Security Awareness & Training Resource Center
Featured content
Deconstructing Human-Element Breaches | Infosec HRM
Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way.
Inside an Infosec Boot Camp: All your questions, answered!
You need to get certified, but is an Infosec Boot Camp the right choice for you — or your team? Find out in this live Q&A with two Infosec instructors.
Emerging trend checklist: Which certifications cover which new skills?
Boost your team's cybersecurity skills with the right certifications. Discover the most in-demand skills and the certifications that cover them in our free guide.
Security Awareness Outcomes with Infosec IQ
See security awareness and training outcomes from more than five million Infosec IQ learners.
Our resources
Top 5 Free Intrusion Detection Tools for Enterprise Network
Due to the complexity of today's data breaches and intrusions, deploying and maintaining network security more frequently requires a promising system to defe
PowerShell for Pentesters Part 3: Functions and Scripting with PowerShell
Introduction The more we advance in our articles, the more we notice the power of PowerShell, and that impression will only increase as we move forward.[pk
Reversing Binary: Spotting Bug without Source Code
Abstract The proficiency to unravel the complexities of a target software is called reverse engineering or just reversing. Software attackers manipulate or b
PowerShell For Pentesters Part 2: The Essentials of PowerShell
Introduction PowerShell represents one of the most interesting and powerful languages for a pentesting purpose as we explained in the first part of this lab
Pentester Academy Command Injection ISO: SugarCRM 6.3.1 Exploitation
Introduction The Pentester Academy by Vivek Ramachandran had compiled a virtual machine that consists of various vulnerable real-world application. All the a
Patching by Reversing Binary
Abstract Software often distributed with vulnerabilities in production milieu either due to poor programming practice (often inadvertently) or may be owing t
Mechanics Behind Ransomware-as-a-Service
Introduction Ransomware is an increasingly serious concern, and this problem is getting worse over time. Initially, this malware began to compromise fixed ta
Chapter 12 – Applications of Biometrics
Passwords are not secure and are useless as an access control… at least that is what many vendors and security consultants try to tell managers today. Instea
Bitcoin May Turn from Cybercriminals’ Biggest Asset into Their Biggest Liability
Why is Bitcoin the cybercriminals' most favorite payment method? Adam Kujawa is the head researcher at the antivirus company Malwarebytes, and he estimates
Big Data Discrimination
Introduced in 1997, the term "Big Data" has grown in popularity in the past years. [pkadzone zone="main_top"] Credit: IBM-Big-Data-Definitions by DigitalRalp
Challenges Faced By CISOs: Balancing Security versus Manpower
Cybersecurity is not about buying the latest security monitoring and automation tools to solve the day-to-day problems. Government and banking organizati
Understanding the Role of Threat Modeling in Risk Management
The increasing number of new security threats, breaches and regulations that have taken place in the past years has moved the process of threat modeling from
Getting Started with IoT Security - Mapping the attack surface
IoT or the Internet of Things is the new buzzword all around. However, not enough attention has been paid to the security aspect of these so-called "smart" d
The International Association of Privacy Professionals CIPT Certification
One of the most pressing issues in the Internet age is data protection. The data of individuals and businesses must be protected from malicious entities, ma
Penetration Testing: Job Knowledge & Professional Development
Interested in starting a career in penetration testing? This is actually a good time to get in the field, as security has taken center stage in the IT activi
Android vs. iOS Mobile App Penetration Testing
The adoption rate of smartphones has exploded in recent years. The two dominant smartphone operating systems (OS) of today are the Android OS develope
Importance of IP Fragmentation in Penetration Testing
Introduction Penetration testing is an extremely important testing aspect when we consider the optimum level of security for any system pertaining to crucial
Penetration Testing - Jobs, Certifications, Tools, and More
As technologies have increasingly advanced over the past few years, more complex cyber attacks have also emerged. Thus, data security has become the need of
Code Review of Node.Js Applications: Uncommon Flaws
This article covers the left-over vulnerabilities from Part-1. In this article, we will have an in-depth look at some uncommon flaws and how to find them whi
Penetration Testing Resources: Practicing Skills
Penetration testing can help fortify online and offline data security, strengthen system stability and improve user privacy protocols. This is the process of
Pentester Academy Command Injection ISO: Basilic 1.5.14 exploitation
The Pentester Academy has just recently launched a Command Injection ISO virtual image of Ubuntu. This image has 10 real-world applications which have a vuln
QuadRooter Attack Overview: Vulnerabilities, Methods & Mitigations
QuadRooter is a threat vector specifically affecting Android devices. The common vulnerabilities and exposures (CVE) for these security issues are: CVE-2016
Use of Various Windows Utilities to Manage ICS Processes
Introduction Target Audience: Operational Technology (OT) operators of industrial control systems (ICS) that do not have information technology (IT) training
5 Business Email Compromise Attack Examples We Can Learn From
Business email compromise (BEC) is a type of phishing scheme where the cyber attacker impersonates a high-level executive (CIO, CEO, CFO, etc.) and at