P.S. Cafe × Practical Cyber

Cyber Awareness — Interactive Simulators

Three hands-on simulators built for the full-day class. P.S. Cafe was breached through phishing — so these put you in the seat: spot the phish, clean up the risky files, and watch how the attacks actually work. Everything runs in your browser. No real systems, no real data.

⏱ Afternoon — Hands-On 🍽️ F&B-tailored 🎓 All-staff 🔒 Sandboxed training

✉️

SIMULATOR 01

Phishing Inbox

A real-looking Outlook inbox with 5 F&B phishing emails hidden among genuine mail. Read each one, then Report Phishing. Get the Domain-Analysis breakdown and a scored debrief.

Fits: Afternoon Exercise 1 · morning “Spot the Phish”

Launch inbox →

🖥️

SIMULATOR 02

Spot the Risky File

A back-office desktop scattered with files — a .pdf.exe in disguise, plaintext passwords, loose customer & staff data. Inspect each and flag what shouldn’t be there.

Fits: morning Malware/Data topics · Exercise 3 (data & device security)

Launch desktop →

⛨

SIMULATOR 03

Threat Simulator

See attacks from the other side: brute-forcing a weak password (and how MFA stops it), a SQL-injection login bypass, and a phishing clone with live URL analysis.

Fits: morning “why passwords fail” · mechanism-level demo

Launch simulator →

Trainer note. These rebuild the IRAS awareness suite, re-skinned for P.S. Cafe / F&B. All content is fictional and self-contained — open directly in any browser or host as static files (see README.md). Pair with the facilitator run-of-show and the afternoon exercise guides.

Practical Cyber · Kingston × DACTA · awareness track