Face Your Fears this Halloween and Return to Haunted Hollow
🧛♀️ Brace yourselves, brave souls! The haunted season has returned, and with it, an all-new cybersecurity adventure—Halloween 2024: Return to Haunted Hollow. The sinister spirits of cyberspace await you in this terrifying sequel to our 2023 Halloween collection, The Haunted Hollow. This is no mere challenge—it’s an eerie expedition through 9 haunted labs designed to test your skills and sanity alike. Whether you're a seasoned crypt keeper of the cybersecurity world or a curious newcomer, there's a fright waiting for everyone in this immersive capture-the-flag experience! 🔮 From unraveling encrypted secrets to hunting ghosts in packet captures, every lab holds the key to defeating the horrors lurking within. Can you escape the Haunted Helpdesk, break the Encryption Enigma, or uncover the Spooky, Scary, Silly Snaps? Each step you take deeper into this digital graveyard will challenge your mind and test your courage, until you can break out of the park through the Emergency Exit! 🕷️ With a difficulty ranging from approachable to spine-chillingly tough, it’s not about conquering all the horrors—just enough to emerge from the shadows with your sanity intact. Gather your wits, grab your digital lantern, and get ready to explore the most terrifying corners of cyber horror! 🧛 Release Date: October 16th ⌛ Estimated Time to Complete: 5 hours 👻 Labs: 9, each more terrifying than the last 🎃 Difficulty Range: 2-6 🧟 Collection Type: Challenge Lab details Note: These labs can be completed in any order, but we have ordered them from most accessible to most challenging. The final lab can only be completed after the other labs have been completed. The prequel collection doesn’t need to be completed before you can dive into these labs, but if you're craving some extra chills and thrills, feel free to haunt them first! Phishing for Treats Difficulty: 2 Skills required: None – this lab should be accessible to all audiences What's involved: This lab is a new phishing emails lab, with Halloween-themed emails. Users have to identify whether the email is 'safe' or 'spam' based on indicators from the emails. PCAP Pandemonium Difficulty: 4 Skills required: Packet capture analysis (Wireshark) What's involved: In this lab, users will need to analyse multiple packet captures using Wireshark to identify answers to the questions from the network traffic. Delving Deeper Difficulty: 4 Skills required: Web application enumeration What's involved: Users will need to explore a web application in order to gain access to a computer terminal within the application. From there, they'll need to interact with a simple API. Encryption Enigma Difficulty: 5 Skills required: Modern encryption/encoding techniques (Knowledge of how to use CyberChef will be useful) What's involved: Users will need to identify the correct encoding and encryption technique used to obfuscate each message in an application, before decrypting/decoding each message. Confusing Code Difficulty: 5 Skills required: Linux enumeration techniques, reverse engineering (particularly using Ghidra) What's involved: Users will need to use Linux enumeration techniques to identify a binary, before reverse engineering that binary to figure out how to exploit it. Haunted Helpdesk Difficulty: 5 Skills required: Linux enumeration and privilege escalation techniques What's involved: Users will be dropped into a restricted environment. From there, they'll need to figure out how to escape, and escalate their privileges to root. Fearsome Forensics Difficulty: 6 Skills required: OSINT, web application enumeration, modern encryption techniques, steganography What's involved: In this lab, the user will need to explore the web application and discover clues using OSINT techniques. These clues will then be used to decipher encrypted messages, finally revealing how to extract a message hidden inside an image. Spooky, Scary, Silly Snaps Difficulty: 6 Skills required: AWS capabilities (particularly S3 and AWS permissions), Python scripting What's involved: Users will need to enumerate public S3 resources to identify credentials for an AWS account. From here, they'll need to interact with the AWS console, and identify a way of escalating their privileges on AWS. Emergency Exit Difficulty: 1 Skills required: None – this lab is a culmination of the preceding labs within the collection, but no specific skills are required to complete this lab. What's involved: In each of the labs in this collection, users would have been asked to make a note of a code. In this lab, they need to submit each of these codes. Share Your Thoughts Did you escape the Haunted Hollow? We'd love to hear from you! Remember you can post in our Help & Support Forum for hints, tips & collaboration from your fellow community of experts.604Views12likes17CommentsAnnouncing the Winners of the 2024 Customer Awards!
This Cybersecurity Results Month we’re acknowledging the organizations and individuals who have shown exceptional dedication to learning and defending against emerging threats, building organizational resilience and pushing the boundaries of their cybersecurity knowledge through the Immersive Labs platform. Collectively, our customers have completed tens of thousands of labs, and after crunching the numbers, we’re ready to celebrate just some of the winners amongst exceptional individuals and organizations that have excelled in 2024 across the following categories: 👾 Emerging Threats Award The Emerging Threats award recognizes the organizations and individuals at the forefront of threat detection and threat hunting. Taking into consideration the total number of Cyber Threat Intelligence labs completed, as well as the average time to complete and respond to every new CTI lab, we’re rewarding the best and brightest for their diligence and dedication in responding to the latest threats quickly and effectively. 🏆 Emerging Threats Award Organization Winners: Cisco Systems Swisscom Arctic Wolf InfoGuard Specsavers BT Group Their proactive approach to the completion of CTI labs has set them apart as leaders in cybersecurity defense. Congratulations on your exemplary performance! 🏆 Emerging Threats Award Individual Winners: steven Steven Glogger, Swisscom prb Paul Blance, Specsavers Steffen Wacker, Arctic Wolf These record-holding individuals are second to none for completed CTI labs this year! Congratulations on your exemplary performance! 🛡️ Cyber Resilience Award The Cyber Resilience award recognizes those organizations that are maximizing the full use of the Immersive Labs platform to fully optimize their end to end cyber resilience. The award zeroes in on the breadth and depth of coverage across the MITRE ATT&CK framework, and identifies those organizations that have taken it upon themselves to build Immersive Labs fully into their own cyber resilience program. 🏆 Cyber Resilience Award Winners: BT Group Swisscom Arctic Wolf Their comprehensive approach to cyber resilience, maximizing the capabilities of the Immersive Labs platform, has put them at the forefront of cyber defense strategies. They’ve not only protected their organization but set a standard for the industry. 🔥 Immersive Labs Trailblazer Award Our final award, the Immersive Labs Trailblazer award recognizes those individuals that simply love Immersive Labs - they have been our top point scorers since Jan 1st 2024, completing thousands of labs and truly immersing themselves in the platform. These individuals go above and beyond their assigned learning programs to upskill and explore content outside of their day to day roles and responsibilities. 🏆 Immersive Labs Trailblazer Award Winners: J Nicholas Autumn, UK Home Office steven Steven Glogger, Swisscom Steffen Wacker, Arctic Wolf Their commitment to learning and exploring every corner of the Immersive Labs platform sets them apart as a true cybersecurity trailblazer. Congratulations to all of the winners for setting the best-in-class standard as we grow and enhance our cyber resilience, together 👏200Views4likes10CommentsA Step-by-Step Guide to Hosting Your Own Hacktober Event
Organizing engaging, informative, and enjoyable cybersecurity events like Swisscom's Hacktober event doesn't have to be daunting. With strategic groundwork and relevant, interactive challenges, you can create a cybersecurity event that is both fun and educational. Are you considering hosting a similar cybersecurity event? This blog provides a step-by-step guide to creating an impactful event, resulting in a more skilled and prepared workforce.104Views6likes2Comments