Cyber.org Kahoots

Foundational Cybersecurity Framework (Resource for educators)

Podcasts, Videos, and Texts

NovaLabs Cyber Glossary

BeCyberSmart - Cybersecurity Crossword

Newsletters - Cyber Patriot's CyberSentinel

National Cryptological Foundation Resources

• Outsmart Cuberthreats Collection

• Curriculum Guidelines

• Educator Links & Resources

CLARK cybersecurity lesson resources

• SANS Cybersecurity Cheatsheets

EMates

Article: Un-complicating Cybersecurity: 3 Ways to teach students about Cybersecurity

Website: CyberSeek

PDF - SANS ABC's of Cybersecurity (Vocab List)

Youtube Short - Developers vs Testers

Youtube: TED - Why Ethical Hacking is so Important in a 21st Century Economy

Youtube: TED - Why I Teach People How To Hack

Youtube: TED - You Should Learn How To Hack

Youtube: Hacking as a Way of Thinking

Video: OPB - How Do You Feel About The Design Tricks That Social Media Apps Use? (How are businesses hacking you?)

Youtube: The Hacker Mindset

Youtube: NovaLabs - The Secret Lives of Hackers

Youtube: NovaLabs - Car-Hacking

Article: FreeCodeCamp - What is Hacking? The Hacker Methodology Explained

Article: FreeCodeCamp - What are White Hat, Black Hat, and Red Hat Hackers? Different Types of Hacking Explained

Article: Norton - 15 Types of Hackers + Hacking Protection Tips for 2023

For Fun:

• Podcast Episode - Darknet Diaries - Samy

Video - NOVA Labs - Cybersecurity Lab or Cybersecurity Lab (Both reference mostly the same material)

Youtube - Eye On Tech - What is Cybersecurity

Article - CyberStart - What is Cybersecurity? A Beginner's Guide

Article - Biden-Harris Administration Announces National Cyber Workforce & Education Strategy

Slides: 1.1 You are a Target / Cybercareers

Slides: 1.2 Intro to Computer Security

Article:  The Journal - Education does 'Worst' job at cybersecurity

Article - CyberStart - 5 Types of Students You Wouldn't Think Would Be Into Cybersecurity, But Are

Website - Cyberseek

• Assignment - Cyber Seek!

Extra Resources:

Booklet - New To Cyber Field Manual

Video - Global Ethics Solution - Cyber Ethics in a Real World

Video - Simplilearn - What is ethical hacking? Ethical Hacking in 8 minutes

Potential Resources:

• TeachingSecurity - Ethics Agreement

• White Hat Agreement

• Cybersecurity Acceptable Use Policy

Lockheed Martin - Cyber Kill Chain

"Outsmart Cyberthreats" - Booklet

"Outsmart Cyberthreats" - Student Workbook

Poster - You are a Target

Slides - CS Careers (general info on the different realms in Computer Science - Not cyber specific)

Poster: SANS - 20 Coolest Careers in Cybersecurity (Shown Above) + Associated Webpage

Posters & WebPages - Cyber.org Cyber Career Profiles

Video - An Introduction to Cybersecurity Careers

Video - InfoSec - Careers in Cybersecurity - New Advice from Def Con 24

Article - CyberStart - 5 Cyber Security Jobs You Didn't Know You Wanted Until Now

Website - Career Exploration - Cyberseek

Article - CyberStart - Is Ethical Hacking a Good Career?

Article - CyberStart - What is the Average Salary in Cybersecurity?

Article - CyberStart - The Top 7 Reasons You Should Pursue a Career in Cyber Security

Website - CybersecurityEducation.Org

Youtube: IT Career Questions - The Best Guide to Entry Level Cyber Security Jobs

Podcast - Darknet Diaries - Ep. 59: The Courthouse

Assignment

• Explore the following 3 Tools

  • Interactive - NICE Cybercareer Map

  • Interactive - NICE Career Pathway Tool

  • Interactive - NICE Career Pathway Roadmap

  • Interactive - NICE Competency Areas

• ... Actual Assignment Instructions Coming...

Advanced Info

Interactive - NICE Workforce Framework

• Education

  • A typical Computer-focused degree (CS, IT, CE, SE, etc) requires 4 years of college

  • Cybersecurity can be done as a 2 year degree or a combination of work experience in IT & Cybersecurity certifications.

Related/Unrelated

• Video: CNBC - How Working for Google, Amazon, and Microsoft Lost 'Dream Job' Status

PDF - Cybercrime: A Sketch of 18 U.S.C. 1030 And Related Federal Criminal Laws

PDF - Prosecuting Computer Crimes

Known as the "World's Most Famous Hacker," Mitnick was once on the FBI's Most Wanted list for his high-profile cybercrimes. After serving time in prison, he became a security consultant and author, sharing his insights on cybersecurity. 

• Twitter

• Darknet Diaries Podcast Episode- Rachel

• 60 Minutes Clip - Con Artists Using AI (referenced in another section for class viewing)

• CNN - Don't Use the Same Password (referenced in another section for class viewing)

• CNN - Hacker Steals CNN Reporter's Data in seconds

• Yubico - Inside the mind of an Ethical Hacker

• Podcast - 8th Layer Insights - How Rachel Tobac Hacked Me

Youtube Short: Developer vs Tester - How does this apply to vulnerabilities in a cybersecurity/software setting?

Video - Joan the Phone music video

Article/Poster: CISA - Mobile Device Cybersecurity for Consumers

Youtube: CISA - Be Cyber Smart Playlist

Article: Embroker  - Top 10 Cybersecurity Threats

Article - What is the CIA Triad?

Video - IBM Technology - What is the CIA Triad?

• Video: Tom Scott - Why You Should Turn On Two Factor Authentication

• Sans Factsheet - MFA

  • Article - Cyberstart - Multi-Factor Authentication Explained

  • Article - Sans - MFA Explainer

Main Content:

• Youtube - Parks & Recreation Ron vs. Online Privacy

• Article/Video - CISA: 4 Things You Can Do to Keep Yourself Cyber Safe

• TED Talk - How Clicking a Single Link can Cost Millions - How do cybercriminals exploit human vulnerabilities?

• Youtube: 60-Minutes - Con Artists Using AI, Apps to target parents, grandparents for theft

• • Phone/Voice Spoofing from 8:05 to 11:17

  • "Be politely Paranoid - Check that this person is who they say they are."

• Nova Labs - A Cyber Privacy Parable (From the Nova Cybersecurity Lab)

Assignment/Activity

• Code.org - Big Data & Cybersecurity Dilemmas

• Research

  • Individually

    • Pick 2 video resources listed in this lesson's "Additional Resources" section below.

    • List important points covered in the video related to cybersecurity.

  • With a partner

    • Discuss what you each got out of your videos (covering the important points you listed) - your videos might be the same, and they might be different.

    • Using the important points covered in the video, make a 1/2 page handout (8.5" x 5.5") that you could give to help others learn about this important information.

      • Handout must include at least 5 important points of safety as covered in 1 or more of the videos

      • Handout must include the videos you watched as references in some way (consider adding QR Codes to the flyer).

      • Handouts can be handmade, but must be digitally accessible (scan and upload to google drive)

      • Follow instructor's instructions for submission. 

Additional Resources

Youtube Short - iPhone takes your picture every 5 seconds

Youtube Short - Hacker finds all images (of a person) on the internet

Video - How Much Do Social Media Algorithms Control You?

Youtube: TedX - Online Privacy: It Doesn't Exist: Privacy & What We Can Do About It (Video intentionally starts @ 2:04 - content prior contains sensitive content)

Youtube: Microsoft - Today in Technology - Protecting Private Data

Youtube: EFF - Encrypt the Web

Youtube: Is my Phone Secretly Listening to Me?

Podcast (short) - Word Notes Cyber Threat Intelligence (CTI)

Article - NCA: Secure Your Home

Article - NCA: Securing Your Home Network

Tips - CISA: Protecting Your Digital Home Tips

Video - The Wall Street Journal - Is this the world's most connected man in the world?

Video (short): Sumsub - Scammer turned granny into criminal

Article: CBS - Uber Driver shot and killed by 81-year-old Ohio Man after both received scam calls, police say

General Info

• Video - NovaLabs Cyber Codes

• Article + Interactive: Perseverance's Parachute Secret Message Encoder

• Interactive Website: Boise State - Cryptography WebQuest 

• Article - Cryptology, Cryptography, and Cryptanalysis

• Article - CyberStart - Morse Code

• Code.org Encryption

• Video: Art of the Problem Public Key Encryption

• Article: Wiki - Cryptography

• Article: GoodCore - 6 Types of Encryption That You Must Know About

• Website: Practical Cryptography

• Tool: dCode - Online Cryptography Tools

• Tool: Rumkin Ciphers & Codes

• Tool: Cyber Chef

  • Video - Cyber Chef Intro

• Use the Practical Cryptography, 101 Computing, Wikipedia, dCode, and Rumkin websites to explore the following ciphers

  • Substitution Ciphers

    • Simple Substitution

    • Caesar (a.k.a. Rot-N)

    • Rot13

    • AtBash

    • Pigpen

      • Video - The Pigpen Cipher (animated)

      • Activity: Cyber.org - Encryption with the Pigpen Cipher

    • Baconian

  • Transposition Ciphers

    • Rail Fence

    • Columnar Transposition

    • Scytale (Check this one out on wiki)

    • Route

  • Polyalphabetic

    • Vigenere Cipher

  • Symetric Cipher

    • XOR Encription Algorithm

  • Other

    • Fractionated Morse

• Article: Cyber,org - Enigma (Polyalphabetic Substitution cipher) - (Cyptanalysis of the Enigma Wiki)

Article: Free Code Camp - Encryption Algorithms Explained with Examples (Advanced)

Activity: Binary Name Keychain (Encoding Activity)

Video - Code.org - Encryption & Public Keys

• Article+Interactive - Visual Cryptography

• Article: CyberStart - Stenography Explained

• Article: Wired - What is Stenography

• Youtube: Studio C - Password Protection Problems

• Youtube: JimmyKimmel - What is your Password?

• Article: Password Cracking Speeds (May, 2020)

• CNN - Don't Use the Same Password

• Sans Factsheet - Passwords

  • Article - Cyberstart - "How to Create a Strong and Secure Password"

• Sans Factsheet - Mobile Safety

• CDSE - Conjure Strong Passwords Poster

• Video - KnowBe4 - How Easy is it To Crack Your Password, With Kevin Mitnick

• Article: Wired - What Is Credential Stuffing

• Activity - *Cyber.org Test your Password Strength

• Podcast - #CyberChats - Season 3 Episode 7/4/2024 (NMap & Password Safety - Start @ 3:39, listen to the end - about 8 minutes)

• ***Need to add something on Passkeys

Hashing- 1-way Encryption

• Youtube: Computerphile - Hashing Algorithms & Security

• Generator: FileFormat.Info - Hash Functions

• Generator: Academo - SHA-256 Hash Generator

• 
  

Podcasts:

• IRL - Your password is the worst

• HacknetDiaries: Rock You (Major password breach that gave us the top passwords used)

• Hackable? - And We're In

• Hackable? - Access Granted

• Video: TED - In the War for Information, Will Quantum Computers Defeat Cryptographers

• Has the potential to solve password cracking in moments...😱

Check out the challenges in the MRX20 Mission

When someone breaks into your house (lets say you come home to a broken window), what do you do?

• Temporary Fix

• Long Term Fix

• Did you lose anything? (What's missing)

• Are you safe? (is someone still inside?)

• How do you prevent this in the future?

Article - CyberStart - What is a Cyber Attack? A Beginners Guide

Article - CyberStart - 5 Types of Hacks You Might Not Know and How to Avoid Them

Article - Broadband Search - 17 Common Online Scams (Be Aware)

Article - Top Japanese Dating App Omiai Hacked; 1.71 Million Users at Risk

Youtube Short - The Scariest USB Ever - Don't try this one!

OSInt = Open Source Intelligence

1. Video - Geolocation Hunting by JoseMonkey

The video outlines how JoseMonkey uses background information, Google Maps, and database queries (discussed but not really shown) to pinpoint possible locations and search people out. Knowing info about your target becomes even easier now thanks to Google's reverse image search.

2. Youtube: Identity Thief: How Your Digital Life Can Be Stolen"

3. Podcast - #CyberChat - There's No Hiding in a Digital World

4. Article - A Guide to Open Source Intelligence (OSINT)

5. Sock Puppets

   1. Wiki - Sock Puppet

   2. Youtube - The Cyber Mentor - Creating Sock Puppet Accounts

6. Youtube - The Cyber Mentor - Hacker Reacts to Influencer's Home Tour

7. Sans Factsheet - Social Engineering

   1. Article - CyberStart - Social Engineering Explained

8. Youtube - Identity Theif: How Your Digital Life Can Be Stolen

9. Youtube: TED - What You Need to Know About Stalkerware

10. Youtube: The CISO Perspective - What is OSINT - The Tools Techniques, and Framework Explained

Challenge/Assignment

BE RESPONSIBLE - you'll be using OSINT to look up information about people. I highly discourage searching for educators or other people you know on a professional level. If you search for information on people you know, get their permission first. Otherwise, limit your searches to public figures.

• Go to https://osintframework.com/

• Explore the tools here.

• Pick a person/place and discover what you can learn about them with these tools.

• In a document, list what you're able to find using these tools.

• In a separate document, list what you learned from this experience (not specifics on the individual, but the types of information you can learn).

Do not disclose the information you learn about individuals to anyone outside of the individual without their consent.

Doxing:

Swatting:

• Article: CNN - An Ohio Gamer Gets Prison Time Over a 'Swatting' Call That Led to a Man's Death

• Article: PSC News - Swatting: A Deadly Trend

Youtube: Round Table Technology -This is How Hackers Hack You Using Simple Social Engineering - Jessica DefCon

Youtube: First Keystone Community Bank - Social Engineering Scams

Youtube: Wired - 9 Levels of Pickpocketing

Youtube: TEDx - Human Hacking: The Psychology behind Cybersecurity 

Interactive - Social Engineering E-Mate (Take notes on the different tactics)

Interactive - Social Engineering Psychological Tactics E-Mate (Take notes on the different tactics)

Podcasts:

• Hackable? - Pwned

• Hackable? - Dead Drops

Use the Clues - Did you see the bait?

• Phishers sometimes use strange characters to bypass an organization's email filters

• Phishers often try to imitate legitimate organizations to gain trust

• The organization this email was sent to has a banner to help users identify when an email is being sent to them from outside the organization in order to help remind them to be cautious and look for potential phishing scams.

• Double check that the phone number included in the email matches the one listed on the organization's page.

Questions to ask yourself with all incoming emails:

• Was this email expected?

• Are they trying to pressure me into acting fast? 

  • Scare tactics - money has been withdrawn. 

  • Short deadlines - 24 hours to request a refund

• Does the email match the organization

• Is it trying to get me to click on links? Check to make sure the link (not the text of the link, but the actual destination location) looks legit.

• Is it trying to get me to call a phone number?

Interactive - Real Time Virus Map

Article: IBM - The History of Malware: A primer on the evolution of cyber threats

Article: EducationWeek - School Cyberattacks, Explained

Virus

• Video: With Secure - Brain: Searching for the First PC Virus in Pakistan

  • Interesting side note: The creators of the "Brain Virus" created it to thwart people pirating their software... but they were pirating American software as well...

Worms

• Article: FBI - The Morris Worm

• Video (10 min): WhatTheHack - The Morris Worm (1988)

Additional Resources

Activity: Malware Reading Comprehension Worksheet

Podcast Episode: Hackable? - False Charge

Podcast Episode: Hacked - The Malware Historian 

• Youtube Channel - danooct1 (videos outlining malware attacks throughout history)

Denial of Service (DoS) or Distributed Denial of Service (DDoS) is an attack on availability and targets flooding a service with illegitimate traffic.

• DoS is typically a small scale attack.

• DDoS is typically a large scale attack, most likely utilizing a botnet.

Article - Wall Arm - DoS Attack (Denial of Service)

Article - CloudFlare - Famous DDoS Attacks | The Largest DDoS Attacks of All Time

Article - Wiki - Man-In-The-Middle Attack

Article - StrongDM - Meddler-in-the-Middle (MITM) Attack: Definition, Examples & More

• Video: SumSub - How are QR Codes Hacked?

Article: GE Vernovo - Managing Cyber Security Risks in the Power Sector

Roblox Revive Atlantis (Cybersecurity Game)

Cybermission.tech

Trycyber

Facility Cyber - Training Game - Explore scenarios and determine the best course of action (without over spending).

Video: Professor Messer - Security Controls

Video: Professor Messer - Physical Security Controls

Podcast - Fun & Games - Lockpicking, CTF, Simulations, and More

Podcast - Bridging the Cyber Skills Gap

What is a CyberRange?

• Gun Ranges are for learning how to safely use a gun.

• Cyber Ranges are for learning how to safely practice cybersecurity principles

  • Cybersecurity is a dangerous topic.

  • Intentional & Unintentional harm is possible.

• A cyber range is a sandbox for learning cybersecurity, where students can make mistakes without breaking your infrastructure.

What is a CTF?

• CTF stands for "Capture the Flag"

• A way to test your cybersecurity skills.

• 2 formats

  • Jeopardy (Typical CTF - more newbie friendly)

    • Answer questions or show skills to get points/earn flags.

    • May need to do research

    • May need to load files into a VM (Virtual Machine)

  • Attack/Defend (More for college-level competitions)

    • Defend your infrastructure/services (patch holes, install firewall, update software, etc.)

    • Attack/Exploit the infrastructure/services of other participants

CTFs

• KC7 - The free cyber detective game

• PicoCTF

  • Marnegie Mellon - PicoCTF

  • PicoCTF Resources (Really good list)

• tryhackme

• Bandit CTF

• TryCyber Challenges

• CyberGames

• CyberStart America

• Article: "How I went from Zero Cybersecurity Knowledge to a Member fo the US Cyber Team By Playing CyberStart!"

• Sans Institute Holiday Hack Challenges

• CTF 101

• Hack The Box

• Hack The Box Academy

• Hack This Site 

• Cyber Patriot

• HackingHub

• Texas A&M Cyber Security Games  

More CTF's can be found by Googling "CTF's for Beginners" or "CTF's for Learning"

• Article - CyberStart - Programming Explained

Article - FreeCodeCamp -  The Ethical Hacking Lifecycle: Five Stages of a Penetration Test

Youtube: Tomorrow Unlocked - Penetration Tester Helps Banks by Hacking Them

Youtube: Wired - Hacker Answers Penetration Test Questions from Twitter

For Fun:

• Podcast Episode: Darknet Diaries - HD (Metasploit)

Linux Command Line Reference

Linux for Hackers

File Manipulation Tools

Cyber.org - Linux 101 Lab (Ask teacher for access)

Cyber.org - Linux 102 Lab  (Ask teacher for access)

Cyber.org - Fun with Linux Lab  (Ask teacher for access)

Nova Labs - Networking Know How

Artificial Intelligence (AI) is getting more and more advanced and being used more and more in every sector. Cybersecurity has seen AI make improvements to fishing emails, author credential harvesting website, and even walk users through the process of creating  computer virus then instructing them on ways they can spread the virus.

In order to understand the impact that AI has in cybersecurity, it helps to explore it through new stories as well as courses that teach you how to use and develop AI tools, or how to avoid being conned by them.

Article: ZDNet - I took this free AI course for developers in one weekend and highly recommend it - 13 free AI courses

Youtube: Why Can't Robots Check the Box that Says "I'm Not a Robot"?

TED Talks Daily: Magic & Wonder in the age of AI

Video: Eli the Tech Guy - What is a HoneyPot

Article: TunnelsUp - Getting Started Cracking Password Hashes with John the Ripper

Youtube Playlist - Professor Messer - CompTIA SY0-701 Security+ Training Course

9hr Ethical Hacking Course - https://www.freecodecamp.org/news/license-to-pentest-ethical-hacking-course-for-beginners/ 

15hr Penetration Testing Course - https://www.freecodecamp.org/news/full-penetration-testing-course/ 

Penetration Testing Full Course - https://www.freecodecamp.org/news/web-app-penetration-testing-full-course/ 

This course does not properly prepare students for certifications, but hopefully points you in the right direction. The following are resources to help inform you about various certifications you should look into, but they'll all require a lot of preparation and study.

Interactive: PaulJerimy.com Certificaton Map

Youtube: Mad Hat - Cybersecurity Certificate Tier List (2023)

Youtube: ISC2 - Is the CISSP Right For You?

• TryCyber

• CyberChef - a Website for encryption and... stuff.

• National Cybersecurity Teaching Academy - Training - 2-3 summers, 12-18 credit graduate teaching certificate for how to teach cybersecurity

• RING curriculum

• CLARK curriculum

• Cyber.org curriculum

  • apps.cyber.org cyber range

• E-Mates Cybersecurity - interactives (interactive slides for learning)

• LabEx "Teams for Education" free for teachers + 30 students.

• NCyTE Interactives - Useful interactive slides for learning

• CHI Program @ University of Seattle (training program for new-to-cybersecurity teachers)

• Cyber Patriot

• NSA Codebreaking Challenge

• Space Grand Challenge

• Parallax Curriculum w/ Microbit - Need the microbit boards to follow curriculum

• National Cyber Cup

• OverTheWire "War Games"- CTF style challenges over ssh

• UO Cybersecurity Challenge Cup Competition held in September.

• TryHackMe

• HackTheBox

• HackThisSite

• Cyber Aces - Paloalto activities for youth.