CLASSIFIED

VAULT 7

CYBERSECURITY EDUCATION GAME

Learn to defend. Play to protect.

SECURE TRANSMISSION

LEVEL 1

OPERATION FIRST LINE

PASSWORD SECURITY

Commander Reyes — Director of Operations

Agent, we have a situation. Field Agent Chen's account was compromised last night. The breach? A weak password. Six characters. No special symbols. Cracked in under a second.

Chen's files are now in enemy hands. We can't let this happen again.

Your first task: prove you understand what makes a password strong — and what makes one a liability. Show me you can tell the difference.

TRAINING MODULE

PASSWORD SECURITY FUNDAMENTALS

Study this intel carefully. You'll be tested on it next.

CRACK THE PASSWORD

Rate each password as WEAK, MEDIUM, or STRONG

BUILD A STRONG PASSWORD

Create a password that meets all the strength requirements

STRENGTH: —

✗ At least 8 characters
✗ Uppercase letter
✗ Lowercase letter
✗ Number
✗ Special character (!@#$%...)
✗ 12+ characters (recommended)

PASSWORD ACCEPTED

Your password is strong. Well done, Agent.

MISSION COMPLETE

OPERATION FIRST LINE

0/5

passwords correctly identified

JUNIOR ANALYST

KEY TAKEAWAYS

Strong passwords are 12+ characters with a mix of uppercase, lowercase, numbers, and symbols.
Never use dictionary words, keyboard patterns, or personal info.
Use a password manager to generate and store unique passwords.
Never reuse passwords across accounts.

01

PASSWORD SECURITY

THREAT INTEL CARD

Strong, unique passwords are your first line of defense. A 12-character random password would take centuries to crack. A weak one takes seconds. Use a password manager, enable MFA, and never reuse credentials.

LEVEL 2

OPERATION BAIT & HOOK

PHISHING DETECTION

Commander Reyes — Director of Operations

Good work on your first mission, Agent. But passwords aren't the only threat. We've intercepted intelligence suggesting a coordinated phishing campaign targeting our agency.

Fake emails. Spoofed senders. Malicious links. The enemy is trying to trick our people into handing over their credentials — and it's working.

I need you to scan through an incoming batch of emails. Identify the phishing attempts before our agents click something they'll regret. You have 90 seconds. Stay sharp.

TRAINING MODULE

PHISHING DETECTION FUNDAMENTALS

Learn to spot the signs before entering the field.

INBOX (8 unreviewed)

01:30

Select an email to review

MISSION COMPLETE

OPERATION BAIT & HOOK

0/8

emails correctly classified

FIELD AGENT

KEY TAKEAWAYS

Always check the sender's domain — look for subtle misspellings and lookalikes.
Hover over links before clicking — the display text can hide a malicious URL.
Be suspicious of urgency — "act now or else" is a classic social engineering tactic.
Verify through a separate channel — call or message the sender directly to confirm.

02

PHISHING DETECTION

THREAT INTEL CARD

Phishing is the #1 attack vector. Attackers exploit trust and urgency to trick targets into clicking malicious links or revealing credentials. Always verify the sender, inspect URLs, and report suspicious messages. When in doubt, don't click.

PRIORITY ALERT — EYES ONLY