qognio-templates/pia-phishing-pruefer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pia-phishing-pruefer/www/curricula.json
Qognio Bot Extract 3a237a52dc init: extract pia-phishing-pruefer from qognio-bot-widget-template@d2c816f 
Source files (src/) and rendered bundle (www/) extracted on 2026-04-29T01:35:48+02:00.
Adds nginx:alpine Dockerfile + docker-compose.yml (Caddy-labels) so the bot
runs stand-alone or as a per-customer template clone.

Parent monorepo commit: d2c816f3edbc9760802a11b29ff4151c7aad4b46
Bot version: 2026-04-25
2026-04-29 01:35:49 +02:00

181 lines
7.9 KiB
JSON
Raw Permalink Blame History

{
"version": "2026-04-25",
"updated": "2026-04-25",
"curricula": [
{
"id": "pattern",
"title": "1 · Phishing-Pattern erkennen",
"short": "Sender-Tricks, Domain-Spoofing, Urgency, Authority",
"icon": "shield",
"color": "#dc2626",
"description": "Die klassischen Pattern: gefälschte Absender, ähnliche Domains, künstliche Dringlichkeit, gefakte Autorität. Wie man sie technisch und sozial erkennt.",
"source_md": "00-pattern.md",
"modules": [
{
"id": "absender-tricks",
"title": "Absender-Tricks (Spoofing, Display-Name)",
"objectives": ["From-Header von Reply-To unterscheiden","Display-Name vs. echte Adresse","SPF/DKIM/DMARC-Status lesen"],
"topics": ["From","Reply-To","Display-Name","SPF","DKIM","DMARC"],
"difficulty": "mittel",
"source_heading": "Absender-Tricks"
},
{
"id": "domain-spoofing",
"title": "Domain-Spoofing & Look-Alikes",
"objectives": ["Homoglyph-Attacks erkennen (rn vs. m, 0 vs. O)","Subdomain-Spoofing (paypal.security-update.tld)","Punycode (xn--)"],
"topics": ["Homoglyph","Punycode","Subdomain"],
"difficulty": "schwer",
"source_heading": "Domain-Spoofing"
},
{
"id": "urgency-authority",
"title": "Urgency & Authority — Social Engineering",
"objectives": ["Urgency-Marker erkennen (heute, sofort, letzte Mahnung)","Authority-Marker (CEO, Anwalt, Behörde)","Cognitive-Bias-Trigger"],
"topics": ["Urgency","Authority","Reciprocity","Scarcity"],
"difficulty": "einfach",
"source_heading": "Social Engineering"
}
]
},
{
"id": "ceo-fraud",
"title": "2 · CEO-Fraud & Authority-Attacks",
"short": "Wie der vermeintliche CEO Geld überweisen lässt",
"icon": "alert",
"color": "#dc2626",
"description": "Eine der teuersten Phishing-Varianten: gefälschte Mails vom Geschäftsführer an die Buchhaltung, oft mit Druck und Geheimhaltungs-Bitte.",
"source_md": "01-ceo-fraud.md",
"modules": [
{
"id": "ceo-grundlagen",
"title": "CEO-Fraud — wie es läuft",
"objectives": ["Typischer Ablauf (Recherche → Mail → Druck → Überweisung)","Pre-Texting via LinkedIn","Targeting der Buchhaltung"],
"topics": ["Recherche","Pre-Texting","LinkedIn-OSINT"],
"difficulty": "mittel",
"source_heading": "CEO-Fraud-Ablauf"
},
{
"id": "ceo-erkennung",
"title": "Erkennungs-Marker",
"objectives": ["Geheimhaltungs-Bitte als Red-Flag","Domain-Mikroskopie (CEO@firma-de.com vs. .de)","Erste-Mail-Pattern (kein Vor-Mail-Verlauf)"],
"topics": ["Geheimhaltung","Domain-Check","Vor-Mail-Verlauf"],
"difficulty": "mittel",
"source_heading": "Erkennung"
},
{
"id": "ceo-prozess",
"title": "Prozess-Schutz: 4-Augen + Voice-Callback",
"objectives": ["Voice-Callback per bekannter Nummer","4-Augen-Prinzip ab Schwellen-Betrag","Abweichungs-Doku & Eskalation"],
"topics": ["4-Augen","Voice-Callback","Schwellen-Betrag"],
"difficulty": "schwer",
"source_heading": "Prozess-Schutz"
}
]
},
{
"id": "bec",
"title": "3 · Business Email Compromise (BEC)",
"short": "Wenn der Account selbst übernommen wurde",
"icon": "alert",
"color": "#dc2626",
"description": "BEC = der Angreifer hat Zugriff auf einen echten Account und schreibt FROM diesem Account. Schwerste Variante, da SPF/DKIM grün sind.",
"source_md": "02-bec.md",
"modules": [
{
"id": "bec-grundlagen",
"title": "BEC — was es ist, warum so gefährlich",
"objectives": ["BEC vs. Phishing abgrenzen","Conversation-Hijacking erkennen","Vendor-Email-Compromise (VEC)"],
"topics": ["BEC","VEC","Conversation-Hijacking"],
"difficulty": "schwer",
"source_heading": "BEC-Grundlagen"
},
{
"id": "bec-bankdaten",
"title": "Bankdaten-Änderungs-Trick",
"objectives": ["Last-Minute-IBAN-Änderung als Red-Flag","Verifikation via 2. Kanal","Vertragliche Klauseln gegen IBAN-Änderung"],
"topics": ["IBAN-Änderung","2. Kanal","Vertragsklausel"],
"difficulty": "mittel",
"source_heading": "Bankdaten-Trick"
},
{
"id": "bec-mfa",
"title": "MFA-Bypass & Token-Diebstahl",
"objectives": ["AiTM-Angriffe (EvilProxy, Modlishka)","Session-Cookie-Diebstahl","Phishing-resistente MFA (FIDO2)"],
"topics": ["AiTM","Session-Cookie","FIDO2"],
"difficulty": "schwer",
"source_heading": "MFA-Bypass"
}
]
},
{
"id": "qr-deepfake",
"title": "4 · QR-Phishing & Deepfake-Voice",
"short": "Die neuen Vektoren — Bilder-QR und KI-Stimmen",
"icon": "eye",
"color": "#dc2626",
"description": "Quishing (QR-Phishing in Mails/Postern) und Vishing (Voice-Phishing) inkl. Deepfake-Stimmen — die wachsenden Angriffsflächen 2025/2026.",
"source_md": "03-qr-deepfake.md",
"modules": [
{
"id": "quishing",
"title": "Quishing — QR-Phishing",
"objectives": ["QR-Codes vor Scan auf Ziel-URL prüfen","Mobile-Filter umgehen","Awareness in Konferenzräumen/Büro-Aushängen"],
"topics": ["QR","Mobile-Filter","Office-Awareness"],
"difficulty": "mittel",
"source_heading": "Quishing"
},
{
"id": "voice-vishing",
"title": "Vishing — Voice-Phishing",
"objectives": ["Helpdesk-Impersonation","Identifikations-Verfahren am Telefon","Code-Words / Safe-Phrases"],
"topics": ["Helpdesk","Identifikation","Safe-Phrase"],
"difficulty": "mittel",
"source_heading": "Vishing"
},
{
"id": "deepfake",
"title": "Deepfake-Voice (CEO-Anruf)",
"objectives": ["Wie KI-Stimm-Klone heute klingen","Verifikations-Frage-Pattern","Eskalations-Workflow bei Verdacht"],
"topics": ["Voice-Cloning","Verifikations-Frage","Eskalation"],
"difficulty": "schwer",
"source_heading": "Deepfake-Voice"
}
]
},
{
"id": "incident-response",
"title": "5 · Incident-Response (Wenn's passiert ist)",
"short": "Erste 60 Minuten, NIS2-Meldepflicht, Kommunikation",
"icon": "search",
"color": "#dc2626",
"description": "Wenn jemand geklickt hat: Sofort-Maßnahmen, Forensik-Schutz, NIS2-Meldepflicht, Kommunikation an Betroffene und Behörden.",
"source_md": "04-incident-response.md",
"modules": [
{
"id": "ersten-60-min",
"title": "Die ersten 60 Minuten",
"objectives": ["Account isolieren (nicht löschen)","Passwörter zentral resetten","Audit-Logs sichern"],
"topics": ["Isolation","Reset","Audit-Logs"],
"difficulty": "mittel",
"source_heading": "Erste 60 Min"
},
{
"id": "meldepflichten",
"title": "Meldepflichten (NIS2 / DSGVO)",
"objectives": ["NIS2 24h-Frühwarnung, 72h-Meldung, 30-Tage-Bericht","DSGVO 72h Datenpannen-Meldung","Wer ist zuständige Behörde"],
"topics": ["NIS2","Art. 33 DSGVO","BSI"],
"difficulty": "schwer",
"source_heading": "Meldepflichten"
},
{
"id": "kommunikation",
"title": "Kommunikation an Team & Kund:innen",
"objectives": ["Holistic Communication-Plan","Was darf öffentlich gesagt werden","Reputations-Schutz vs. Transparenz"],
"topics": ["Communication-Plan","Public-Statement","Reputation"],
"difficulty": "mittel",
"source_heading": "Kommunikation"
}
]
}
]
}
Reference in a new issue View git blame Copy permalink