Cybersecurity
- Vocabulary Matching (Warm‑up)
Objective:
Understand and memorize key cybersecurity terms.
Exercise 1
Match each cybersecurity term with its correct definition.
Terms
- Malware
- Phishing
- Ransomware
- Denial of Service attack
- SQL Injection
- Identity theft
Definitions
A. An attack that makes a service unavailable by flooding it with traffic
B. Malicious software designed to damage or control a system
C. An attack that tricks users into giving personal information
D. An attack that encrypts files and demands money
E. Stealing personal data to impersonate someone
F. Inserting malicious code into a database query
- Threat Identification (Reading comprehension)
Objective:
Identify different types of cyber threats in real situations.
Scenario
Alice receives an email from her “bank” asking her to click on a link to verify her account.
The website looks legitimate, but the URL is strange.
After entering her credentials, she notices unusual transactions on her account.
Exercise 2
- What type of attack is this?
- What human weakness was exploited?
- What should Alice have done differently?
- What technical protections could help prevent this attack?
- Vulnerabilities Classification
Objective:
Understand different categories of vulnerabilities.
Exercise 3
Classify each vulnerability as:
- Network vulnerability
- Software / OS vulnerability
- Human vulnerability
- An unpatched Windows server running SMBv1
- A Word document with malicious macros
- A user reusing the same weak password everywhere
- An RDP service exposed to the Internet
- Clicking on a link received by SMS
Which vulnerability is the hardest to fix and why.
- Case Study: WannaCry Ransomware
Objective:
Analyze a real cyberattack.
WannaCry ransomware spread worldwide.
It exploited a vulnerability in Windows SMBv1.
Many organizations had not installed security updates.
Hospitals, companies, and public services were affected.
Exercise 4:
- What type of vulnerability was exploited?
- Why did the attack spread so quickly?
- What security measures could have prevented it?
- Is this a technical failure, a human failure, or both?
- Human Factor Role Play (Oral activity)
Objective:
Raise awareness about social engineering.
Exercise 5:
Work in pairs.
- Student A: The attacker (fake IT support or bank employee)
- Student B: The employee
Student A tries to obtain:
- A password
- A verification code
- Personal information
Student B must:
- Ask questions
- Refuse politely
- Apply security best practices
Show your performance to the group
Class debrief
What manipulation techniques were used?
How can companies train employees to resist them?
- Security Best Practices Checklist
Objective
Apply defensive thinking.
Exercise 6
You are responsible for securing a small company.
Tick ✅ the correct actions.
- ☐ Use the same password for all services
- ☐ Enable multi‑factor authentication
- ☐ Work daily with an administrator account
- ☐ Install updates regularly
- ☐ Open all ports “just in case”
- ☐ Use antivirus and firewall
Introductory Defensive Lab (Conceptual – No Commands)
Objective
Understand what security tools check (without hacking).
Exercise 7
- Why is it dangerous to leave unnecessary ports open?
- Why are weak passwords vulnerable to wordlists like rockyou.txt?
- Why should RDP never be exposed without strong protection?
- Why must penetration testing be done legally?
- Final Case Study: Mixed Attack
Scenario
A company employee installs cracked software at home.
Malware steals VPN credentials.
The attacker connects to the company network via RDP.
Files are encrypted.
Exercise 8
- Identify all vulnerabilities involved
- Which ones are technical? Which ones are human?
- List 3 preventive measures
- Who is responsible: the user, the company, or both?
Created with the Personal Edition of HelpNDoc: Easy EPub and documentation editor