Cyber Countdown: Day 15
Lab of the Day Every day we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is Windows Hardening: Ep.1 – Introduction, which is a second recommendation from Cyber Security Engineer BethHolden, but as she was contractually obligated to choose our monthly challenge lab on Day 1 of the countdown, we agreed to let her have another go… Beth chose this lab as it consolidates all of your knowledge and learning from across the Windows Basics, Active Directory Basics, The Cyber Kill Chain, and CVSS Calculator collections. This lab starts your journey as a system administrator tasked with remediating findings from recent penetration tests. I loved that this collection covers a range of vulnerabilities and helped me understand not only how a system can be exploited, but how to fix it – all in a single lab! Blog of the Day Have you ever wondered what it would take to get 25 senior executives literally on the edge of their seats throughout a crisis simulation? Well, that's exactly what happened when Immersive Labs and our partner, Mastercard, flew all the way to Pakistan to carry out a Crisis Sim with one of Pakistan’s largest banking organisations. In this blog, Solutions Consultant SalimRamjean reveals how this was accomplished, along with his insights on how you can pull off a top-tier crisis simulation within your organisation. Planning a Crisis Sim event for 2025? Check it out.Cyber Countdown: Day 14
Lab of the Day Every day we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is Return to Haunted Hollow: Phishing for Treats, which was recommended by AmyKwong, Junior Cyber Security Engineer here at Immersive Labs. Amy chose this lab because it puts a spooky twist on the original phishing lab to raise awareness of this social engineering technique. From Count Dracula’s love interest to discovering that you will play the main role in a famous horror movie, you’ll analyze emails to determine whether they are safe or spam. After each selection, you’ll receive feedback explaining why the email is safe or malicious, with an analysis of key elements like attachments, links, sender addresses, and body copy. This lab is accessible to everyone of different skill sets. It doesn’t matter if you are super technical or not. This is a great way to raise awareness of phishing emails whilst keeping it fun!Cyber Countdown: Day 13
Lab of the Day Every day we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is Tuoni 101 Ep. 5 Demonstrate Your skills, which was recommended by Principal Cyber Pro Engineer, Gaz Lockwood,who’s delighted to highlight the lab because “I teamed up with the creators of Tuoni to develop this lab, as well as the whole collection in collaboration with them. This has been the highlight of one of our most popular collections in recent months, utilizing cutting-edge internal technologies including lab engine to deliver a buttery-smooth user experience!” Blog of the Day In today’s blog, we look back on 2024 and celebrate some of our highlights from another fast-paced year in the world of Immersive Labs and cybersecurity. It’s here, the moment you’ve been waiting for… Immersive Labs “Unwrapped”! Crisis Sim of the Day Crisis Sim Lead JonPaulGabrieleis back with his 5th and final crisis sim to be released in December, Logistics Lockdown. JP said: "Logistics Lockdown is a fairly short crisis exercise designed to explore the initial stages of a supply chain disruption. As more and more businesses outsource specific aspects of their operations, it is important to exercise how you would respond to a significant crisis impacting one of your critical suppliers. The exercise incorporates crisis management and business continuity elements and will hopefully aid in those discussions on how to strengthen supply chain resilience - a key risk and topic in today's global business landscape."Cyber Countdown: Day 12
Lab of the Day Every day we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is Windows Hardening: Privilege Escalation, which was recommended by Lead Cyber Security Engineer Stefan Apostol who said: “I don’t think I’ve ever seen Hardening labs out there and this lab was nice both to create and complete. During the lab users have to review a pentest report and apply fixes on Windows hosts, thus combining red and blue team skills. It also gave us the opportunity to create the Windows verifier, a script which automatically verifies tasks when users complete them. The authors were NatSilvaand I. We decided to create this collection for two reasons, clients requests for remediation content, but also, to combine our individual skills into one and create content that would benefit both red and blue sides.” #armyoftwo Event of the Day Later today BenMcCarthy and benhopkins (or just Ben2 for short) two of the experts from our CTI team will reveal what it takes to make a lab, some of their favourites from 2024 and what is to come from the CTI team in a live community webinar. You also have the opportunity to pre-submit questions here so you can ensure that you leave with all of the information you need! It’s not too late to register. Christmas jumpers are encouraged. Blog of the Day RobReeves announces the arrival of a brand new Team Sim: Operation Vulpes and what it offers over and above other Team Sims within our scenario catalogue. We Want to Hear from You As we're wrapping up an exciting year in the Human Connect Community we'd love to hear from you! Your feedback is invaluable in helping us grow and improve. Please take a few moments to share your thoughts and experiences with us using this link. This survey should take no more than 5 minutes to complete, and please be assured that your responses will be kept confidential and used only for the purposes of this survey. We understand that your time is valuable, and we're grateful for your willingness to help us improve. Thank you for taking the time to share your feedback with us.Cyber Countdown: Day 1
Lab of the Day Every day we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. To get us started, today’s lab is of course Episode 2 of our Community Challenge -Scanning. In this lab we’ll test your scanning and enumeration skills but other than that, you’ll find limited information available to guide you. Lab author BethHolden, Cyber Security Engineer here at Immersive Labs is passionate about offensive cybersecurity and created this challenge as a little Christmas treat. The lab contains a range of tools which may provide multiple ways to solve the challenge, she’s eager to see how well you fare – good luck! As a reminder, we reward the top performing community members in the following categories: 🥇 First to Finish ⏱️ Fastest to Complete 🎯 Most Accurate 💪 Most Persistent 🎁 Spot Prizes In addition, at the end of each month, the lab author will provide a walkthrough to guide you through the lab and share hints, tips and expert advice on how to approach similar labs in the future. We also encourage you to submit your own walkthrough guides tocommunity@immersivelabs.com and we will feature any unique approaches in their own Community Walkthrough Guide. You can read more about Season 1 of the Human Connection Challengehere. To be in with a chance of a prize you have until midnight on Sunday 22nd December 2024 to complete episode 2! To find the lab in the Immersive Labs Platform, Click Exercise > Challenges & Scenarios > The Human Connection Challenge: Season 1 > Scanning 🔔 Don’t miss out – there are 5 more labs to come in this challenge series. Make sure you're following the CHALLENGES Tag to get notified as soon as each one is released. Good Luck!Cyber Countdown: Day 11
Lab of the Day Every day we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today’s recommendation comes from MattParvenProduct Manager for Lab Builder and SME for Cloud Security here at Immersive Labs. Matt said: “My favourite lab this year has to be Microsoft Sentinel SOAR: Introduction & Automation Rules. Not many cyber platforms are able to bring to bear tools like Microsoft Sentinel in their labs. SOAR (Security Orchestration, Automation, and Response) is an important concept. It’s effectively a set of tools and technologies that allow you to automate various responses to security incidents. Having the chance to build automation rules to respond to a live incident in a lab is super cool and gives our users a great way to understand how it works and how they can use it in their own environments!" Blog of the Day EllaBendrickChartier is back with Unmasking Holiday Hackers, a case study of a hacker who helped investigate and report a cyber-smishing ring that stole nearly half a million credit card numbers with a holiday-themed scam and shows you how you can use Immersive Labs to learn the knowledge and skills to conduct the same type of offensive investigation, complete with step-by-step methodology to keep you safe from holiday hackers!Cyber Countdown: Day 10
Lab of the Day Every day we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is CVE-2024-38112 and CVE-2024-43461 (Windows MSHTML Platform Spoofing): Defensive recommended by BenMcCarthyLead Cyber Security Engineer who said: Our team found it very interesting how two vulnerabilities were chained so closely together, that one of the vulnerabilities went unnoticed for several months. The vulnerabilities also show you the different ways attackers look at the Windows Operating System and even investigate Braille on a PC! Event of the Day Later today, ClemCraven and JonPaulGabrielewill be hosting a Festive Cyber Thriller in which a cybersecurity storm threatens to derail Santa’s preparations for the holiday season and expose his deepest secrets. Come and help us to navigate the chaos, protect the integrity of Christmas, and safeguard the spirit of the season, all while gaining valuable insights into crisis management and cybersecurity. Our festive Crisis Sims are fast becoming a highlight of our annual calendar so you really don’t want to miss this one! It’s not too late to register. Christmas jumpers are encouraged.Cyber Countdown: Day 9
Lab of the Day Every day we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is AWS-2024-006 (unattend.xml Privilege Escalation) – Offensive which comes from RobReeves, Principal Cyber Security Engineer here at Immersive Labs. Rob chose this lab for purely selfish reasons; this is the only CVE worthy bug that he has discovered and reported this year (but it is not possible for a researcher to obtain a CVE in a product where the user cannot patch it themselves). Rob disclosed the bug to AWS, who reported it on their security bulletin page and agreed that it was a CVSS 7.8 vulnerability. The CTI team at Immersive Labs also created a lab to showcase discovery and exploitation of such an issue. A further writeup from Rob can be seen in this blog post. Blog of the Day In today’s blog, JennyLam, Senior Cyber Resilience Advisor here at Immersive Labs, has provided a practical guide to and comparison of the range of Team Simulation exercising modes available, so that you and your team can select the most suitable method to foster dynamic and inclusive collaboration for your exercising. Crisis Sim of The Day Throughout December we will also be releasing 5 new Crisis Sim Scenarios. Today’s Sim is Crisis at the Dam Author, JonPaulGabriele said…”This is a shorter crisis sim that can be completed in 45 minutes to an hour. It really focuses on crisis response fundamentals and a cyber threat that could directly impact the public, so there is a lot to consider here! You are on the Crisis Management Team (CMT) for a vital hydroelectric dam. This facility powers countless homes and businesses and controls the flow of a nearby river, impacting everything from agriculture to wildlife habitats. Your decisions will have far-reaching consequences. The safety of your staff and the local community rests on your shoulders. Let’s see how you manage this crisis.”Cyber Countdown: Day 8
Lab of the Day Every day, we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation is from Kev Breen, Immersive Labs’ Senior Director, Cyber Threat Research. Kev said: CVE-2024-0012 and CVE-2024-9474 (Palo Alto PAN-OS) – Defensive was spun up in less than 24 hours after it became public on November 19th that threat actors were discovered actively exploiting a set of vulnerabilities in the Palo Alto operating system for its security devices. These exploits allowed threat actors to gain full control over these devices and pivot to the internal organization network. By November 20th, the CTI team at Immersive reviewed all available information and created two labs replicating the attack and TTPs, enabling organizations to apply the skills to their own networks. The team worked quickly to understand the vulnerabilities, replicate the attacks, and create practical labs, with special thanks to the QA team for allowing us to release it in under 24 hours. Blog of the Day Speaking of Kev and the Threat Research Team, did you know that every month they review Microsoft’s Patch Tuesday updates and provide you with the key insights you need to protect your organisation. This month's Kevin Breen, BenMcCarthyRobReeves and NatSilva have provided notes and guidance on the following in Patch News Day December 2024: CVE-2024-49138 - 7.8: A flaw in the Windows Common Log File System Driver Elevation of Privilege Vulnerability which could have allowed threat actors to move laterally across the network and avoid detection by a blue team. CVE-2024-49114 - 7.8: A Windows Cloud Privilege Escalation vulnerability that could enable the attacker to disable security tools. CVE-2024-49093 - 8.8: A Windows Resilient File System (ReFS) Elevation of Privilege which left the Windows system vulnerable to attackers to execute code or access resources. CVE-2024-49117 - 8.8: A Hyper-V Remote Code Execution Vulnerability which may have allowed the triggering of malicious code in the context of the server's account through a network call. CVE-2024-49112 - 9.8: A Windows Lightweight Directory Access Protocol Remote Code Execution which could be exploited by an attacker who has authenticated access to a guest virtual machine. CVE-2024-49122 - 7.8: A significant Message Queueing Remote Code Execution flaw that can allow for an unauthenticated attacker with network access to gain code execution on the underlying server.Cyber Countdown: Day 7
Lab of the Day Every day we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. Today's recommendation isKusto Query Language: Ep.1 – Introduction to KQL which was recommended by RaeJeffriesHarrisSenior Application Security Engineer here at Immersive Labs. About this lab, Rae said “I really enjoyed this whole series, but recommend that you start with the first lab. It was the first time I’d used KQL and the series does an incredible job of taking you through simple concepts, then building on them to create much more complex queries. It’s a very powerful tool, and it’s a really fun challenge to continually build on what you’ve learnt to find the data you’re looking for. The different concepts are explained really well – it’s the first time I’ve truly understood the difference between the different types of database joins! Crisis Sim of The Day Throughout December we will also be releasing 5 new Crisis Sim Scenarios. Today’s Sim is Orchid Energy: Trial by fire and data Author JonPaulGabriele said… “In today's interconnected world, crises rarely occur in isolation. This crisis exercise is a Polycrisis where a cyber and non-cyber crisis occurs simultaneously. It throws a series of challenging scenarios at you, emphasizing the importance of effective communication, collaboration, and decision-making.” Event of the Day Later today we will be hosting an informative panel session featuring experts from both Accenture and Immersive Labs, discussing the technical and executive aspects of deepfakes - Overcoming Deepfakes: An Action Plan for CISOs It’s not too late to register! We're running two sessions to suit multiple timezones, reserve your spot here: 10AM GMT 12:00PM EST / 9:00AM PST Your input is a crucial part of this community, so, we want to hear from you! Do you have any burning questions about deep fakes? Topics that you'd like us to cover? If so, comment on our community page for the event.
