• perm_identity
  • Logout
Teacher Dashboard
  • Books
menu
  • print
  • play_for_work
  • Select a book:
  • PEBL Cyber Security
Welcome to your PEBL Teacher Dashboard

chrome_reader_mode

Track progression

Take full advantage of the advanced reporting and analytics baked into every PEBL-enabled eBook and get detailed information on your students' progress through a given book.

assessment

View performance

Review tests and quizzes your students have taken to track their performance.

chat

Participate in discussions

Communicate directly with students as they work through the material.



Select one of your PEBL-enabled eBooks to get started!
Showing

chrome_reader_mode

Content
  • trending_upStudent Activity
    Time / Section 0 min
    Time / Session 0 min
    Total time 0 min
    recent_actors
  • assignmentClass Progress

    Percentage of Book Completion by Lesson

assessment

Assessment
  • assessmentQuiz Statistics
    Average Score
    Standard Deviation
  • subtitlesQuestion Analysis

chat

Discussions
  • select a thread Reply to thread...


v5.24a, Made by Eduworks

Submit Cancel
  • Select a discussion:
  • What might make this email attack effective where others fail?
  • What makes this whaling attack more likely to succeed than a generic phishing email?
  • Can you think of an SE scenario involving phishing that is not unethical or malicious?
  • What aspects of your life might a spear phisherman hone in on? How might they create an attack, and how would you know it was truly an attack?
  • Were you ever notified by a friend that he or she received a cloned email from you? How did they know? What did you do in response?
  • What research would you have to do on potential targets in order to be able to launch a whaling attack in a workplace that you are not already familiar with?
  • What do you or would you look for to verify a suspicion that you are looking at a website forgery?
  • Share your experience of a vishing attack and how you knew (or didn’t know) that the attacker was vishing?
  • How would you craft a SMiShing message differently than a phishing message? How would the content, format, and tone be different?
  • What questions would you ask someone who claimed to be an IT person in your organization to determine that they were impersonating?
  • What kind of diversion scenario would have the best chance of working in your work environment?
  • What label would you use for media in a baiting attack in your work environment and where would you leave the bait?
  • Think of someone whose position or knowledge could make them a phishing attack target. What makes them a good target?
  • Using your knowledge of your target, what approach would you choose and why?
  • How would you collect potentially compromising information about your target?
  • Using what you’ve gathered about your target, what details would you use to architect your attack?
  • What would your attack execution look like?
  • Share and discuss other cybersecurity techniques that you know that might allow for exploitation after a successful phishing attack.
  • What would you do with control of your target’s network?
  • This is obviously a very elaborate attack requiring a lot of patience and hard work. What elements of this could have been done with less effort, using email phishing or vishing? Are there ways to do it that could have minimized the risk of detection even further?
  • Think of an SE objective. What barriers would you need to compromise to achieve it, and how would you do it?
  • Under what circumstances would you be most likely to get away with shoulder surfing?
  • What would a phisher find in your trash if he or she picked it up for a couple of weeks?
  • Describe your overall goal for the phishing attack and its implications for your choice of target. Then describe your target and their characteristics and/or role that led you to select that target.
  • Describe your approach and why you selected it. Include the pros, cons, risks, and opportunities of your approach.
  • Describe the actions you have taken (if describing a real phishing attack), plan to take or would take (in a fictitious attack) in the Reconnaissance phase. Include what you learned from it or expect to learn from it, and pros, cons, risks, and opportunities of your reconnaissance activities.
  • Describe how you will conduct your attack, or what your plan was (for a real attack).
  • Describe how you will or actually did reap the benefits of the attack. What could or did happen during the Exploitation phase to negate and of the benefits you reaped? Did your plan for exploitation account for all of them?
  • Select a student:

Download as CSV