From Concept to Content: A Deep Dive into Theorizing and Planning a Lab Collection
The decision process When creating new content, the first step is deciding what to commit to. We consider: User demand: Are users frequently requesting a specific topic? Evolving landscapes: Is there new technology or industry trends we should cover? Internal analysis: Do our cyber experts have unique insights not found elsewhere? Overarching goals: Is the content part of a larger initiative like AI security? Regulations and standards: Can we teach important regulations or standards? Cyber competency frameworks: Are we missing content from frameworks like NICE or MITRE? After considering these points, we prioritize one idea for creation and refinement. Lower-priority ideas are added to a backlog for future use. Feasibility and outcomes Having a concrete idea is just the beginning. Over the years, we’ve learned that understanding the desired outcomes is crucial in planning. Our core mission is education. We ensure that each lab provides a valuable learning experience by setting clear learning objectives and outcomes. We ask ourselves, “What should users learn from this content?” This ranges from specific outcomes, like “A user should be able to identify an SQL Injection vulnerability”, to broader skills, like “A user should be able to critically analyze a full web application”. Listing these outcomes ensures accountability and fulfillment in the final product. Setting clear learning objectives involves defining what users will learn and aligning these goals with educational frameworks like Bloom’s Taxonomy. This taxonomy categorizes learning into cognitive levels, from basic knowledge and comprehension to advanced analysis and creation. This ensures our content meets users at their level and helps them advance. Turning big topics into bite-sized chunks Once a topic is selected, we must figure out how to break down huge subject areas into digestible chunks. This is a fine balance; trying to cram too much information into one lab can be overwhelming, while breaking the subject down too much can make it feel disjointed. One good approach is to examine the learning objectives and outcomes set out in the first step, map them out to specific subtopics, and finally map those to labs or tasks. For example, consider this theoretical set of learning outcomes for a Web scraping with Python lab collection. A user should understand what web scraping is and when it’s useful. A user should be able to make web requests using Python. A user should be able to parse HTML using Python. A user should understand what headless browsers are and when to use them. A user should be able to use a headless browser to parse dynamic content on a webpage. These outcomes can be mapped into two categories: theory outcomes (“A user should understand”) and practical outcomes (“A user should be able to”). Understanding the difference between these two is useful, as a few things can be derived from it – for example, whether to teach a concept in a theory (heavy on theoretical knowledge without providing a practical task) or practical (teaching a concept and exercising it in a practical environment) lab. Using this, the outline for a lab collection can start to take shape, as seen in the table below. Learning outcome Knowledge Type Suggested Lab Title Suggested Lab Content A user should understand what web scraping is and when it is useful. Theory Web scraping with Python – Introduction A theory lab showing the basics of web scraping, how it works, and when it is useful. A user should be able to make web requests using Python. Practical Web scraping with Python – Making web requests A practical lab where the user will write a Python script that makes a web request using the “requests” library. A user should be able to parse HTML using Python. Practical Web scraping with Python – Parsing HTML A practical lab where the user will write a Python script that parses HTML using the “beautifulsoup” library. A user should understand what headless browsers are and when they should be used. Theory Web scraping with Python – Understanding headless browsers A theory lab explaining why dynamic content can’t be scraped using previous methods, and how headless browsers can solve the issue. A user should be able to use a headless browser to parse dynamic content on a webpage. Practical Web scraping with Python – Using headless browsers A practical lab where the user will write a Python script that scrapes dynamic content from a website using the “puppeteer” library. All Demonstrate Web scraping with Python – Demonstrate your skills A demonstrate lab where the user will complete a challenge that requires knowledge from the rest of the collection. Each learning objective is assigned to a lab to ensure thorough and user-friendly coverage. Often, multiple objectives are combined into one lab based on subtopic similarity and the total number of labs in a collection. The above example illustrates the process, but extensive fine-tuning and discussion are needed before finalizing content for development. Next time… In part two of this mini-series, you’ll read about the next stage of the content development process, which involves laying the technical foundations for a lab collection. Don't miss the Series… You can opt to receive an alert when part two of this series is released, by “following” activity in The Human Connection Blog using the bell at the top of this page. In the meantime, feel free to drop any questions about the content creation process in the replies. Are there any parts of the planning process you want to know more about?Feature Focus: Introducing Drag and Drop, Free Text Questions, and Instructional Tasks in the Lab Builder
I’m excited to announce the latest updates to the Lab Builder. Today, we’ve introduced three new task types: Drag and drop Free-text questions Informational/instructional These exciting new task features will enhance the flexibility and interactivity of your labs, offering even more engaging learning experiences. The new tasks can be added to your lab as usual via the Tasks library. They’re live now, so you can start adding them to your labs right away. Drag and drop Drag-and-drop is a dynamic, interactive task. Designed to challenge the user's recognition and matching abilities, it’s perfect for testing their knowledge in various subjects. This task type consists of text-based items and targets. Users need to drag the items to the correct corresponding targets. It’s easy to add and edit items and targets in the Lab Builder quickly. You can have a minimum of two items and a maximum of 12. You could use the drag-and-drop task type for questions and answers, completing sentence fragments, or matching terms with definitions. Once added to your lab, the new task will appear as follows: Free-text questions This task type requires the user to manually enter text to answer a question. For this task type, you need to write a question and provide at least one possible answer – but there can be multiple correct answers. You can configure this easily in the Lab Builder. Fuzzy matching automatically detects answers that are close enough to the correct answer. For example, if the user submits the right answer with a minor spelling error, it’ll still be accepted. This is designed to reduce user frustration and is enabled by default. You can disable fuzzy matching by turning off the toggle at the bottom. Finally, you can also provide feedback to users if they get an answer wrong, sort of like a hint. This is useful if you want to help point your user in the right direction and prevent them from getting stuck. Instructional tasks This task type is designed to provide users with vital information, guidelines, or instructions. In the Lab Builder, they have the same configuration options as the Briefing panel. Instructional tasks are particularly useful in explaining what the user is expected to do in a following task, presenting story details, or providing a learning journey for users as they go through the lab. You may want to remind users about specific information they need to answer some tasks or tell them to log into an application. The example below reminds users to refer to a specific part of the briefing panel before answering the next questions. Why are these new features useful? Increased engagement: These new question types introduce a gamified element to your custom labs, making learning more interactive and enjoyable. Versatile content creation: These features expand the possibilities for creating diverse and engaging labs, allowing you to tailor your content to your organization's unique needs. Enhanced learning: Drag and drop encourages active recall and association, while free text questions promote critical thinking and deeper understanding. Go and build some engaging labs! Explore the possibilities and build labs that truly engage your users! For more guidance, visit our Help Center, where there’s ample documentation on using the Lab Builder in more detail.I’m ready to put up MITREE 🎄 – but is my business ready with MITRE ATT&CK?
This blog post reviews the MITRE ATT&CK framework and discusses which tactics and techniques should warrant your attention over the upcoming holiday season. We’ll also show you how to use Immersive Labs to review your skills coverage, identify resource dependencies, and assign timely and relevant content using the MITRE ATT&CK framework.Unmasking Holiday Hackers
Imagine the following scenario… You receive a text message from a “delivery service”. It asks you to click a link to validate your personal information so they can deliver a parcel. Thinking it’s a precious holiday package from one of your many online orders, you click it. You input your credit card number to validate the order, and you enter your address to ensure it’s delivered to the right place before you have time to realize what’s just happened… 💥 You’ve given all your information to a scammer! 🤯This is textbook smishing, but that doesn’t change the fact that it’s incredibly effective. This exact situation happened to Grant Smith – however, he just so happened to be a certified Ethical Hacker. Smith shared his story and subsequent investigation details with Wired. In the article, we learn that: In total, people entered 438,669 unique credit cards into 1,133 domains used by the scammers. More than 50,000 email addresses were logged, including hundreds of university email addresses and 20 military or government email domains. The victims were spread across the United States, with more than 1.2 million pieces of information being entered in total. California, the state with the most, had 141,000 entries. Nobody wants to be part of this user cohort, but smishing attacks are becoming more common and more sophisticated. Around the holiday season, we interact with more businesses and technologies across multiple digital channels – and urgency only increases the closer we get to Christmas, growing your personal threat surface. You can help reduce your chances of being a victim of cybercrimes by upskilling with these labs: Staying Safe Online: Safer Browsing Staying Safe Online: Identity Theft Ready to take the reins of the sleigh and get into an investigation like Smith’s yourself? For a holiday-spirited investigation around a phishing attack – start with A Christmas Catastrophe: A Christmas Phish. From there, you can build a gingerbread house solid foundation for your security skills. Consider exploring theIntroduction to Penetration Testing and Hack Your First Computer collections. If you’re ready to dig deep and build knowledge and skills to use open-source tooling at the next level, you canfollow Grant’s steps with Immersive Labs collections! Scan with Nmap Nmap is one of the most popular network scanner tools available. In this introductory collection, you‘ll learn what Nmap is and how to use it to enumerate for hosts, ports, and services on a target. Intercept web traffic with Burp Suite Burp Suite is a popular tool used for pen testing and assessing web application security. This skill collection will take you from the basics of configuring and using Burp Suite to expertly traversing and applying its range of tools and features. Scan with NsLookup in Introduction to Networking This collection focuses on core networking concepts and the basics of networking connectivity, network topologies, and general networking concepts including IP addresses and domain name systems (DNS). Name Server Lookup allows users to query the DNS to retrieve information like IP addresses associated with domain names. Analyze web socket communications with Packet Analysis Reading packets and understanding the structure of packet captures are essential skills in cybersecurity. This collection introduces the main packet analysis tools and how to look for flags inside packet headers. Conduct Web Log Analysis This collection introduces you to the log files produced by web application servers and how they can be interpreted. You’ll be shown how to use common command line tools to analyze the log artifacts, what you can infer from the information captured in logs, and how this information can be helpful when responding to a suspected incident. Use SQL Injection Basics and SQL Injection to access databases Learn core SQL injection techniques and build on those skills to extract information from databases. When a vulnerability exists, this data can be accessed in various ways. Conduct advanced database investigations with Introduction to Linux Exploitation and Linux Command Line Gain foundational knowledge on Linux-based software exploitation, commonly used tools, and how the Linux Command Line Interface (CLI) can be used to perform different tasks. The labs in this skill collection range from navigating around a file structure to combining multiple commands to achieve a specific goal. Report valid cyber crimes to authorities! One such avenue is the Internet Crime Complaint Center. Or, if you’re working on an internal investigation for your employer, you should ensure strict adherence to your processes and playbooks for threat escalation and remediation processes. While you may not need to complete end-to-end tasks like the above frequently, it’s an asset to understand an offensive security mindset and key open-source tooling to conduct an investigation. Put your Nice List skills to use by continuing your offensive security journey and consider a Certified Ethical Hacker certification. You might even just earn an invite to the North Pole! Or, keep upskilling in Immersive Labs to earn more security badges and advance your career as an offensive security practitioner. You can be the light that guides the sleigh through the dark world of cyber criminals! Share your thoughts Did you find this case study interesting? Did you find some cross-functional training to bookmark for your personal growth? Please share your thoughts in the comments below! Give those hackers some coal to put somewhere special – their stocking, of course! Make sure you're following the Human Connection Blog to get updates to your inbox!CVE-2024-5910: Understanding the Critical Expedition Vulnerability
CVE-2024-5910 is a critical vulnerability in Palo Alto Networks' Expedition tool, widely used for firewall configuration migrations. The flaw, stemming from missing authentication for a critical function, allows attackers with network access to the Expedition interface to gain administrative privileges without authorization. This issue (which has a CVSS score of 9.3!) represents a significant security risk, particularly for organizations using Expedition to manage sensitive configuration data. What is Expedition? Expedition simplifies the migration of firewall configurations from third-party systems to Palo Alto Networks devices. This process often involves importing sensitive credentials, secrets, and configurations, making the tool's security paramount. Exploit details The vulnerability could be exploited by sending crafted requests to reset the administrator password, granting attackers access to the system. Once inside, malicious actors could extract sensitive information, tamper with configurations, or launch further attacks against connected systems. Public proof of concept (PoC) code for exploiting this vulnerability is now available, increasing the urgency of mitigation measures. Which systems are affected? This vulnerability affects Expedition versions before 1.2.92, as detailed inthe advisory from Palo Alto Networks. Systems that expose Expedition to the internet are at heightened risk, with recent scans identifying several instances accessible online. Mitigation steps Update Expedition: Upgrade to version 1.2.92 or later, where the vulnerability has been patched. Restrict access: Ensure that network access to the Expedition tool is limited to trusted hosts and users. There’s no valid reason for the tool to be accessible from untrusted networks. Change credentials: Rotate all administrator passwords, API keys, and firewall credentials processed through Expedition to mitigate potential compromises. Monitor for indicators of compromise (IoCs): Look for unusual activities in logs or changes to configurations, which may indicate exploitation. Recommended content To learn more about this vulnerability by interacting with it in a sandboxed environment, we have both offensive and a defensive labs in the platform. Theoffensive scenarioallows you to perform the exploitation using the PoC, whereas ourdefensive scenarioupskills users by describing how to identify the IoCs – giving participants a deep understanding of how the exploit would appear in their environment. To find these labs and others, simply type the relevant CVE number into theImmersive Labs Search Bar. Final thoughts CVE-2024-5910 underscores the importance of promptly addressing vulnerabilities in tools that manage critical infrastructure configurations. Organizations should also stay on top of new and emerging threats, patch affected systems immediately, and follow best practices for securing administrative tools like Expedition. Using the Immersive Labs platform, organizations can gain a deep understanding of the most critical vulnerabilities and exploits and prepare for them in a practical and safe setting. For more details from the affected vendor, refer to the officialPalo Alto Networks security advisory.Introducing The Human Connection Challenge: Season 1
Starting today we will begin releasing a series of all-new Challenge Labs. Each month you’ll be given the chance to showcase your cybersecurity skills across a range of topics and climb the Season 1 Leaderboard, with the chance to win kudos and rewards along the way.Where to Start? How Assess and Recommend can Unlock your Potential
What is Assess and Recommend? The Assess and Recommend feature was created with the end user in mind and helps determine the most appropriate content based on a learner’s knowledge and experience. The assessment leverages computer adaptive testing (CAT), which is a computer-based assessment that adjusts the difficulty of questions based on how a test taker answers previous questions. CAT is also known as tailored testing because it personalizes the test to the test taker's ability level. Having a more personalized assessment allows for a more personalized recommendation. Customized learning paths – NICE Framework One of the best things about the Assess and Recommend feature is that it creates personalized learning paths aligned to NIST's Workforce Framework for Cybersecurity (NICE Framework). The NIST NICE Framework, or NIST Special Publication 800-181, provides a structured guideline for defining and categorizing cybersecurity work roles, knowledge, skills, and abilities (KSAs). It aims to standardize the language around cybersecurity tasks and roles, enhancing workforce development, training, and alignment between job requirements and individual qualifications. Unlike traditional training programs, which tend to be the same for everyone, Immersive Labs uses assessment data to identify which roles in the NICE framework are most applicable to you. This means users focus on what they need to learn, rather than wasting time on topics they already know. As users upskill, they can retake assessments to receive new recommendations that match their evolving skill level, keeping training relevant and engaging. This dynamic approach is essential in a field where staying current is critical. By aligning with the NIST NICE Framework, the learning paths are tailored to specific roles, such as SOC analyst, pentester, or cyber professional, making the training even more effective. Benefits for organizations and users For organizations, the Assess and Recommend feature is incredibly valuable. It gives a clear picture of the team’s overall skills, strengths, and weaknesses. This information is crucial for planning targeted training, using resources wisely, and strengthening the organization’s cybersecurity defenses. Additionally, by promoting continuous learning and development, organizations can improve employee satisfaction and retention. Employees are more likely to stay with a company that invests in their growth, recognizing the importance of updated skills for job security and career advancement. Where can I Find this Feature? To find this feature, click the Upskill drop-down and navigate to Recommended Activities. Here, you’ll see a growing list of the assessments currently available in the platform. Share your Thoughts After completing your first assessment, tell us what you got as a recommendation in the comments below and share how your upskilling journey is going!Face Your Fears this Halloween and Return to Haunted Hollow
🧛♀️ Brace yourselves, brave souls! The haunted season has returned, and with it, an all-new cybersecurity adventure—Halloween 2024: Return to Haunted Hollow. The sinister spirits of cyberspace await you in this terrifying sequel to our 2023 Halloween collection, The Haunted Hollow. This is no mere challenge—it’s an eerie expedition through 9 haunted labs designed to test your skills and sanity alike. Whether you're a seasoned crypt keeper of the cybersecurity world or a curious newcomer, there's a fright waiting for everyone in this immersive capture-the-flag experience! 🔮 From unraveling encrypted secrets to hunting ghosts in packet captures, every lab holds the key to defeating the horrors lurking within. Can you escape the Haunted Helpdesk, break the Encryption Enigma, or uncover the Spooky, Scary, Silly Snaps? Each step you take deeper into this digital graveyard will challenge your mind and test your courage, until you can break out of the park through the Emergency Exit! 🕷️ With a difficulty ranging from approachable to spine-chillingly tough, it’s not about conquering all the horrors—just enough to emerge from the shadows with your sanity intact. Gather your wits, grab your digital lantern, and get ready to explore the most terrifying corners of cyber horror! 🧛 Release Date: October 16th ⌛ Estimated Time to Complete: 5 hours 👻 Labs: 9, each more terrifying than the last 🎃 Difficulty Range: 2-6 🧟 Collection Type: Challenge Lab details Note: These labs can be completed in any order, but we have ordered them from most accessible to most challenging. The final lab can only be completed after the other labs have been completed. The prequel collection doesn’t need to be completed before you can dive into these labs, but if you're craving some extra chills and thrills, feel free to haunt them first! Phishing for Treats Difficulty: 2 Skills required: None – this lab should be accessible to all audiences What's involved: This lab is a new phishing emails lab, with Halloween-themed emails. Users have to identify whether the email is 'safe' or 'spam' based on indicators from the emails. PCAP Pandemonium Difficulty: 4 Skills required: Packet capture analysis (Wireshark) What's involved: In this lab, users will need to analyse multiple packet captures using Wireshark to identify answers to the questions from the network traffic. Delving Deeper Difficulty: 4 Skills required: Web application enumeration What's involved: Users will need to explore a web application in order to gain access to a computer terminal within the application. From there, they'll need to interact with a simple API. Encryption Enigma Difficulty: 5 Skills required: Modern encryption/encoding techniques (Knowledge of how to use CyberChef will be useful) What's involved: Users will need to identify the correct encoding and encryption technique used to obfuscate each message in an application, before decrypting/decoding each message. Confusing Code Difficulty: 5 Skills required: Linux enumeration techniques, reverse engineering (particularly using Ghidra) What's involved: Users will need to use Linux enumeration techniques to identify a binary, before reverse engineering that binary to figure out how to exploit it. Haunted Helpdesk Difficulty: 5 Skills required: Linux enumeration and privilege escalation techniques What's involved: Users will be dropped into a restricted environment. From there, they'll need to figure out how to escape, and escalate their privileges to root. Fearsome Forensics Difficulty: 6 Skills required: OSINT, web application enumeration, modern encryption techniques, steganography What's involved: In this lab, the user will need to explore the web application and discover clues using OSINT techniques. These clues will then be used to decipher encrypted messages, finally revealing how to extract a message hidden inside an image. Spooky, Scary, Silly Snaps Difficulty: 6 Skills required: AWS capabilities (particularly S3 and AWS permissions), Python scripting What's involved: Users will need to enumerate public S3 resources to identify credentials for an AWS account. From here, they'll need to interact with the AWS console, and identify a way of escalating their privileges on AWS. Emergency Exit Difficulty: 1 Skills required: None – this lab is a culmination of the preceding labs within the collection, but no specific skills are required to complete this lab. What's involved: In each of the labs in this collection, users would have been asked to make a note of a code. In this lab, they need to submit each of these codes. Share Your Thoughts Did you escape the Haunted Hollow? We'd love to hear from you! Remember you can post in our Help & Support Forum for hints, tips & collaboration from your fellow community of experts.CVE-2024-30051: What You Need to Know
What is CVE-2024-30051? CVE-2024-30051 is a vulnerability in the Microsoft Windows Desktop Window Manager (DWM) Core Library that allows attackers to gain SYSTEM-level privileges and execute arbitrary code, giving them extensive control over the compromised system. Which systems are affected? CVE-2024-30051 impacts a broad range of Windows systems, including: Windows 10 (various versions) Windows 11 (various versions) Windows Server 2016 and later versions For a precise list of affected product configurations, check out the NIST National Vulnerability Database. How could bad actors use this security issue? Attackers have already exploited CVE-2024-30051 in real-world attacks, using it to distribute Qakbot malware via malicious email attachments or compromised websites. Once the malicious code is executed, the vulnerability is used to escalate privileges, allowing deep system access for installing more malware, stealing sensitive data, or taking full control of the system. How to protect your organisation The simplest and most obvious method is to apply the latest Windows security updates as soon as they become available. Microsoft released patches addressing CVE-2024-30051 as part of its May 2024 Patch Tuesday updates. Organisations and users are strongly advised to apply these patches immediately to protect their systems from potential exploitation. To verify if you've been affected by this vulnerability, analyse your logs for suspicious activity. Specifically, look for DLLs loaded from locations outside of system32 by legitimate Windows processes, as this may indicate the CVE-2024-30051 exploit has been used to load a malicious DLL. Additionally, to mitigate against future vulnerabilities, educate users about the risks of phishing and malware. Qakbot is often spread through email attachments or malicious websites. Educate users about the risks of opening attachments from unknown senders or clicking on suspicious links in emails. Conclusion CVE-2024-30051 highlights the importance of cybersecurity awareness and proactive measures as it can be mitigated with organisational cyber awareness and regular patching policies. As always, staying informed about potential vulnerabilities is crucial to mitigating such risks. Recommended content If you’d like to learn how to detect this vulnerability in a sandboxed environment, check out our CVE-2024-30051 lab. In this lab, you'll threat hunt through a SIEM system to identify indicators of compromise (IoCs). Don’t forget you can seek help and collaboration with this lab content in our Help & Support Forum! Share your thoughts If CVE-2024-30051 has impacted your organization, we’d love to hear about your steps to mitigate the risk. Do you have any recommendations for preparing for similar vulnerabilities in the future?
