What is Cybersecurity?

This lab simulates connecting to a public WiFi network inside the AKT VM so you can see what you are exposed to when you join an untrusted network. Public WiFi at cafes, airports, and hotels is often insecure: traffic can be observed, fake hotspots can steal credentials, and unencrypted data can be captured. No real network is used. Your goal: open the WiFi app, connect to the simulated Public WiFi, then review the "What you are exposed to" panel to understand real-world risks and why you should avoid sensitive activities on public WiFi or use a VPN.

Click Open Lab Video to launch the AKT Virtual Machine. Sign in (default: akt / 1234). You will see a restricted desktop with only the apps needed for this lab: Folder Structure, Brute Force Lab, and Notes. The mission and step-by-step instructions are in brief.txt; you can read them in the Notes app or by opening brief.txt in Folder Structure. This is a controlled simulation—no real systems are attacked.

Open Folder Structure (file manager). Create a new file named wordlist.txt. This file represents the list of candidate passwords an attacker would try against the target account. In real attacks, wordlists are built from leaked passwords, common patterns, and dictionary words. Here you will paste a starter list that includes the target actual password so the simulation can demonstrate a successful breach.

Use the "Copy list" button in the editor toolbar to copy the starter password list (which includes "password" and other common candidates) into the AKT clipboard. Paste into the wordlist.txt editor, then click Save. The wordlist must contain "password" so that when the Brute Force simulation runs, it will eventually try that value and succeed. This models how real attackers use wordlists to guess weak passwords.

Open Brute Force Lab. The target account password is fixed to "password" for this lab (you do not set it). Click "Run Part 1 (weak password)". The simulation will try each wordlist entry in order; when it tries "password", the account is compromised. Watch the Attack Progress bar and the Live attempt log. You will see an "Access gained" message and the status will show that the credential was cracked. This demonstrates how dangerous weak, guessable passwords are.

After the breach, a "Target account files (compromised)" section appears in the Brute Force app. This is the target’s folder structure—it is only visible here, not in the main Folder Structure app. Expand the folders: click the chevron next to "Documents", then expand "confidential". You will see the file aktEncrypted.enc. Click it to view its contents. The file is encrypted: you can see that even with account access, the content cannot be read without the decryption key. This illustrates that encryption is a last line of defense—weak passwords let the attacker in, but encryption can still protect the data.

In the same Brute Force Lab, click "Run Part 2 (strong password)". This simulates attacking an account that uses a strong password (not in your wordlist). The simulation will try entries from the wordlist, fail to find a match, and hit the account lockout limit. The attack is blocked. No access is gained. This shows how strong, unguessable passwords—combined with lockout policy—make brute force impractical.

Compare the two runs: In Part 1, a weak password in the wordlist led to quick compromise and "access" to the target’s folder (with one encrypted file). In Part 2, a strong password not in the wordlist led to lockout and no access. In your own words, summarize: (1) what the attacker did in both runs, (2) why the weak-password account failed, (3) how the strong password and lockout prevented compromise, and (4) why the encrypted file remained protected even after the Part 1 breach.