously. The EU’s stand-out data privacy law
Read More
Article

7 Steps of the MITRE ATT&CK®-based Analytics Development Method

What is the MITRE ATT&CK®-based analytics development method? The MITRE ATT&CK-based analytics development method is a process of using red and blue
Read More
Article

How to Use MITRE ATT&CK® to Map Defenses and Understand Gaps

Developing detection and prevention controls for techniques in the enterprise matrix The MITRE ATT&CK® framework is a useful way to standardize cybersec
Read More
Article

Using MITRE ATT&CK®-based analytics for threat detection: 5 principles

MITRE ATT&CK-based threat detection vs. conventional methods A number of traditional methods for threat detection exist; however, cyber threat actors ha
Read More
Article

Use cases for implementing the MITRE ATT&CK® framework

The MITRE ATT&CK ® framework is a vast repository of cybersecurity knowledge.  Each of the MITRE ATT&CK framework outlines a number of goals that an
Read More
Article

How to Use the MITRE ATT&CK® Framework and the Lockheed Martin Cyber Kill Chain Together

What is the Lockheed Martin Cyber Kill Chain? The Lockheed Martin Cyber Kill Chain is the first attempt to describe the structure and lifecycle of a cyberat
Read More
Article

How to make cybersecurity budget cuts without sacrificing security

Introduction 2020 has been an incredibly challenging year. Physical and mental health has taken a heavy toll; economies are under threat; and organizational
Read More
Article

Nworm malware: What it is, how it works and how to prevent it | Malware spotlight

Introduction In April 2020, the creators of the TrickBot malware released a module for TrickBot called Nworm. TrickBot is a banking Trojan that targets Wind
Read More
Article

Cybersecurity Weekly: Apple patches, job offer phishing, Cisco zero-day

Apple patched three actively exploited iOS zero-days. Hackers used Torisma spyware in job offer phishing attacks. A Cisco zero-day in AnyConnect Secure Mobility Client remains unpatched. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

How to use the MITRE ATT&CK® framework and diamond model of intrusion analysis together

What is the diamond model of intrusion analysis? The Diamond Model of Intrusion Analysis is based upon the premise that every cyberattack consists of an adv
Read More
Article

MITRE ATT&CK® Framework Tactics: An Overview

Introduction to MITRE ATT&CK framework tactics The MITRE ATT&CK® framework is designed to provide information about cybersecurity and the methods by
Read More
Article

MITRE ATT&CK® Framework Matrices: An Overview

Introduction to MITRE ATT&CK framework matrices The MITRE ATT&CK® framework is a tool designed to educate about cybersecurity threats and attack vec
Read More
Article

55 federal and state regulations that require employee security awareness and training

Introduction Humans are repeatedly described as the weakest link in the cybersecurity chain. We are highly susceptible to falling for phishing attacks, soci
Read More
Article

Malicious Docker images: How to detect vulnerabilities and mitigate risk

Introduction Shortcuts are popular because they are more convenient and take less time. Developers have started using Docker because it allows you to place
Read More
Article

The Ultimate Guide to the MITRE ATT&CK® Framework

What is the MITRE ATT&CK framework? The MITRE ATT&CK® framework is a knowledge base containing information about the various ways in which a cyberat
Read More