A warm welcome to our newest members
The community has grown this week, so please join me in welcoming: marvtl amina Karl GurdeepCheema1 Sheapndr rodgesalexis1 SaqerAlarefi AzurePineapple cldtr lanrewajumide alan abrahamnwadiani05 Aanchal jamesstammers LindaWalker39 ElenaF1 Celsopin zadium stephenpeck emma1207 ctmahlangu RPanek Disco jean5555 Balaji21 bigmacwhopper ALISTAIRBALL ElAlex ben-57231 Mint charlesmck MUHAMMAD AndyL harrynhs ElectronZigbee FF mpx90 đ It's great to have you all here and we hope that you are enjoying what this community has to offer so far. As a starting point, be sure to check out our new getting started guides to help you get the most out of your membership and make sure to follow this December's Cyber Countdown, where we'll be unwrapping fresh content, shining the spotlight on our expert's recommended lab content (LABvent calendar anyone?!) and celebrating this year's success as we release new content daily.Cyber Countdown: Day 12
Lab of the Day Every day weâre revisiting a standout lab from the past yearâhighlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is Windows Hardening: Privilege Escalation, which was recommended by Lead Cyber Security Engineer Stefan Apostol who said: âI donât think Iâve ever seen Hardening labs out there and this lab was nice both to create and complete. During the lab users have to review a pentest report and apply fixes on Windows hosts, thus combining red and blue team skills. It also gave us the opportunity to create the Windows verifier, a script which automatically verifies tasks when users complete them. The authors were NatSilva and I. We decided to create this collection for two reasons, clients requests for remediation content, but also, to combine our individual skills into one and create content that would benefit both red and blue sides.â #armyoftwo Event of the Day Later today BenMcCarthy and benhopkins (or just Ben2 for short) two of the experts from our CTI team will reveal what it takes to make a lab, some of their favourites from 2024 and what is to come from the CTI team in a live community webinar. You also have the opportunity to pre-submit questions here so you can ensure that you leave with all of the information you need! Itâs not too late to register. Christmas jumpers are encouraged. Blog of the Day RobReeves announces the arrival of a brand new Team Sim: Operation Vulpes and what it offers over and above other Team Sims within our scenario catalogue. We Want to Hear from You As we're wrapping up an exciting year in the Human Connect Community we'd love to hear from you! Your feedback is invaluable in helping us grow and improve. Please take a few moments to share your thoughts and experiences with us using this link. This survey should take no more than 5 minutes to complete, and please be assured that your responses will be kept confidential and used only for the purposes of this survey. We understand that your time is valuable, and we're grateful for your willingness to help us improve. Thank you for taking the time to share your feedback with us.Cyber Countdown: Day 9
Lab of the Day Every day weâre revisiting a standout lab from the past yearâhighlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is AWS-2024-006 (unattend.xml Privilege Escalation) â Offensive which comes from RobReeves, Principal Cyber Security Engineer here at Immersive Labs. Rob chose this lab for purely selfish reasons; this is the only CVE worthy bug that he has discovered and reported this year (but it is not possible for a researcher to obtain a CVE in a product where the user cannot patch it themselves). Rob disclosed the bug to AWS, who reported it on their security bulletin page and agreed that it was a CVSS 7.8 vulnerability. The CTI team at Immersive Labs also created a lab to showcase discovery and exploitation of such an issue. A further writeup from Rob can be seen in this blog post. Blog of the Day In todayâs blog, JennyLam, Senior Cyber Resilience Advisor here at Immersive Labs, has provided a practical guide to and comparison of the range of Team Simulation exercising modes available, so that you and your team can select the most suitable method to foster dynamic and inclusive collaboration for your exercising. Crisis Sim of The Day Throughout December we will also be releasing 5 new Crisis Sim Scenarios. Todayâs Sim is Crisis at the Dam Author, JonPaulGabriele saidâŠâThis is a shorter crisis sim that can be completed in 45 minutes to an hour. It really focuses on crisis response fundamentals and a cyber threat that could directly impact the public, so there is a lot to consider here! You are on the Crisis Management Team (CMT) for a vital hydroelectric dam. This facility powers countless homes and businesses and controls the flow of a nearby river, impacting everything from agriculture to wildlife habitats. Your decisions will have far-reaching consequences. The safety of your staff and the local community rests on your shoulders. Letâs see how you manage this crisis.âCyber Countdown: Day 11
Lab of the Day Every day weâre revisiting a standout lab from the past yearâhighlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Todayâs recommendation comes from MattParvenProduct Manager for Lab Builder and SME for Cloud Security here at Immersive Labs. Matt said: âMy favourite lab this year has to be Microsoft Sentinel SOAR: Introduction & Automation Rules. Not many cyber platforms are able to bring to bear tools like Microsoft Sentinel in their labs. SOAR (Security Orchestration, Automation, and Response) is an important concept. Itâs effectively a set of tools and technologies that allow you to automate various responses to security incidents. Having the chance to build automation rules to respond to a live incident in a lab is super cool and gives our users a great way to understand how it works and how they can use it in their own environments!" Blog of the Day EllaBendrickChartier is back with Unmasking Holiday Hackers, a case study of a hacker who helped investigate and report a cyber-smishing ring that stole nearly half a million credit card numbers with a holiday-themed scam and shows you how you can use Immersive Labs to learn the knowledge and skills to conduct the same type of offensive investigation, complete with step-by-step methodology to keep you safe from holiday hackers!Cyber Countdown: Day 1
Lab of the Day Every day weâre revisiting a standout lab from the past yearâhighlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. To get us started, todayâs lab is of course Episode 2 of our Community Challenge -Scanning. In this lab weâll test your scanning and enumeration skills but other than that, youâll find limited information available to guide you. Lab author BethHolden, Cyber Security Engineer here at Immersive Labs is passionate about offensive cybersecurity and created this challenge as a little Christmas treat. The lab contains a range of tools which may provide multiple ways to solve the challenge, sheâs eager to see how well you fare â good luck! As a reminder, we reward the top performing community members in the following categories: đ„ First to Finish â±ïž Fastest to Complete đŻ Most Accurate đȘ Most Persistent đ Spot Prizes In addition, at the end of each month, the lab author will provide a walkthrough to guide you through the lab and share hints, tips and expert advice on how to approach similar labs in the future. We also encourage you to submit your own walkthrough guides to community@immersivelabs.com and we will feature any unique approaches in their own Community Walkthrough Guide. You can read more about Season 1 of the Human Connection Challenge here. To be in with a chance of a prize you have until midnight on Sunday 22nd December 2024 to complete episode 2! To find the lab in the Immersive Labs Platform, Click Exercise > Challenges & Scenarios > The Human Connection Challenge: Season 1 > Scanning đ Donât miss out â there are 5 more labs to come in this challenge series. Make sure you're following the CHALLENGES Tag to get notified as soon as each one is released. Good Luck!Cyber Countdown: Day 14
Lab of the Day Every day weâre revisiting a standout lab from the past yearâhighlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is Return to Haunted Hollow: Phishing for Treats, which was recommended by AmyKwong, Junior Cyber Security Engineer here at Immersive Labs. Amy chose this lab because it puts a spooky twist on the original phishing lab to raise awareness of this social engineering technique. From Count Draculaâs love interest to discovering that you will play the main role in a famous horror movie, youâll analyze emails to determine whether they are safe or spam. After each selection, youâll receive feedback explaining why the email is safe or malicious, with an analysis of key elements like attachments, links, sender addresses, and body copy. This lab is accessible to everyone of different skill sets. It doesnât matter if you are super technical or not. This is a great way to raise awareness of phishing emails whilst keeping it fun!Cyber Countdown: Day 6
Lab of the Day Every day weâre revisiting a standout lab from the past yearâhighlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is Introduction to Microsoft Sentinel which comes from AshleyKingscote, Cloud Security Engineer here at Immersive Labs. Ashley has designed and developed much of the Immersive Labsâ Cloud Security product. From Kubernetes to AWS to Azure, Ashley has an interest in all things cloud security related. Ashley chose this lab as Immersive Labs is the only place youâll find practical labs on Microsoft Sentinel. This collection provides a gentle overview of Microsoft Sentinel in a real environment, provisioned in minutes. Aimed at all users, this practical lab shows off Microsoft Sentinels' powerful functionality and acts as a stepping stone for our more complex labs.Cyber Countdown: Day 15
Lab of the Day Every day weâre revisiting a standout lab from the past yearâhighlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is Windows Hardening: Ep.1 â Introduction, which is a second recommendation from Cyber Security Engineer BethHolden, but as she was contractually obligated to choose our monthly challenge lab on Day 1 of the countdown, we agreed to let her have another go⊠Beth chose this lab as it consolidates all of your knowledge and learning from across the Windows Basics, Active Directory Basics, The Cyber Kill Chain, and CVSS Calculator collections. This lab starts your journey as a system administrator tasked with remediating findings from recent penetration tests. I loved that this collection covers a range of vulnerabilities and helped me understand not only how a system can be exploited, but how to fix it â all in a single lab! Blog of the Day Have you ever wondered what it would take to get 25 senior executives literally on the edge of their seats throughout a crisis simulation? Well, that's exactly what happened when Immersive Labs and our partner, Mastercard, flew all the way to Pakistan to carry out a Crisis Sim with one of Pakistanâs largest banking organisations. In this blog, Solutions Consultant SalimRamjean reveals how this was accomplished, along with his insights on how you can pull off a top-tier crisis simulation within your organisation. Planning a Crisis Sim event for 2025? Check it out.Cyber Countdown: Day 13
Lab of the Day Every day weâre revisiting a standout lab from the past yearâhighlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is Tuoni 101 Ep. 5 Demonstrate Your skills, which was recommended by Principal Cyber Pro Engineer, Gaz Lockwood, whoâs delighted to highlight the lab because âI teamed up with the creators of Tuoni to develop this lab, as well as the whole collection in collaboration with them. This has been the highlight of one of our most popular collections in recent months, utilizing cutting-edge internal technologies including lab engine to deliver a buttery-smooth user experience!â Blog of the Day In todayâs blog, we look back on 2024 and celebrate some of our highlights from another fast-paced year in the world of Immersive Labs and cybersecurity. Itâs here, the moment youâve been waiting for⊠Immersive Labs âUnwrappedâ! Crisis Sim of the Day Crisis Sim Lead JonPaulGabriele is back with his 5th and final crisis sim to be released in December, Logistics Lockdown. JP said: "Logistics Lockdown is a fairly short crisis exercise designed to explore the initial stages of a supply chain disruption. As more and more businesses outsource specific aspects of their operations, it is important to exercise how you would respond to a significant crisis impacting one of your critical suppliers. The exercise incorporates crisis management and business continuity elements and will hopefully aid in those discussions on how to strengthen supply chain resilience - a key risk and topic in today's global business landscape."
