Threat Dashboard
Overview of common cybersecurity threats and your learning progress.
All Threats
📧 Phishing Simulator
Identify suspicious emails — all examples are fictional.
What is Phishing?
Phishing is a social-engineering attack where attackers impersonate trusted senders to trick victims into revealing credentials, clicking malicious links, or downloading harmful attachments.
Simulation: Is this email Safe or Phishing?
🔎 Annotated Walkthrough: Spot the Red Flags
Step through a fictional phishing email one clue at a time.
🔗 Suspicious URL Inspector
Paste any URL (real or made-up). The inspector explains what to check — it does not visit the URL.
⚠️ Warning Signs
- Generic greetings like "Dear Customer"
- Urgent, fear-based language
- Mismatched sender domain
- Suspicious links or attachments
- Requests for passwords or money
🛡 Prevention Tips
- Hover over links before clicking
- Verify sender via another channel
- Enable multi-factor authentication
- Report suspicious emails
- Use spam filters and email security tools
🎓 Quick Quiz
Which is the strongest sign of a phishing email?
💻 XSS Simulator
See how unescaped input can be dangerous — safely.
What is Cross-Site Scripting?
XSS occurs when an application renders user input as HTML/JavaScript without proper escaping, allowing attackers to inject content that could steal sessions or deface pages.
Try It (Conceptual Demo)
Type any text. We'll show how it would render in an unsafe vs safe app.
❌ Unsafe Rendering (illustration)
In a vulnerable app, this raw HTML would execute. We only display the source for safety.
✅ Safe Escaped Output
Here the input is safely escaped and rendered as plain text.
⚠️ Warning Signs
- Pop-ups from untrusted sites
- Unexpected redirects
- Strange characters in URLs
🛡 Prevention Tips
- Always escape/encode output
- Use Content Security Policy (CSP)
- Sanitize user-supplied HTML
- Use frameworks that auto-escape
🎓 Quick Quiz
The best way to prevent XSS is to:
🔒 SQL Injection Simulator
Mock login form using fake in-memory data only.
What is SQL Injection?
SQL injection happens when user input is concatenated into a SQL query, letting attackers alter the query's logic. This demo uses mock data — no real database is queried.
Mock Login (Vulnerable Mode)
Hint: Try username admin with password ' OR '1'='1
SELECT * FROM users WHERE username='' AND password=''
⚠️ Warning Signs
- Login bypass possible with quotes
- Database errors in responses
- Unfiltered input fields
🛡 Prevention Tips
- Use parameterized queries / prepared statements
- Validate and sanitize input
- Apply least-privilege DB accounts
- Use ORMs that escape inputs
🎓 Quick Quiz
The best protection against SQL injection is:
🔑 Password Strength Lab
Estimate strength using simple entropy heuristics.
Test Your Password
⚠️ Weak Examples
- 123456
- password
- qwerty
- your name + birthday
🛡 Strong Password Tips
- 16+ characters with mixed types
- Use a passphrase of unrelated words
- Use a password manager
- Enable MFA whenever possible
🎓 Quick Quiz
Which is the strongest password?
🦠 Malware Visual Demo
Pure animation — no real malware involved.
What is Malware?
Malware is any malicious software designed to harm, exploit, or otherwise compromise a system. Common types include trojans, spyware, adware, and worms.
⚠️ Symptoms
- Slow performance
- Pop-ups and unknown apps
- Disabled antivirus
- Unusual network activity
🛡 Prevention
- Install reputable antivirus
- Keep software updated
- Avoid pirated software
- Don't click unknown links/files
🎓 Quick Quiz
Which is NOT a sign of malware infection?
🦠 Virus Spread Visualizer
Visual animation showing conceptual virus propagation.
What is a Computer Virus?
A virus is a type of malware that attaches itself to clean files and spreads through systems, often when users execute infected files.
⚠️ Spreads Via
- Infected USB drives
- Email attachments
- Downloaded files
- Network shares
🛡 Prevention
- Scan removable drives
- Don't open suspicious attachments
- Patch operating systems
- Use endpoint protection
🚫 Ransomware Demo
A fake locked-screen demo — completely safe.
What is Ransomware?
Ransomware encrypts files and demands payment to restore access. Attackers often exploit phishing or unpatched systems for entry.
⚠️ Warning Signs
- Files renamed with strange extensions
- Ransom note .txt files
- Sudden inability to open files
🛡 Recovery & Prevention
- Maintain offline backups
- Test restores regularly
- Patch and segment networks
- Don't pay — there's no guarantee
🎓 Quick Quiz
Best defense against ransomware:
⚠️ Weak Passwords
See how common weak passwords compare.
Top Weak Passwords vs Strong Alternatives
| Weak | Crack time (approx) | Stronger Alternative |
|---|---|---|
| 123456 | Instant | tea-MOON-river-91! |
| password | Instant | quartz-Otter-Beam-7Q |
| qwerty | Instant | silly-cactus-jumps-Hi9 |
| letmein | Instant | orchid-piano-Storm-44 |
| iloveyou | ~ seconds | willow-Mango-Robot-2x |
⚠️ Why Weak Passwords Fail
- Short and predictable
- Found in leaked password lists
- Easy to brute-force
- Reused across sites
🛡 Prevention
- Use unique passwords per site
- Generate via a password manager
- Enable MFA
- Check breaches periodically
💬 Data Leakage
Sensitive data exposed by accident or attack.
What is Data Leakage?
Data leakage is the unauthorized transmission of data from inside an organization to an external destination. It can be accidental (misconfigured cloud storage) or malicious (insider exfiltration).
Leakage Risk Estimator
Toggle practices and see your leak risk score.
⚠️ Common Causes
- Misconfigured S3 buckets
- Unencrypted laptops
- Phishing-stolen credentials
- Insider threats
🛡 Prevention
- Classify and encrypt sensitive data
- Audit access regularly
- Use DLP tools
- Train staff on handling data
🎓 Final Quiz
Test your overall cybersecurity knowledge.
🤵 Social Engineering
Attackers exploit trust, fear, and urgency.
What is Social Engineering?
Social engineering manipulates people into giving up confidential information. It targets the human element rather than technical vulnerabilities.
Decision Trainer: What would you do?
🎭 Tactic Reference
Quick definitions of the most common social-engineering techniques.
Pretexting
Inventing a false identity or scenario (fake IT, auditor, vendor) to extract info.
Baiting
Tempting the victim with something attractive — free download, USB stick, gift.
Tailgating
Slipping into restricted areas behind authorized people.
Vishing
Voice phishing — phone calls impersonating banks, IT, or government.
Smishing
SMS-based phishing with fake delivery, bank, or 2FA messages.
BEC / CEO Fraud
Impersonating an executive to authorize wire transfers or gift-card purchases.
Quid Pro Quo
Offering a "favor" (free help, prize) in exchange for credentials or access.
Watering Hole
Compromising a site the target group already trusts and visits.
⚠️ Common Tactics
🛡 Defense
🎓 Quick Quiz
An attacker calls pretending to be from your bank's fraud team and asks for your one-time SMS code. This is: