Free Resources
Free knowledge
90+ free cybersecurity infographics for the entire community. No forms to download. Just shared knowledge.
98 of 98 resources
Browser Fingerprinting
How websites identify users using browser fingerprinting techniques.
Active Directory Attack
Full anatomy of an attack against Active Directory environments, from reconnaissance to exfiltration.
Adversary-in-the-Middle Attack
How attackers intercept sessions and credentials using AITM attacks.
API Attack
Common attack vectors targeting modern APIs and REST services.
Web Application Attack
Anatomy of common attacks against modern web applications.
APT Attack
How advanced persistent threats operate inside organizations.
BOLA Attack
How attackers exploit Broken Object Level Authorization vulnerabilities in APIs.
Kubernetes Attack
Threats and attack vectors against Kubernetes containers and clusters.
Cloud Infrastructure Attack
Common attack vectors against AWS, Azure and GCP infrastructure.
IoT Attack
How attackers compromise IoT devices and exploit connected networks.
Obfuscated JavaScript Attack
Evasion and concealment techniques using obfuscated JavaScript.
JWT Attack
How attackers exploit JSON Web Token vulnerabilities to escalate privileges.
Reverse Proxy Phishing Attack
How attackers use reverse proxies to capture credentials and MFA sessions.
Supply Chain Attack
How attackers compromise vendors, libraries and CI/CD pipelines to distribute malware.
Anatomy of a CVE
How CVE vulnerabilities are discovered, registered and exploited.
Microservices Attack
Common attack vectors against microservices-based architectures.
EDR/XDR Bypass
Techniques used to evade modern EDR and XDR solutions.
Command and Control Attack
How C2 channels used by malware and threat actors operate.
MFA Fatigue Attack
How attackers abuse MFA notifications to trick users into granting access.
Social Engineering Attack
Psychological manipulation techniques used to gain unauthorized access.
Password Cracking
Methods used to crack passwords using brute force, dictionaries and hybrid attacks.
Phishing Through Fraudulent Domains
How attackers use fake domains to impersonate brands and steal credentials.
Phishing Attack
How phishing attacks work and the most common techniques used to deceive users.
Prompt Injection
How attackers manipulate prompts to alter the behavior of AI-based systems.
BGP Hijacking Attack
How attackers manipulate BGP routes to redirect or intercept internet traffic.
NTP Amplification DDoS
How DDoS attacks using amplification through NTP servers work.
Reflection Amplification DDoS
DDoS attacks based on reflection and amplification using exposed services.
Botnet DDoS Attack
How botnets are used to perform distributed denial-of-service attacks.
HTTP Flood DDoS Attack
How DDoS attacks targeting applications and HTTP servers work.
DNS Flood DDoS Attack
How attackers overwhelm DNS services using flood-based attacks.
Memcached DDoS Attack
DDoS amplification attacks using exposed Memcached servers.
Slowloris Attack
How Slowloris exhausts HTTP connections by keeping them open as long as possible.
SSDP Amplification Attack
How attackers use UPnP/SSDP devices to amplify DDoS traffic.
TCP SYN Flood Attack
How SYN Flood attacks exhaust resources by overwhelming TCP connections.
Volumetric DDoS Attack
DDoS attacks designed to saturate bandwidth and network capacity.
DNS Cache Poisoning Attack
How attackers manipulate DNS responses to redirect users to malicious websites.
Evil Twin Attack
How attackers create fake WiFi hotspots to intercept traffic and credentials.
MAC Flooding Attack
How attackers overflow switch CAM tables to capture network traffic.
Man-in-the-Middle Attack
How attackers intercept and manipulate communications between two parties.
Sniffing Attack
How attackers capture and analyze network traffic to obtain sensitive information.
Signs of a Phishing Email
Common indicators used to identify phishing emails.
MFA Synchronization Attack
How attackers exploit MFA synchronization mechanisms to gain unauthorized access.
Watering Hole Attack
How attackers compromise websites frequented by targets to distribute malware.
Cross-Site Scripting (XSS)
How attackers inject malicious scripts into vulnerable web applications.
Reflected XSS Attack
How reflected Cross-Site Scripting works and its most common vectors.
Drive-By Attack
How compromised websites automatically infect users upon visiting them.
HTTP Request Smuggling
How HTTP inconsistencies allow attackers to manipulate proxies and backend servers.
IDOR Attack
How attackers exploit insecure direct object references in web applications.
SQL Injection Attack
How attackers inject malicious SQL queries to compromise databases.
Access Token Manipulation
How attackers manipulate access tokens to escalate privileges or impersonate users.
Server-Side Request Forgery
How attackers force servers to make malicious internal or external requests.
Subdomain Takeover Attack
How misconfigured subdomains can be hijacked by attackers.
Real-Time Payment Systems BRE-B
How real-time payment systems work and the associated security risks.
Blue Team
Roles and responsibilities of Blue Team cybersecurity professionals.
Purple Team
How Purple Teams integrate offensive and defensive cybersecurity capabilities.
Red Team
Functions and methodologies used by Red Teams to simulate real-world attacks.
Fake Online Shopping Fraud
How online shopping frauds operate through fake stores and deceptive offers.
Family Emergency Scam
How scammers manipulate victims by pretending to be in family emergencies.
Wangiri Scam
How fraudulent missed-call scams known as Wangiri operate.
Fast Loan App Fraud
How fraudulent quick-loan apps extort users and steal personal information.
AI-Powered Cybercrime
How cybercriminals use artificial intelligence to automate attacks and fraud.
Model Context Protocol (MCP)
What MCP is and how it enables AI models to integrate with external tools and systems.
AI Systems
Architecture and operation of modern artificial intelligence systems.
Fileless Malware
How fileless malware operates in memory to evade traditional detection mechanisms.
Computer Worms
How worms automatically spread across networks and vulnerable systems.
Living Off The Land
How attackers use legitimate system tools to avoid detection.
Ransomware
How ransomware attacks operate through encryption and extortion phases.
Rootkit
How rootkits hide malicious processes and maintain persistence on compromised systems.
Spyware
How spyware collects sensitive information and monitors user activity.
Trojan
How trojans trick users into installing malicious software disguised as legitimate.
Macro Virus
How Office documents with malicious macros are used to distribute malware.
Computer Virus
How computer viruses operate and spread across systems.
Malware Analysis
Methodologies and techniques used to analyze malware samples.
Wireshark Traffic Analysis
How to use Wireshark to capture and analyze network traffic.
Network Traffic Analysis
How to analyze network traffic to detect threats and anomalies.
Brute Force Attack
How brute force attacks against credentials and systems operate.
Bug Bounty Hunting
Methodologies used to find vulnerabilities in Bug Bounty programs.
Exploitation Cycle
Common phases attackers use to compromise systems and maintain access.
MITRE ATT&CK
MITRE ATT&CK framework for classifying adversary tactics and techniques.
Incident Triage
How to prioritize and classify security incidents effectively.
DevSecOps Process
How to integrate security into CI/CD pipelines and DevOps processes.
Google Dorking
How to use advanced search operators for OSINT investigations.
Digital Forensics
Methodologies used to collect and analyze digital evidence.
OSINT
How to gather intelligence using open-source intelligence techniques.
Pentesting
Methodologies and phases used in offensive penetration testing.
Linux Privilege Escalation
How attackers escalate privileges on Linux systems using insecure configurations and vulnerabilities.
Firewall Rule Management
Process for securely managing, auditing, and optimizing firewall rules.
Incident Response
Phases and procedures used to respond to cybersecurity incidents.
Threat Hunting
How analysts proactively search for advanced threats inside organizations.
Continuous Zero Trust Verification
How Zero Trust continuously validates identities, devices, and access.
Almost Impossible Password
Best practices for creating strong passwords resistant to attacks.
DKIM
How DKIM protects emails using cryptographic signatures.
DMARC
How DMARC helps prevent email spoofing and phishing.
SPF
How SPF validates authorized email sending servers.
Multi-Factor Authentication
How MFA strengthens authentication using multiple verification factors.
SSO and SAML
How SSO and SAML work to centralize authentication and access management.
VPN
How VPNs protect communications and privacy over public networks.
Firewall Evasion Methodology
Methodologies and techniques used to evade firewall controls and network restrictions.
Newsletter
Get new infographics every month
We send one email per month with new infographics and cybersecurity trends. No spam, unsubscribe anytime.
Want to learn more?
Visit our academy for specialized cybersecurity training.
Go to AcademyRead the Blog