Anatomy of an Attack

2 Lessons

In this fourth module of the Introduction to Cybersecurity for High School Students and K12 Educators course, the lessons will describe the steps an attacker would take when attacking a computing infrastructure. The module covers the first 2 steps in the 4-step process including: reconnaissance and exploits. Students will work on the Kali Linux box associated with the course in the Virginia Cyber Range.

Learning Objectives
  • Enumerate the steps that attackers take to attack
  • Describe strategies used during reconnaissance: Social engineeringSearch Engine HackingWHOIS database to gather information, and Network scanning/enumeration
  • Explain how common vulnerabilities in software help manifest exploits
  • Enumerate common software exploits including buffer overflows, cross site scripts and SQL Injections.
  • Enumerate common network based exploits including denial of service, sniffing and spoofing.
Lessons in this Collection
Faculty Instructions

Lesson 1 enumerates the steps of an attack and describes the first step: reconnaissance. Lesson 2 covers the step on exploits. The module does not cover the last 2 steps of an attacks as that material is beyond the scope of a foundational class. However, instructors can optionally cover malware as a potential backdoor. Students can use the Linux box associated with the course to practice both these steps. There are also several other resources available on the internet that instructors can incorporate into their class. These include:

NOTE: Instructors should note it is highly recommended that most all of the exercises in the course (and in this module) can be completed using the virtual environment on the Virginia Cyber Range: K12 CYBER SECURITY CONCEPTS USING KALI LINUX, so if they plan to use multiple exercises from different modules, adding that environment to their course is sufficient for students to use for all of the labs.

Anatomy of an Attack Module Description

Log In
to download materials

* NICE Cybersecurity Workforce Framework KSAs Addressed
  • K0069: Knowledge of query languages such as SQL (structured query language).
  • K0070: Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0119: Knowledge of hacking methodologies in Windows or Unix/Linux environment.
  • K0206: Knowledge of ethical hacking principles and techniques.
  • S0052: Skill in the use of social engineering techniques.
* NSA/DHS Center of Excellence (CAE) KUs Addressed
  • Vulnerability Analysis (VLA)

* Most courseware content maps to NIST NICE Cybersecurity Workforce Framework (NCWF) Knowledge, Skills, and Abilities (KSAs) and/or NSA/DHS CAE Knowledge Units (KUs). For more information on KSAs and KUs, please visit: