Lab of the Day

Every day we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it.

Today's recommendation is AWS-2024-006 (unattend.xml Privilege Escalation) – Offensive which comes from RobReeves, Principal Cyber Security Engineer here at Immersive Labs.

Rob chose this lab for purely selfish reasons; this is the only CVE worthy bug that he has discovered and reported this year (but it is not possible for a researcher to obtain a CVE in a product where the user cannot patch it themselves).

Rob disclosed the bug to AWS, who reported it on their security bulletin page and agreed that it was a CVSS 7.8 vulnerability. The CTI team at Immersive Labs also created a lab to showcase discovery and exploitation of such an issue.  A further writeup from Rob can be seen in this blog post.

Blog of the Day

In today’s blog, JennyLam, Senior Cyber Resilience Advisor here at Immersive Labs, has provided a practical guide to and comparison of the range of Team Simulation exercising modes available, so that you and your team can select the most suitable method to foster dynamic and inclusive collaboration for your exercising.

Crisis Sim of The Day

Throughout December we will also be releasing 5 new Crisis Sim Scenarios. Today’s Sim is Crisis at the Dam

Author, JonPaulGabriele said…”This is a shorter crisis sim that can be completed in 45 minutes to an hour. It really focuses on crisis response fundamentals and a cyber threat that could directly impact the public, so there is a lot to consider here! 

You are on the Crisis Management Team (CMT) for a vital hydroelectric dam. This facility powers countless homes and businesses and controls the flow of a nearby river, impacting everything from agriculture to wildlife habitats. Your decisions will have far-reaching consequences. The safety of your staff and the local community rests on your shoulders. Let’s see how you manage this crisis.”