Enter The Maze Challenge: Immersive’s Most Advanced Collection Yet
Today marks the release of the Maze Challenge, Immersive’s most advanced and cunningly designed offensive cybersecurity collection yet. This new series of labs is more than just a test of skills. It's a puzzle, a game, and a creative brain-bender, crafted by two of Immersive’s most brilliant minds: StefanApostol and SabrinaKayaci. Stefan, known to many as the "evil genius" behind the Human Connection Challenge, and Sabrina, who recently inspired our London community meetup attendees with her predictions on AI within the AppSec space, have teamed up to create something truly unique. We sat down with them to get their insights on what makes the Maze Challenge so special, so challenging, and so much fun. What was the main inspiration behind the maze theme, and how did you translate that narrative into a collection of technical labs? The core idea for the Maze Challenge, as Stefan explained, came from a shared love of games. "Both Sabrina and I are geeks. We like games, and we wanted to create a challenge with an overarching goal that was more than about earning a completion token." While our labs have always awarded tokens for completion, Stefan and Sabrina wanted to create a narrative that would engage users on a deeper level. "A maze is the perfect example of that," Stefan said. "We wanted to include a game element in these challenges." This isn't just a series of technical scenarios. It's a cohesive puzzle where each lab is a step toward a larger objective. The maze narrative encourages participants to think creatively, connecting different skills and techniques in a way that feels more like a game than a traditional capture the flag (CTF). I’ve heard that this is the most advanced lab collection yet. So, what makes these labs more challenging than the thousands of others in Immersive's catalogue? This collection is Immersive's most advanced to date, introducing a range of techniques not yet widely covered in the platform. The labs are a combination of real-world examples drawn from the creators' past experiences and internal testing, all woven together with a good deal of imagination. While the challenge covers a broad spectrum of offensive skills, including web, Linux, Windows, and Active Directory, Stefan was quick to name binary exploitation as an obvious concept that will have participants scratching their heads. The team collaborated with BenMcCarthy on this particular lab, and Ben being Ben, he poured all his creativity into it, making even Stefan nervous to attempt this mean challenge! Sabrina added that the real difficulty lies in the type of thinking required. "Some of them will really require outside-the-box thinking," she said. "They're unusual in a way that requires not just the technical skill, but some creativity and more critical thinking." This is a key theme throughout the collection. Participants can't rely on a simple, formulaic approach. Instead, they must be flexible and resourceful. Sabrina noted that some challenges will require "multiple sets of skills," forcing users to chain together their expertise in different areas to find a solution. Without giving away any spoilers, can you describe a moment in one of the labs that you're particularly proud of designing? Sabrina beamed as she recalled the Inner Maze lab. "I really enjoyed creating Inner Maze," she said, before adding a cryptic twist. "When you break out of that maze is when you're really trapped." She was particularly proud of her ability to create and then beat her own challenge, finding the exploit even more difficult than the design itself. Can you give users any hints or tips? The Maze Challenge is designed to be tough, and you should certainly expect it to be just that. However, the creators want everyone to have a fair shot, so they’ve some advice for those who might feel intimidated. Use the platform to your advantage. Stefan noted that around 98% of concepts within this challenge can be learned in the rest of our lab catalogue. “If you get stuck on a specific skill, take a break from the maze, find the relevant labs on the platform, and then come back with your newfound knowledge.” We encourage you to learn along the way, and persistence is always rewarded! Failure can be a sign of progress. Sabrina shared a key insight: "Sometimes it's important to take note of what it is you're doing that's failing... If you're failing at the same spot in a particular approach, that could actually mean that you're doing something right." Go figure that one out! Don't go it alone. Sabrina advises anyone starting their journey to ask others for advice and help. Our community help forum is a great resource for sharing knowledge and getting tips from fellow participants. We want you to have fun, and part of that fun is collaborating with your industry peers along the way. In the end, what do you hope participants will take away from this experience, beyond the technical skills? Stefan and Sabrina both hope it's a "desire for more challenges”! They also dropped a teaser for a community Halloween challenge… That’s all you’re getting for now! 👀 Want a head start? Join Stefan and Sabrina for a Labs Live webinar on August 19th. They’ll be solving the Improbable Maze lab live on the call, in collaboration with you. Attendees are encouraged to play along, offer their suggestions, methods, and frustrations. It’s the perfect opportunity to see the creators’ thought process and gain some momentum for your own journey through the maze. See you there!
Web App Hacking (Lab series): CVE-2022-2143 (iView2)
Hello all, I have spent way to long trying to complete the iView2 exploit. I was expecting a text box on the page for command entry, but I cannot get anything like that. I have been able to send a post request to the NetworkServlet page using the provided exploit string and I know that the test.jsp is created because I can use the query parameter ?cmd=whoami and I get the mysqldump output showing "nt authority \system". I cannot get any other query parameters to execute, even simple ls or dir commands. I found y4er's blog post and everything I see in terms of the syntax of the exploit appears to be identical to the lab. Any directions/suggestions/hints would be greatly appreciated! Thanks in advance. JLabs Live: Reverse Engineering
#Recorded on September 16th 2025 Ever felt totally stuck with a lab? Getting frustrated? Maybe you could have used the helpful guidance of an expert? Join our Labs Live webinar, a ground-breaking community webinar series from Immersive! We're bringing you live, interactive lab sessions led by seasoned professionals. In each Labs Live webinar, you'll collaborate directly with an expert as they navigate a challenging lab. They'll share their techniques, answer your questions, and together, you might even discover new insights. This isn't just a demonstration; it's a hands-on learning experience. Don't miss out on this unique opportunity to elevate your cyber skills. This Labs Live session will be hosted by BenMcCarthy, Lead Cyber Security Engineer, as he tackles one of our new Reverse Engineering labs.
Kusto Query Language: Ep.7 – String Processing Q4
I am stuck in Q4, and it seems that the query matches the requirements of the question and generates exactly what it is asking for. However, the lab does not accept the full substring command used in the query as the correct answer. Please let me know if I am missing anything. Thank you.
Incident Response: Suspicious Email – Part 2 -Help Needed.
Hi, I'm currently trying to complete this lab but I'm stuck on step 10. I have tried to use the different tools at hand but I'm struggling to extract the VBA and getting the binaries for it. Any help would be much appreciated. Kind Regards, jjdeno99
Unlock the World of AI: Introducing Our New AI Foundations Collection!
That's why we’re thrilled to announce the launch of our new AI Foundations collection, a comprehensive set of labs designed to empower you to navigate the fast-paced world of AI confidently. This seven-part lab collection is your guided tour through the core components of modern AI implementation. We've crafted this collection for everyone, breaking down complex concepts into digestible, easy-to-understand labs. Whether you're a seasoned tech professional or just starting your AI journey, this collection will provide you with a practical, hands-on understanding of how AI systems are built and how they work together to deliver powerful capabilities. NOTE: These labs are only available for customers who haven’t opted out of AI-related content. Why a new AI collection? Our customers have asked for more in-depth AI content – a demand that mirrors the explosive growth of the AI market. This new collection is our commitment to staying at the forefront of the industry and proactively addressing the needs of our community. What you'll learn The AI Foundations collection is a journey through the essential concepts of artificial intelligence. Each lab builds on the last, culminating in a holistic understanding of modern AI systems, with a special focus on agentic AI. Here's a glimpse into what you'll discover: Episode 1: Artificial Intelligence (Theory): Dive into the fundamentals of AI, exploring what it is, how it works, and the distinctions between generative AI and AGI. It also discusses AI’s limitations and demystifies the "illusion of thinking". Episode 2: Core Components (Theory): Get acquainted with the building blocks of AI, including LLMs, embedding and diffusion models, RAG, MCP, and the exciting world of agentic AI. It also touches on crucial security considerations as AI transitions from "knowing" to "doing". Episode 3: Large Language Models (Theory): Explore the power of foundational models, the importance of fine-tuning, the role of system prompts, and security considerations such as exploitable vulnerabilities and data privacy. Episode 4: Retrieval Augmented Generation (RAG) (Practical): Take a deep dive into RAG, vector databases, embedding, and chunking. In this hands-on lab, you'll create a knowledge base, chunk a file, and query a fictional company's proprietary data through an integrated AI chatbot. Episode 5: Model Context Protocol (MCP) (Practical): Understand the MCP protocol and its architecture within the broader AI landscape. You'll get hands-on experience using MCP Inspector to interact with an MCP server, and instruct an AI chatbot to organize files on your desktop, gaining insight into exactly how tools are chosen and invoked. Episode 6: Agentic AI (Practical): Immerse yourself in the world of AI agents. You'll get access to real AI agents within a safe sandbox environment. The curious can poke and edit the code and explore integrated Langfuse for a deeper look into the observability of the AI system. Episode 7: Demonstrate Your Knowledge (Theory): Put your newfound knowledge to the test and solidify your understanding of the concepts covered throughout the collection. Secure and private by design We've built our practical AI labs with your security and privacy as the top priority. When you launch a lab, you're entering a completely isolated, sandboxed environment. These sandboxes are self-contained and have no connection to any customer data or personal information. Think of it as your own private, temporary workspace that’s thoroughly purged after each use. To interact with the AI models, each lab session creates temporary user credentials. Not only are these credentials temporary, but they’re also locked to the lab environment itself. This means that even if the credentials were to be exposed, they would be useless outside of the specific lab they were created for, providing a robust layer of security. Access to the internet is also strictly controlled, which only allows connections to the minimum endpoints required for the lab to function. We utilize privacy-centric AI models designed to protect your data. The models we use don’t store or log your prompts and completions. Furthermore, your interactions are never used to train any models, ensuring that your data remains your own. We’ve also opted out of any content being used for service improvements across all the AI services we use. In some of our more advanced labs, we've implemented an additional layer of security with guardrails that preprocess user inputs and model outputs to filter for harmful or inappropriate content. These guardrails are mandatory and can’t be bypassed by users within the lab environment. These multiple layers of security work together to provide a safe and secure environment for you to learn and experiment with AI. Who is this collection for? Everyone! We've designed these labs to be a guided walkthrough, making even the more technical details accessible to anyone working with or interested in AI. Whether you're a developer, a business leader, a student, or simply a curious mind, our AI Foundations course will equip you with the knowledge and skills to thrive in the age of artificial intelligence. Join us on this exciting journey and unlock the power of AI. Get ready to build, innovate, and lead in the new era of intelligence.Gartner Security & Risk Management Summit 2025
We're going to be at Gartner this year - stop by our booth #508 if you're going to be there too and say 'hi'! We're also really proud to be hosting a speaking session with BT: Levelling-Up at Scale Against Cyber Threats If you haven't got your ticket yet, you can use our discount code to gain access to this industry leading conference & expo! See you there...
