Blogs

What is the Immersive Workday Connector? The Immersive Workday Connector is designed to bridge the gap between our cutting-edge cybersecurity skills development platform and your organization's cor...

Congratulations to those who completed Lab 4 of the Human Connection Challenge: Season 1! We're aware that some of you are still attempting this lab, and so community member steven has creat...

In this blog post, I explore benefits of the integration, what it means for you, and how you can leverage it to build a world-class cybersecurity team. Seamless access to Immersive content Access...

This integration combines the hands-on, engaging learning experience of Immersive Labs with the robust learning management capabilities of Cornerstone, creating a comprehensive and efficient solution...

Seamless access to your Immersive data Our REST API offers easy access to your Immersive data. Once authenticated, you can access your organization’s data by making REST API requests to any of the ...

Time’s Up! Congratulations to everyone who completed Lab 4: Linux from the Human Connection Challenge: Season 1. In this walkthrough, I'll share some strategies for efficiently completing the lab b...

On the 7th April 2025, a vulnerability in the CrushFTP was added to the CISA Kev Catalogue, CrushFTP is an enterprise FTP solution with tens of thousands of instances publicly accessible online. Rece...

CVE-2025-29812 -7.8 - DirectX Graphics Kernel Elevation of Privilege Vulnerability A vulnerability has been identified in the Windows Kernel Memory subsystem, specifically in how DirectX components...

Water Gamayun, also known as EncryptHub and Larva-208, is a threat actor (suspected to be of Russian origin) that has been observed exploiting a zero-day vulnerability in the Microsoft Management Con...

While traditional code comments focus on explaining the code's functionality, security-focused comments are crucial to promoting secure coding practices throughout the development lifecycle (SDLC).  ...

Time’s Up! Congratulations to everyone who completed Lab 5: Windows from the Human Connection Challenge: Season 1. In this walkthrough, I'll share some strategies for efficiently completing the lab...

Supply chain security is all about protecting your organization from risks and threats that come from external parties and processes you rely on. But trust, like code, is a dependency. And risk? That...

The previous blog entry covered how SmokeLoader uses various obfuscation techniques to slow reverse engineers down. We also identified yet another shellcode being allocated to a memory region, which ...

Our Cyber Drills Roadshow is kicking off in North America! I’m thrilled to share that in just one week, we will launch the North American leg of our 2025 Cyber Drill roadshow.  In addition to const...

In the early hours of March 21, 2025, a fire broke out at the North Hyde electrical substation in West London, just a few miles from Heathrow Airport. Within hours, a local infrastructure incident ha...

What are cyber drills and outcome-based programs? Cyber drills vs. outcome-based programs Cyber drills Prove Outcome-based programs Improve Simulate a realistic cyberattack ...

Salt Typhoon has been a threat actor that has caused a lot of worry for defensive teams all over the world. They are a threat actor group which has been predominately targeting Telecommunication comp...

What is CVE-2024-21412? CVE-2024-21412 is a security feature bypass vulnerability in Windows Defender SmartScreen. SmartScreen typically evaluates the safety of downloaded files and displays warn...

This is the second part of a series of blog posts analyzing the SmokeLoader malware. It goes into detail on how we reverse-engineered it to identify its objectives and actions.  The first part of t...

My background After two decades in the world of penetration testing and offensive security, I joined Immersive as the Director of Technical Product Management. This new role represented more than j...