Match the four stages of a cyber attack with their definitions and examples.
| Parameters: | |
|---|---|
| Duration: | 10 minutes |
| Participants: | 1–X students |
| Instructors: | 1 teacher |
| Class: | any |
| Resources: | printed and cut cards |
| Prerequisites: | basic understanding of the terms on the cards |
- Remember the four stages of a cyber attack.
- Understand the definitions of the attack stages.
- Name the example tools that can be used during the attack stages.
- Print the handout for each student group.
- Use one-sided printing.
- Cut the handout into cards so that each line forms one card. You will be left with 4 phase cards, 4 definition cards, and 21 tool cards for each student group.
- Mix the cards and pin each set together with a paperclip. This will avoid the hassle with distribution.
- The students create small groups (2 to 3 students).
- Each group receives one set of cards and has to match the phases with their definitions and then assign example tools to each.
- When two neighboring students are finished, ask them to compare their solutions and discuss any differences.
- Allow time for questions, or let the students explain the individual tools.
- Solution:
- In the handout, the definitions are listed in the order of the phases, so the 1st definition belongs to the 1st phase, and so on.
- The first 6 tools (Google, ..., phishing) belong to phase 1.
- The next 4 tools (nmap, ..., WPScan) belong to phase 2.
- The next 7 tools (Metasploit, ..., password cracking) belong to phase 3.
- The last 4 tools (ransomware, ..., adware) belong to phase 4.
- Make sure that the students understand the definitions and the terms in the tools, and are not just guessing.
- This article lists a 5th stage: Covering tracks.
CSIRT-MU team, 2019