What this lab library is & how submission works
This is a library of 81 self-contained, browser-based simulation labs for AP Cybersecurity (mapped to CompTIA Security+ SY0-701). Each lab is a single HTML file that runs entirely in the browser — no installs, no logins, and they work offline. A student opens a lab, enters a hacker name (a nickname — never their real name), completes the interactive tasks, and clicks submit. Their result posts to a shared Google Apps Script endpoint you control, so you see who completed what without collecting any personal data.
Setup checklist
- Create a Google Apps Script web app to receive submissions. Deploy as a web app (Execute as: you; Who has access: Anyone) and copy the
/execURL. - Paste that URL into each lab. Find
"appsScriptUrl": "PASTE_SHARED_/exec_URL_HERE"near the top of each lab file and replace the placeholder with your real/execURL. (See the CHANGELOG for the exact file + line list — it appears in all 81 labs.) - Set your name/institution. Replace
© 2026 [AUTHOR / INSTITUTION]with your own attribution if you wish. - Host the files. They're already part of apcyber.net under
/labs/. To host elsewhere, upload the folder (withunit-N/subfolders intact) to any static host or drop the single-file labs into your LMS. - Confirm submissions land. Open a lab, submit with a test hacker name, and check that a row appears in your linked Google Sheet.
Coverage map
How the 81 labs map across units and topics. Empty topics are flagged — you'll supply your own activities there.
| Unit | Topic | Labs | |
|---|---|---|---|
| Unit 1 — Introduction to Security | 1.1 Understanding Social Engineering | 1 | |
| 1.2 Suspicious Website Logins | 1 | ||
| Unit 2 — Securing Spaces | 2.1 Securing Spaces — Foundations | 0 | needs your own activity |
| 2.2 Securing Spaces — Controls | 0 | needs your own activity | |
| 2.3 Protecting Physical Spaces | 2 | ||
| 2.4 Detecting Physical Attacks | 0 | needs your own activity | |
| Unit 3 — Securing Networks | 3.1 Network Vulnerabilities and Attacks | 6 | |
| 3.2 Protecting Networks: Managerial Controls and Wireless Security | 10 | ||
| 3.3 Protecting Networks: Segmentation | 2 | ||
| 3.4 Protecting Networks: Firewalls | 4 | ||
| 3.5 Detecting Network Attacks | 7 | ||
| Unit 4 — Securing Devices | 4.1 Securing Devices — Foundations | 0 | needs your own activity |
| 4.2 Authentication | 22 | ||
| 4.3 Protecting Devices | 16 | ||
| 4.4 Detecting Attacks on Devices | 1 | ||
| Unit 5 — Securing Applications and Data | 5.1 Application and Data Vulnerabilities and Attacks | 1 | |
| 5.2 Protecting Applications and Data: Managerial Controls and Access Controls | 2 | ||
| 5.3 Protecting Stored Data with Cryptography | 4 | ||
| 5.4 Asymmetric Cryptography | 1 | ||
| 5.5 Protecting Applications | 1 | ||
| 5.6 Securing Applications and Data — Capstone | 0 | needs your own activity |
Suggested teaching sequence & pacing
The order on the main lab page is the recommended path — unit by unit, topic by topic. A few notes:
High-density topics — don't assign all of them
- 4.2 Authentication (22 labs) — pick a representative subset: one account-creation, one group/OU, one password-policy, one deprovisioning lab. Use one as an in-class demo, assign 2–3 as homework.
- 4.3 Protecting Devices (16 labs) — choose across the sub-themes (host firewall, Defender/AppLocker, backups, mobile hardening). The rest make good extra practice.
- 3.2 Protecting Networks (10 labs) — switch/router labs overlap; one switch-hardening + one VTY/ACL + one wireless is enough for most classes.
Good in-class demos vs. homework
- Demos: the first lab of each unit, plus packet-capture/attack-analysis labs (ARP poisoning, SYN flood, DNS spoofing) — they spark discussion.
- Homework: configuration-style labs (ACLs, GPO, NTFS, account lifecycle) where students follow steps and submit.
Per-lab reference table
Every lab with its unit, topic, Security+ objectives, and AP skills. Click a header to sort; filter with the box.