Beyond the Chat Window: How to Securely Vibe Code with Anthropic’s Claude
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with RobertKlentzeris, Application Security Content Engineer for Immersive One, and RebeccaSchimmoeller, Lead Product Marketing Manager. Today, we’re deep diving into one facet of our Secure AI capability. “We are seeing a shift from ‘chatting with AI’ to ‘inviting AI into the terminal.’ With the release of tools like Claude Code, developers aren't just copying and pasting snippets from a browser anymore. They are letting an agent live directly in their CLI, giving it permission to read file specs, run commands, and architect entire features. It’s a massive leap in capability—but also in trust.” Rebecca: That is the big shift we’re hearing about, Rob. The market is obsessed with the idea of "vibe coding" right now—just describing what you want and letting the AI handle the implementation details. But for a security leader, the idea of an AI agent having direct access to the CLI (Command Line Interface) sounds terrifying. It feels less like a helper and more like handing a stranger your SSH keys. Rob: That is exactly what makes Claude Code different from your standard autocomplete tools. You aren't just getting code suggestions; you are interacting with an agent that has tooling capabilities—like using MCP (Model Context Protocol) or running slash commands. If you don't know what you're doing, you might accidentally let the agent produce insecure code or mishandle PII in a way that’s harder to spot than a simple copy-paste error. This new collection is about bridging that gap: how do we embrace the speed of vibe coding without sacrificing the security of our platform? Rebecca: So it’s about safe integration. Let’s get into the weeds—what does the "safe" version of this look like in the actual Immersive One labs you created? Rob: We start by defining common patterns used in AI coding agents such as manual prompts and how you can write them so Claude generates secure code. We then go a little deeper and explore how you can let your agents start coding securely with more autonomy and less intervention while staying secure with spec-driven development. From there, we move to the components of Claude Code and show how to leverage these advanced features, such as custom slash commands and skills that can enhance the security of both large legacy and greenfield projects. Rebecca: I noticed your roadmap included a focus on "Guardrails" and "Claude Agents." Is this where we stop "trash code" from hitting production? Rob: Exactly. This is unique to the agentic workflow. In the Claude Agents lab, we teach users how to set up a "Reviewer Agent" that audits the code generated by the first agent. We also have a dedicated lab on Guardrails, focusing on stripping PII (Personally Identifiable Information) before Claude ever sees the data. It’s about ensuring that even if the AI is "vibing," the security protocols remain rigid. Rebecca: That sounds incredible for the security team, but what about the developer? If I’m used to just doing my thing, head down to deliver on time, won’t specification-driven development cramp my style? Rob: Fun fact: It actually makes you faster. Think of the 'spec' as the prompt that saves you ten revisions. At Immersive, we focus heavily on ROI and removing pain for users. In this case, we show developers how to use slash commands and hooks to automate the boring stuff. When you learn to use these tools properly, you stop wrestling with the AI and start conducting it. And because these labs are hands-on with real Claude Code access in a secure sandbox, you can experiment with these powerful agents without worrying about breaking your own local environment. Your manager will love that too. Rebecca: Ha! You’re right. It sounds like we’re giving users a safe place to crash-test the car before they drive it. And I see you wrap it all up with a "Demonstrate" lab? Rob: We do. We want to prove competence. The Demonstrate Lab is a capstone where you have to combine everything—usage, security, and productivity. You have to prove you know how to use Claude Code to build something functional and secure. It validates that you aren't just generating code; you're engineering with it. Final Thought Our Building with AI: Claude Code collection isn't just another coding tutorial. It is a blueprint for the agentic future of development. For you the developer, it turns Claude from a vibe code buddy into a fully integrated, secure pair programmer. For your organization, it transforms a potential security risk into a governed, high-speed workflow. Want to get started? [Access Collection]No More Busy Work: How Programs Automate Personalized Cyber Readiness
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with MartinHewitt, Principal Product Manager for Immersive One, and RebeccaSchimmoeller, Lead Product Marketing Manager. “We’ve all seen the spreadsheet of doom. You assign a list of training labs to fifty people, and then you spend the next month chasing them down, manually checking completion statuses, and hoping the content you’ve assigned them is actually relevant—because if it’s not, your learners are just tuning out. It’s an operational nightmare, plain and simple.” Rebecca: Wow, yeah, we hear this constantly from the market, Martin. Leaders are drowning in admin work while trying to build resilience. It feels like we’ve been handing learners a stack of maps and hoping they figure out the route. Meanwhile, busy learners assume the content isn’t worth their time, so disengage. How does the new Programs capability change that dynamic? Martin: That map analogy is actually spot on. Until now, we’ve had Assignments and Collections—which are great, but they are static. Like you said, it’s handing someone a map. Programs is a fundamental shift … a GPS navigation system for learning. Instead of just handing a learner a stack of content and hoping for the best, a Program plots the optimal route based on their initial skill level. It re-routes them if necessary using logic, and it shows the manager if they fall behind schedule. We aren’t just looking at completion anymore; we are looking at flow. Rebecca: I love the "GPS" concept. But let’s make this real for our customers. What does one of these "routes" actually look like? Can you give us a concrete example of a path a team might take? Martin: Absolutely. Let’s look at the SOC Analyst Program. It doesn’t just start with a generic to-do list. It starts with an Adaptive Assessment. Based on those results, if the system sees a user is proficient and capable, it will route them into content that speaks to their level of knowledge and experience, rather than a one-size-fits-all (or, more often none) route. We see this for Cloud Security too. Engineers who know AWS inside-out don't need to waste time on S3 Buckets 101. The Program fast-tracks them to the advanced Cloud Defense scenarios. It’s about respecting their time Rebecca: That’s a perfect segue to the learner’s experience. We talk a lot about the manager’s benefit, but honestly, if I’m an analyst, why should I care? How does this make my day or professional life better? Martin: If you’re a learner, the biggest benefit is that you stop doing "busy work." Nothing kills morale faster than being a senior engineer forced to click through beginner labs just to get a completion checkmark. With Programs, the system recognizes your skill level immediately. You get to skip the stuff you already know and focus on the challenges that actually help you grow. Plus, because it’s a cohesive journey, you always know why you are doing a task. You aren’t just completing a random lab; you are moving through a cyber-narrative—from detection to analysis to remediation. It feels less like homework and more like a mission. Rebecca: So, we’re moving from "did you do it?" to "are you ready?" That sounds like it aligns perfectly with the CISO’s need to prove outcomes. But Martin, what about the manager’s visibility? You mentioned "flow" earlier—how is that different from just tracking who finished a lab? Martin: Right now, if you want to know who is struggling, you usually have to wait until the deadline passes and see who didn't finish. By then, it’s too late. With Programs, we focus on Pace. We capture a time commitment expectation—say, two hours a week—and the system calculates a "Burndown Rate." We can tell you in real-time if a user is Ahead, On Track, or Behind. It’s about finding what I call the "Bread and Valley Joes"—the people who are struggling silently. We want to surface those users to the manager before they fail, as well as highlighting the super-keen folk who really love stretching and testing their skills, we’re showing them as Ahead, making sure they’re spotted and give them the opportunity for recognition. Rebecca: That’s huge for "Management by Exception." You don't need to micromanage the high-performers, but you can quickly help those who are stuck. Martin: Exactly. And we’ve built the intervention right into the platform. You can filter for everyone who is "Behind" or stuck on a specific step—like Cloud Fundamentals—and bulk-message them right there. No more downloading CSVs and running mail merges just to nudge your team. Rebecca: Martin, this is a massive step forward. But knowing you and the engineering team, you’re already looking at what’s next. Can you give us a sneak peek at what’s coming for Programs? Martin: Don’t mind if I do! Right now, we have these amazing "Stock Programs" ready to go. In the New Year, we’re also handing the keys to customers … we’re going to introduce a custom builder. Managers will be able to build a completely bespoke journey tailored to their specific organization, drawing from right across our whole catalog. Things like being able to create your own "onboarding flow" to mirror your exact tech stack and security policies…. That’s when things will get even more exciting. Rebecca: I can't wait to see what customers build when that’s available, Martin. Thanks for walking us through the logic behind this milestone launch. This is major for customer outcomes. Martin: It is. We’re finally moving learners from just "completing tasks" to building real muscle memory. That’s the stuff that benefits their org now, and that they can carry it with them to their next professional opportunity. Final Thought Programs represent a shift that benefits the entire security function. For the organization, it replaces static assignments with an operational engine that measures true readiness against critical threats. For the learner, it transforms training from a checklist into a career-building journey, ensuring they develop skills that last far beyond their current role. Want to see how it works? Don’t miss this demo.Boosting Cyber Readiness Together: Introducing The New AI In-Lab Assistant
We’re passionate about creating an empowering, collaborative learning environment. That’s why we’re excited to introduce the AI In-Lab Assistant – an intelligent chatbot right inside your lab environment. We want you to solve challenges independently. The new AI assistant is designed to provide hints and tips on a lab, offering guidance without giving away the answer. The aim is to enhance your learning experience, ensuring you're always ready for what’s next. 🔎 Finding your on-demand learning companion Getting started is simple. Open a lab, and you’ll see a sparkle icon in the top right corner of your screen. Clicking this sparkle icon opens the chatbot interface. If the window obstructs your view, you can reposition the chatbot by dragging its top bar. If you need to hide it, click the cross in the top right of the pop-up window or the sparkle icon again. 🔬 How can the assistant help me? We specifically designed this chatbot to help with lab-related queries and tasks inside the lab environment. You can ask it to summarize the lab briefing, help you understand key concepts (such as "what is a SIEM?"), or assist with specific questions (for instance, "I need help with Task 3!"). The chatbot will give you hints and tips without giving you the exact answer. For example, if you're tackling enumeration, it might suggest commands like nmap, netstat, or cat. If you're working on privilege escalation, it may encourage you to think about commands like sudo, su, or to look for SUID binaries. Our sophisticated technology takes snapshots of practical and cloud labs, capturing the necessary context to understand activities on the virtual machine or the command line interface. ✅ Key boundaries and quick tips We want you to get the most out of the new AI In-Lab Assistant. It keeps to the following main points: It won’t give away the answer: We intentionally designed the chatbot to encourage independent completions, not to directly give you the answer. If you ask outright for the answer to a question, it’ll provide hints for you to figure it out yourself. It only applies to lab content: While you can input any query, the chatbot can only answer questions related to the lab you’re currently in. If you ask a non-lab-related question, such as "how’s the weather today in Bristol?", it’ll tell you it doesn’t have access to real-time data. Instead, it’ll encourage you to ask a question about the lab. History isn’t retained: To start a new chat, click the plus icon next to the New chat button in the top left of the chatbot window. This will clear the current history. Note that you’ll lose your conversation history when you exit a lab or start a new one. The chatbot can only retain seven questions before forgetting them. Exclusions: The AI In-Lab Assistant is available in most labs, but isn’t available in custom labs, adaptive assessments, or any demonstrate labs. 🔐 Data security and feedback you can trust We want to be upfront about our technology and security because we value authenticity. Our AI service was built using OpenAI. We prioritize your data security, so we only store your account UUID in the AI service database. We don’t store any other personally identifiable information (PII) except what you explicitly input as queries, which OpenAI will also receive. Crucially, we don’t ingest any custom content labs into our AI service, and the service doesn’t have access to any customer data. We rely on your input to keep improving! You can provide feedback on every response using the thumb-up or thumb-down icons found directly underneath the chatbot’s reply. We monitor this feedback to improve the AI In-Lab Assistant over time. 💁🏻♀️ And don’t forget… If you’d prefer to speak to real humans for hints and tips on your favorite labs, head to the Community and navigate to the Help Forum. If you aren’t satisfied with the AI In-Lab Assistant’s responses or have technical issues with the feature, reach out to Customer Support via the Help Center.October is here! Prepare for Cybersecurity Awareness Month with Immersive 🎃
In a world where technology and threats are constantly evolving, building a resilient team is more important than ever. At Immersive, we're proud to be your partner in this journey, and we've put together a fantastic lineup of events, challenges, and resources throughout October to help you and your teams stay ahead of the curve. What’s on at Immersive this Cybersecurity Awareness Month 📆 Oct 1st Whitepaper: GenAI’s Impact on Cybersecurity Skills and Training Oct 6th Trick or Treat on Specter Street Challenge Begins: Labs 1-3 Oct 9th Labs Live: Ripper's Riddle Community Webinar Oct 13th Trick or Treat on Specter Street Challenge: Labs 4 - 6 Oct 15th Webinar: How to Build a People-Centric Defense for AI-Driven Attacks Oct 16th Labs Live: Cursed Canvas Community Webinar Oct 20th Trick or Treat on Specter Street Challenge: Labs 7 - 9 Oct 22nd Cyber Resilience Customer Awards Winners Revealed Oct 23rd Labs Live: Macro Polo Community Webinar Oct 27th Trick or Treat on Specter Street Challenge: Labs 10-12 Oct 30th Labs Live: Phantom Pages Webinar Oct 31st Trick or Treat on Specter Street Challenge Finale: Labs 13 Oct 31st Virtual Crisis Sim: The Puppet Master’s Trick or Treat Challenges and Labs Trick or Treat on Specter Street 👻 Welcome to Trick or Treat on Specter Street, a Halloween-themed cybersecurity challenge where you'll use both offensive and defensive skills to solve a mystery unlike anything we’ve encountered before. Each week throughout October, we’ll drop new hands-on labs that slowly begin to uncover the secrets of Specter Street. Can you crack the case? Find out more. AI Foundations 🤖 Ready to navigate the rapidly evolving world of Artificial Intelligence with confidence? Give our new AI Foundations lab collection a go! Designed to equip your teams with critical AI knowledge and practical implementation skills; this initial collection features seven foundational labs that progressively guide your teams from high-level overviews to secure, hands-on AI implementation. Find out more. Events and Webinars Webinar How to Build a People-Centric Defense for AI-Driven Attacks Wednesday October 15th A must-attend event for understanding how threat actors are leveraging AI and other emerging technologies to carry out attacks. Register Now. Virtual Crisis Sim The Puppet Master’s Trick or Treat Friday October 31st Join us on Halloween as the notorious Puppet Master returns for a fiendish game of Trick or Treat 🎃 Play along with our Immersive crisis response experts as we tackle a LIVE coordinated attack from the Puppet Master on a Critical National Infrastructure organization. Dare you play the Puppet Master’s game and survive, or will they finally get their revenge?! Register Now. AI and Emerging Threats Throughout the month, we’re shining a spotlight on the rise of AI in cyber. From our all-new AI Foundational lab series to cutting edge research from the experts at the cutting edge of GenAI in cybersecurity in our latest whitepaper: GenAI’s Impact on Cybersecurity Skills and Training. Explore our latest AI-focused resources and upskill your teams to confidently face the future of cyber resilience. Check out our latest reports, articles, webinars and more on GenAI, here. Celebrating Cyber Resilience Heroes 🏆 We're also celebrating the individuals and organizations at the forefront of cyber resilience with our Cyber Resilience Customer Awards. Keep your eyes peeled on our social channels! We'll be unveiling our latest winners on October 22nd, recognizing those who demonstrate an outstanding commitment to proving and improving their cyber readiness. It's going to be a jam-packed month focused on practical application and deep engagement. Let’s make this the most secure October yet!
Enter The Maze Challenge: Immersive’s Most Advanced Collection Yet
Today marks the release of the Maze Challenge, Immersive’s most advanced and cunningly designed offensive cybersecurity collection yet. This new series of labs is more than just a test of skills. It's a puzzle, a game, and a creative brain-bender, crafted by two of Immersive’s most brilliant minds: StefanApostol and SabrinaKayaci. Stefan, known to many as the "evil genius" behind the Human Connection Challenge, and Sabrina, who recently inspired our London community meetup attendees with her predictions on AI within the AppSec space, have teamed up to create something truly unique. We sat down with them to get their insights on what makes the Maze Challenge so special, so challenging, and so much fun. What was the main inspiration behind the maze theme, and how did you translate that narrative into a collection of technical labs? The core idea for the Maze Challenge, as Stefan explained, came from a shared love of games. "Both Sabrina and I are geeks. We like games, and we wanted to create a challenge with an overarching goal that was more than about earning a completion token." While our labs have always awarded tokens for completion, Stefan and Sabrina wanted to create a narrative that would engage users on a deeper level. "A maze is the perfect example of that," Stefan said. "We wanted to include a game element in these challenges." This isn't just a series of technical scenarios. It's a cohesive puzzle where each lab is a step toward a larger objective. The maze narrative encourages participants to think creatively, connecting different skills and techniques in a way that feels more like a game than a traditional capture the flag (CTF). I’ve heard that this is the most advanced lab collection yet. So, what makes these labs more challenging than the thousands of others in Immersive's catalogue? This collection is Immersive's most advanced to date, introducing a range of techniques not yet widely covered in the platform. The labs are a combination of real-world examples drawn from the creators' past experiences and internal testing, all woven together with a good deal of imagination. While the challenge covers a broad spectrum of offensive skills, including web, Linux, Windows, and Active Directory, Stefan was quick to name binary exploitation as an obvious concept that will have participants scratching their heads. The team collaborated with BenMcCarthy on this particular lab, and Ben being Ben, he poured all his creativity into it, making even Stefan nervous to attempt this mean challenge! Sabrina added that the real difficulty lies in the type of thinking required. "Some of them will really require outside-the-box thinking," she said. "They're unusual in a way that requires not just the technical skill, but some creativity and more critical thinking." This is a key theme throughout the collection. Participants can't rely on a simple, formulaic approach. Instead, they must be flexible and resourceful. Sabrina noted that some challenges will require "multiple sets of skills," forcing users to chain together their expertise in different areas to find a solution. Without giving away any spoilers, can you describe a moment in one of the labs that you're particularly proud of designing? Sabrina beamed as she recalled the Inner Maze lab. "I really enjoyed creating Inner Maze," she said, before adding a cryptic twist. "When you break out of that maze is when you're really trapped." She was particularly proud of her ability to create and then beat her own challenge, finding the exploit even more difficult than the design itself. Can you give users any hints or tips? The Maze Challenge is designed to be tough, and you should certainly expect it to be just that. However, the creators want everyone to have a fair shot, so they’ve some advice for those who might feel intimidated. Use the platform to your advantage. Stefan noted that around 98% of concepts within this challenge can be learned in the rest of our lab catalogue. “If you get stuck on a specific skill, take a break from the maze, find the relevant labs on the platform, and then come back with your newfound knowledge.” We encourage you to learn along the way, and persistence is always rewarded! Failure can be a sign of progress. Sabrina shared a key insight: "Sometimes it's important to take note of what it is you're doing that's failing... If you're failing at the same spot in a particular approach, that could actually mean that you're doing something right." Go figure that one out! Don't go it alone. Sabrina advises anyone starting their journey to ask others for advice and help. Our community help forum is a great resource for sharing knowledge and getting tips from fellow participants. We want you to have fun, and part of that fun is collaborating with your industry peers along the way. In the end, what do you hope participants will take away from this experience, beyond the technical skills? Stefan and Sabrina both hope it's a "desire for more challenges”! They also dropped a teaser for a community Halloween challenge… That’s all you’re getting for now! 👀 Want a head start? Join Stefan and Sabrina for a Labs Live webinar on August 19th. They’ll be solving the Improbable Maze lab live on the call, in collaboration with you. Attendees are encouraged to play along, offer their suggestions, methods, and frustrations. It’s the perfect opportunity to see the creators’ thought process and gain some momentum for your own journey through the maze. See you there!Unlock the World of AI: Introducing Our New AI Foundations Collection!
That's why we’re thrilled to announce the launch of our new AI Foundations collection, a comprehensive set of labs designed to empower you to navigate the fast-paced world of AI confidently. This seven-part lab collection is your guided tour through the core components of modern AI implementation. We've crafted this collection for everyone, breaking down complex concepts into digestible, easy-to-understand labs. Whether you're a seasoned tech professional or just starting your AI journey, this collection will provide you with a practical, hands-on understanding of how AI systems are built and how they work together to deliver powerful capabilities. NOTE: These labs are only available for customers who haven’t opted out of AI-related content. Why a new AI collection? Our customers have asked for more in-depth AI content – a demand that mirrors the explosive growth of the AI market. This new collection is our commitment to staying at the forefront of the industry and proactively addressing the needs of our community. What you'll learn The AI Foundations collection is a journey through the essential concepts of artificial intelligence. Each lab builds on the last, culminating in a holistic understanding of modern AI systems, with a special focus on agentic AI. Here's a glimpse into what you'll discover: Episode 1: Artificial Intelligence (Theory): Dive into the fundamentals of AI, exploring what it is, how it works, and the distinctions between generative AI and AGI. It also discusses AI’s limitations and demystifies the "illusion of thinking". Episode 2: Core Components (Theory): Get acquainted with the building blocks of AI, including LLMs, embedding and diffusion models, RAG, MCP, and the exciting world of agentic AI. It also touches on crucial security considerations as AI transitions from "knowing" to "doing". Episode 3: Large Language Models (Theory): Explore the power of foundational models, the importance of fine-tuning, the role of system prompts, and security considerations such as exploitable vulnerabilities and data privacy. Episode 4: Retrieval Augmented Generation (RAG) (Practical): Take a deep dive into RAG, vector databases, embedding, and chunking. In this hands-on lab, you'll create a knowledge base, chunk a file, and query a fictional company's proprietary data through an integrated AI chatbot. Episode 5: Model Context Protocol (MCP) (Practical): Understand the MCP protocol and its architecture within the broader AI landscape. You'll get hands-on experience using MCP Inspector to interact with an MCP server, and instruct an AI chatbot to organize files on your desktop, gaining insight into exactly how tools are chosen and invoked. Episode 6: Agentic AI (Practical): Immerse yourself in the world of AI agents. You'll get access to real AI agents within a safe sandbox environment. The curious can poke and edit the code and explore integrated Langfuse for a deeper look into the observability of the AI system. Episode 7: Demonstrate Your Knowledge (Theory): Put your newfound knowledge to the test and solidify your understanding of the concepts covered throughout the collection. Secure and private by design We've built our practical AI labs with your security and privacy as the top priority. When you launch a lab, you're entering a completely isolated, sandboxed environment. These sandboxes are self-contained and have no connection to any customer data or personal information. Think of it as your own private, temporary workspace that’s thoroughly purged after each use. To interact with the AI models, each lab session creates temporary user credentials. Not only are these credentials temporary, but they’re also locked to the lab environment itself. This means that even if the credentials were to be exposed, they would be useless outside of the specific lab they were created for, providing a robust layer of security. Access to the internet is also strictly controlled, which only allows connections to the minimum endpoints required for the lab to function. We utilize privacy-centric AI models designed to protect your data. The models we use don’t store or log your prompts and completions. Furthermore, your interactions are never used to train any models, ensuring that your data remains your own. We’ve also opted out of any content being used for service improvements across all the AI services we use. In some of our more advanced labs, we've implemented an additional layer of security with guardrails that preprocess user inputs and model outputs to filter for harmful or inappropriate content. These guardrails are mandatory and can’t be bypassed by users within the lab environment. These multiple layers of security work together to provide a safe and secure environment for you to learn and experiment with AI. Who is this collection for? Everyone! We've designed these labs to be a guided walkthrough, making even the more technical details accessible to anyone working with or interested in AI. Whether you're a developer, a business leader, a student, or simply a curious mind, our AI Foundations course will equip you with the knowledge and skills to thrive in the age of artificial intelligence. Join us on this exciting journey and unlock the power of AI. Get ready to build, innovate, and lead in the new era of intelligence.New Labs: BlackHat 2025 and DefCon 33
Throughout early August 2025, representatives from Immersive's cyber team attended the BlackHat 2025 and DefCon 33 conferences and got great exposure to the latest technologies, topics, and techniques presented by the sharpest minds in our industry. As a result of attending these talks, workshops, and villages, Immersive has created brand new labs going through the various talks that took place, allowing you to get hands-on with the latest technologies and exploits. We present a number of brand new labs covering some of the most interesting and insightful topics from the events, from operational technology (OT) to achieving privilege escalation through firewall software. AI was a hot topic, as you would imagine, especially around Prompt Injection attacks. We already have plenty of content on Prompt Injection, not to mention the new AI Foundations content, so for this series, we created an Appsec Style lab around preventing Prompt Injection attacks. Why should our customers care? BlackHat and DefCon are two conferences that attract the greatest minds in cyber to get together and share their knowledge through workshops, official talks, and villages. Given the high diversity of events and talks that took place, there is something for everyone! Many of the topic areas shared are things that attackers could easily exploit themselves, so taking advantage of the information in these labs equips our customers with the knowledge of the latest vulnerabilities, threats, and exploitation techniques currently being talked about in the industry - improving your resilience and preparation against the latest threats. Who are the labs for? Offensive Security Engineers and Penetration Testers SOC Analysts and Incident Responders Malware Reverse Engineers Operational Technology Engineers Cyber Security Engineers Here is a list of the labs in this release: Binary Facades: Extracting Embedded Scripts CVE-2024-5921 Redux - Bypassing mitigations to PrivEsc with Palo Alto Global Protect Chrome Alone: Transforming a Browser into a C2 Platform No VPN Needed?: Cryptographic Attacks Against the OPC UA Protocol Python: AI Prompt Injection If you'd like to do any of these labs, here is a link to the BlackHat/DefCon collection: https://immersivelabs.online/series/defcon-black-hat/More Immersive Cyber Drills: How Rich Media Can Bring a Scenario to Life
When running a cyber drill, it’s useful to have a consistent and cohesive sense of the story throughout. The use of branding and rich media (videos and audio related to the theme) can engage participants through a sense of world-building and storytelling. Imagine your company drill looking like your company — logo, color scheme, font and all. The Brand It’s a good idea to start with all the assets needed to create the custom content. In my case, I created a logo and color scheme for a fictional news company, CHANNEL 6 News. The intention was to create a consistent look and feel for the news updates we would use. Using a simple color palette and classic news branding style, I could then create a virtual website for news updates using presentation software. This allows for ease of editing and can be presented full-screen to look like a webpage. A key requirement of the project was to create content that could be edited by anyone — no special software needed. This is just a slide in a presentation! The slide format could be used to represent a company website, a news outlet, or anything to aid the storytelling. Each slide in the presentation is a copy of the previous, but the news story is changed (title, image, and copy). Rich Media Video is engaging; it grabs our attention and helps with immersion. Video that has relevant branding and specifics has the chance to immerse participants even further. Continuing with the Channel 6 News theme, I used an AI video generator to create a news presenter intro and outro, all within a single prompt to maintain a consistent look. I also created a graphical intro in professional video editing software, aligning the branding and adding stock backing music. Using a more stripped-back video editing app, such as Google Vids, templates can be created with the intro and outro already in place. In between, video clips and voiceover (also generated) provide the main content of the news update. These templates allow for quick editing by anyone without the need for expert software. Download the MP4, and we’re ready to slot it into a cyber drill! Here's an example of the intro/outro and small amount of content between. Company Videos Immersive has a fictional company it uses for Crisis Sims called Orchid Corp. We have brand assets (logos, graphics, etc.) that we use to create print and digital media. I created employee welcome videos using stock media and generated voiceover audio, which ended up being fairly convincing. Now, imagine your company assets in whatever type of video you want. Perhaps a news broadcast, maybe an internal or external press release on the crisis situation. The more entertaining and interesting the content, the more immersion and engagement. Prove and Improve Running drills with custom videos will capture your audience’s attention and imagination. There's a great opportunity to review how the media can be adjusted for further storytelling depth. It could be effective to have the story evolve at a future drill, building on the actions taken previously. Having templates for the content, such as a news update clip, means that significant time is saved in preparation and a consistent feel is kept across drills.Recommendations for Writing a Program Welcome Email
Key Objectives of the Email Generate Excitement: Make employees want to participate. Clearly State Benefits: What's in it for them? Provide Clear Next Steps: How do they get started? Assure Support: Who to ask for help? Reinforce Company Vision: Link individual growth to organizational success. Recommended Email Structure & Content 1. Compelling Subject Line Purpose: Grab attention, convey value immediately. Examples: "Unlock Your Potential: Introducing [Program Name]!" "Elevate Your Skills: Your Gateway to Growth is Here!" "Future-Proof Your Career: Announcing Our New Upskilling Initiative!" "Exciting News: Your Path to [Skill Area] Mastery Starts Now!" "Invest in Yourself: [Company Name]'s New Upskilling Program" 2. Warm & Enthusiastic Opening Purpose: Welcome, set a positive tone. Content: "Dear [Employee Name]," or "Hello Team," "We're thrilled to announce..." or "Get ready to elevate your career..." "At [Company Name], we believe in fostering continuous growth and development for every member of our team." 3. Program Overview (The "What") Purpose: Briefly explain what the program is. Content: Introduce the program name (e.g., "The [Program Name] Upskilling Initiative"). Briefly describe its scope (e.g., "a comprehensive program designed to enhance critical skills," "a tailored learning experience focusing on [key skill areas]"). Mention the format (e.g., "via interactive online modules," "expert-led workshops," "hands-on labs"). 4. Benefits to the Employee (The "Why Them") Purpose: This is the most crucial section – articulate the direct value to the individual. Content: "Why should you participate? This program is designed to help you:" Advance your career: "Unlock new opportunities for career growth within [Company Name]." Stay competitive: "Master the latest industry skills and technologies." Boost your confidence: "Deepen your expertise and take on new challenges." Enhance your impact: "Contribute even more effectively to your team's and [Company Name]'s success." Personal Growth: "Invest in your personal and professional development." (Optional but impactful): "Aligned with our commitment to [Company Value, e.g., Innovation, Excellence]." 5. How to Get Started (Clear Call to Action - CTA) Purpose: Make enrollment easy and intuitive. Content: "Getting started is simple! Here's how to begin your learning journey:" Provide a clear, clickable link: "Click here to explore the [Program Name] Hub." Brief instructions: "Log in with your [Company Credentials]," "Browse the course catalog," "Enroll in your first module." Mention any deadlines or enrollment periods if applicable. 6. Support & Resources: Purpose: Assure employees they won't be alone. Content: "We're committed to supporting you every step of the way." "For any questions, technical support, or guidance on choosing your learning path, please contact [L&D Team Email/Name, or specific Slack channel]." “Speak with your manager and map this to your own Professional Development Plan (PDP) for regular support and feedback” “We're so excited to celebrate your successes with you, and we're here to offer a helping hand as you grow!” Mention FAQs or a dedicated resource page if available. 7. Closing Purpose: Reinforce enthusiasm and look forward to their participation. Content: "We are incredibly excited about the potential this program holds for your individual growth and our collective success." Reinforce / remind positive impact to organisation “This program will make [Company Name] continue to be class leading / stay ahead of the competition / be the best place to work” "We look forward to seeing you thrive!" "Sincerely," / "Best regards," / "Warmly," [Your Name/Learning & Development Team/Leadership Team] General Recommendations for Effectiveness Personalization: Always use the recipient's name. Conciseness: Get to the point. Employees are busy. Visuals (Optional but Recommended): Consider including a compelling image or a short introductory video if available. Follow-Up Strategy: Plan reminder emails for those who haven't enrolled, and share success stories later. Manager Communication: Ensure managers are informed before the general team, so they can support and encourage participation. By following these recommendations, your upskilling program launch email can effectively motivate employees and kickstart a successful learning initiative.No Sleep on State-Backed Threats: Train for Cyber Conflict Before It Starts
In 2025, the cybersecurity landscape isn’t just evolving – it’s accelerating. State-backed cyberattacks, geopolitical tensions, and a fragmented regulatory environment have placed cyber resilience squarely at the top of boardroom agendas. But while the threats are growing, clear directives and unified mandates are not. Cybersecurity leaders are left asking: If federal policy won’t dictate readiness, how can we validate that we’re prepared? The policy gap: Why the One Big Beautiful Bill won’t save us Despite its sweeping scope, the recently passed One Big Beautiful Bill Act (H.R.1, P.L. 119-21) is notably silent on cybersecurity policy. It includes: Investments of $150M to the Department of Defense for business system modernization, including AI-aided financial auditing $200M for AI-enabled audit systems $20M to DARPA cybersecurity research efforts $250M for Cyber Command’s AI “lines of effort” $685M toward military cryptographic modernization, including quantum benchmarking While these appropriations equip government agencies to modernize and strengthen cyber and crypto capabilities, they stop short of mandating new cross-industry controls, standards, or compliance obligations for private sector entities. Organizations can’t depend on Washington to drive cyber resilience strategy, given how dynamic the landscape is today. Instead, leaders must build proactive, measurable programs rooted in industry frameworks like NIST CSF, ISO 27001, and MITRE ATT&CK. At the same time, they need to monitor shifting government priorities (vis-à-vis risks), evolving state-level regulations, and sector-specific requirements like the Digital Operational Resilience Act for financial services. In short, cyber resilience remains an internal obligation, not an external mandate. The stakes are rising: Salt Typhoon breach proves it’s about people In June 2025, a DHS memo confirmed that Salt Typhoon, a Chinese state-linked hacking group, gained extensive, months-long access to a U.S. Army National Guard network. This breach wasn’t just a military problem – it highlighted systemic risks across civilian infrastructure, state governments, and critical services. The attackers stole administrative credentials, internal diagrams, network configurations, and PII of service members, creating opportunities for lateral movement and follow-on attacks against civilian sectors. As Ellis, a cybersecurity advisor quoted in the memo, pointed out: "An intrusion on a National Guard isn't a 'military only' operation. States regularly engage their Guard to assist with cyber defense of civilian infrastructure." This breach underscores the harsh reality that cyber adversaries aren’t bound by the Law of Armed Conflict – and they’re fully prepared to target civilian infrastructure as part of their strategy. Cyberwar is official: NATO’s Article 5 sets a new precedent NATO now explicitly recognizes cyberattacks as potential triggers for Article 5 collective defense measures. This isn’t about responding to routine ransomware or phishing scams – it’s about preparing for strategic-level attacks that can disrupt economies, paralyze infrastructure, or compromise national defense. To meet this challenge, NATO is expanding joint cyber exercises like Locked Shields and Cyber Coalition, simulating real-world adversaries and integrating civilian infrastructure into their scenarios. Our key lesson? Modern conflict starts in cyberspace – and organizations need to train for it before the first packet hits. Train like the threat is already inside 1. State-sponsored threat actor playbooks Train your team to recognize and respond to APT tactics in the wild. From credential harvesting to stealthy exfiltration, hands-on simulations build muscle memory against real adversary behaviors – not textbook theory. Get hands-on with Threat Actors: Salt Typhoon and explore a recent SNAPPYBEE Campaign Analysis to see how the group uses backdoors to conduct espionage operations. Our complete Threat Actors collection covers a wide range of threat groups and their TTPs, providing practical simulations that build muscle memory against real adversary behaviors. We’ve talked about APT29 before 🙅♀️🐻 and they remain an active threat. Refresh with APT29: Threat Hunting with Splunk and dig into practical nation-state threat intelligence and IOC analysis. 2. Salt Typhoon TTP training Defend against the tactics actually used in the Salt Typhoon breach: Lateral movement: Our MITRE ATT&CK collection covers lateral movement tactics, providing comprehensive training on how attackers move within a network and how to defend against such actions. Credential compromise: The Credential Access collection offers practical experience in understanding and mitigating credential access vulnerabilities, which is crucial for defending against credential compromise. Network reconnaissance: Our Reconnaissance collection focuses on various techniques and tools used for gathering information, which can help in understanding and defending against network reconnaissance. Data exfiltration: Another hit for the Incident Response collection! These labs are specifically designed to teach incident responders how to detect data exfiltration. Put your team in the hot seat and test their response before the next real-world incident hits. 3. AI-readiness for cyber defenders AI is transforming both red and blue team tactics. Prepare with practical training to drive understanding of AI model risks (e.g. prompt injection, data leakage) and build skills defending AI-enabled environments before attackers exploit them. The AI Fundamentals collection offers a broader understanding of AI's role in cybersecurity, covering topics like data ethics, TensorFlow for machine learning, and emerging threats. The AI Challenges collection focuses on identifying vulnerabilities in AI systems, such as AI plugin injection and prompt injection attacks, providing hands-on experience in mitigating AI security risks. Together, these collections provide comprehensive training on both understanding and defending AI-enabled environments against potential threats. 4. Incident response: No-doze drills Run full-cycle incident response simulations, from detection to containment to recovery. Focus on the messy middle: ambiguous alerts, cross-team coordination, and real-time decision-making under pressure. Train with our Introduction to Incident Response and Incident Response collections. These collections cover the entire incident response process, including detection, containment, and recovery, with an emphasis on cross-team coordination and real-time decision-making. Then, test your skills with our new Cyber Range Exercise inspired by Salt Typhoon with simulated malware, or our Crisis Simulations focused on nation-state attacks. 5. Critical infrastructure and IT/OT defense modules Your OT environment isn’t off-limits to adversaries. Practice defending blended IT/OT networks, identify cascading risks, and rehearse failover processes when the grid comes under cyber-fire. Explore the following collections that are part of our new Operational Technology offering: OT: Fundamentals OT: Threats and Vulnerabilities OT: Devices and Protocols These labs are valuable for practicing defense strategies in blended IT/OT networks and understanding cascading risks in critical infrastructure. You can also experience actual incidents like the Norwegian Dam Compromise: Campaign Analysis! Conclusion: Build cyber resilience before the next state-backed attack The One Big Beautiful Bill won’t mandate cyber resilience. NATO knows cyberwar is already here. And Salt Typhoon’s breach shows that the human element is still the biggest vulnerability facing businesses, entities, and nation states alike. That’s why continuous skills development, validated readiness, and real-world scenario training aren’t optional. Adhere to tested frameworks and operational rigor for your people, processes, and technology. Share your thoughts If you’re not sleeping on state-backed threats, set the alarm and kickstart your team’s readiness. Have you prioritized specific procedures or skills in response to the latest nation-state activity from groups like Salt Typhoon? Share your tips (or your favorite preparedness quote) in the comments below! Train like it’s game day – because for state-backed threats, it already is. Stay sharp and threat-ready by following the Human Connection blog for more updates like this.
