New Labs - Malterminal: Malware Analysis
With artificial intelligence (AI) and large language models (LLMs) fast becoming a more popular and talked-about set of technologies in every industry in society, it's no surprise that LLM-enabled malware now exists that can dynamically generate code, query data, and offload malicious functionality to LLMs, lowering the barrier of entry for threat actors deploying malware. This lab introduces one of the first known malware samples to ever facilitate the use of LLMs to perform malicious functionality. Why should our customers care? Most, if not all, companies are looking into using AI to varying degrees, whether to make their workforce more efficient and productive or to build full models that facilitate technical processes. With this in mind, and with the advent of basic malware that can use API keys to query LLMs and AI services, we will likely see this particular malware set evolve over time. By doing this lab, you'll begin to see how these pieces of malware are just the stub and querier for AI and how they can be used maliciously. This will showcase what this threat is like in its current state. We shall be monitoring how this threat evolves, so stay tuned for more labs. Who is the defensive lab for? SOC Analysts Incident Responders Threat Hunting Here is a link to the lab: https://immersivelabs.online/v2/labs/malterminal-analysis
Enter The Maze Challenge: Immersive’s Most Advanced Collection Yet
Today marks the release of the Maze Challenge, Immersive’s most advanced and cunningly designed offensive cybersecurity collection yet. This new series of labs is more than just a test of skills. It's a puzzle, a game, and a creative brain-bender, crafted by two of Immersive’s most brilliant minds: StefanApostol and SabrinaKayaci. Stefan, known to many as the "evil genius" behind the Human Connection Challenge, and Sabrina, who recently inspired our London community meetup attendees with her predictions on AI within the AppSec space, have teamed up to create something truly unique. We sat down with them to get their insights on what makes the Maze Challenge so special, so challenging, and so much fun. What was the main inspiration behind the maze theme, and how did you translate that narrative into a collection of technical labs? The core idea for the Maze Challenge, as Stefan explained, came from a shared love of games. "Both Sabrina and I are geeks. We like games, and we wanted to create a challenge with an overarching goal that was more than about earning a completion token." While our labs have always awarded tokens for completion, Stefan and Sabrina wanted to create a narrative that would engage users on a deeper level. "A maze is the perfect example of that," Stefan said. "We wanted to include a game element in these challenges." This isn't just a series of technical scenarios. It's a cohesive puzzle where each lab is a step toward a larger objective. The maze narrative encourages participants to think creatively, connecting different skills and techniques in a way that feels more like a game than a traditional capture the flag (CTF). I’ve heard that this is the most advanced lab collection yet. So, what makes these labs more challenging than the thousands of others in Immersive's catalogue? This collection is Immersive's most advanced to date, introducing a range of techniques not yet widely covered in the platform. The labs are a combination of real-world examples drawn from the creators' past experiences and internal testing, all woven together with a good deal of imagination. While the challenge covers a broad spectrum of offensive skills, including web, Linux, Windows, and Active Directory, Stefan was quick to name binary exploitation as an obvious concept that will have participants scratching their heads. The team collaborated with BenMcCarthy on this particular lab, and Ben being Ben, he poured all his creativity into it, making even Stefan nervous to attempt this mean challenge! Sabrina added that the real difficulty lies in the type of thinking required. "Some of them will really require outside-the-box thinking," she said. "They're unusual in a way that requires not just the technical skill, but some creativity and more critical thinking." This is a key theme throughout the collection. Participants can't rely on a simple, formulaic approach. Instead, they must be flexible and resourceful. Sabrina noted that some challenges will require "multiple sets of skills," forcing users to chain together their expertise in different areas to find a solution. Without giving away any spoilers, can you describe a moment in one of the labs that you're particularly proud of designing? Sabrina beamed as she recalled the Inner Maze lab. "I really enjoyed creating Inner Maze," she said, before adding a cryptic twist. "When you break out of that maze is when you're really trapped." She was particularly proud of her ability to create and then beat her own challenge, finding the exploit even more difficult than the design itself. Can you give users any hints or tips? The Maze Challenge is designed to be tough, and you should certainly expect it to be just that. However, the creators want everyone to have a fair shot, so they’ve some advice for those who might feel intimidated. Use the platform to your advantage. Stefan noted that around 98% of concepts within this challenge can be learned in the rest of our lab catalogue. “If you get stuck on a specific skill, take a break from the maze, find the relevant labs on the platform, and then come back with your newfound knowledge.” We encourage you to learn along the way, and persistence is always rewarded! Failure can be a sign of progress. Sabrina shared a key insight: "Sometimes it's important to take note of what it is you're doing that's failing... If you're failing at the same spot in a particular approach, that could actually mean that you're doing something right." Go figure that one out! Don't go it alone. Sabrina advises anyone starting their journey to ask others for advice and help. Our community help forum is a great resource for sharing knowledge and getting tips from fellow participants. We want you to have fun, and part of that fun is collaborating with your industry peers along the way. In the end, what do you hope participants will take away from this experience, beyond the technical skills? Stefan and Sabrina both hope it's a "desire for more challenges”! They also dropped a teaser for a community Halloween challenge… That’s all you’re getting for now! 👀 Want a head start? Join Stefan and Sabrina for a Labs Live webinar on August 19th. They’ll be solving the Improbable Maze lab live on the call, in collaboration with you. Attendees are encouraged to play along, offer their suggestions, methods, and frustrations. It’s the perfect opportunity to see the creators’ thought process and gain some momentum for your own journey through the maze. See you there!New Labs: BlackHat 2025 and DefCon 33
Throughout early August 2025, representatives from Immersive's cyber team attended the BlackHat 2025 and DefCon 33 conferences and got great exposure to the latest technologies, topics, and techniques presented by the sharpest minds in our industry. As a result of attending these talks, workshops, and villages, Immersive has created brand new labs going through the various talks that took place, allowing you to get hands-on with the latest technologies and exploits. We present a number of brand new labs covering some of the most interesting and insightful topics from the events, from operational technology (OT) to achieving privilege escalation through firewall software. AI was a hot topic, as you would imagine, especially around Prompt Injection attacks. We already have plenty of content on Prompt Injection, not to mention the new AI Foundations content, so for this series, we created an Appsec Style lab around preventing Prompt Injection attacks. Why should our customers care? BlackHat and DefCon are two conferences that attract the greatest minds in cyber to get together and share their knowledge through workshops, official talks, and villages. Given the high diversity of events and talks that took place, there is something for everyone! Many of the topic areas shared are things that attackers could easily exploit themselves, so taking advantage of the information in these labs equips our customers with the knowledge of the latest vulnerabilities, threats, and exploitation techniques currently being talked about in the industry - improving your resilience and preparation against the latest threats. Who are the labs for? Offensive Security Engineers and Penetration Testers SOC Analysts and Incident Responders Malware Reverse Engineers Operational Technology Engineers Cyber Security Engineers Here is a list of the labs in this release: Binary Facades: Extracting Embedded Scripts CVE-2024-5921 Redux - Bypassing mitigations to PrivEsc with Palo Alto Global Protect Chrome Alone: Transforming a Browser into a C2 Platform No VPN Needed?: Cryptographic Attacks Against the OPC UA Protocol Python: AI Prompt Injection If you'd like to do any of these labs, here is a link to the BlackHat/DefCon collection: https://immersivelabs.online/series/defcon-black-hat/ImmersiveOne: Scattered Spider Release
Scattered Spider has continuously been a threat to many of our customers, and one of the reasons is that they have techniques and tactics that can affect all members of an organization. From their advanced social engineering tactics targeting less security-focused users in an organization to bypassing defences long enough to deploy ransomware and steal data from some of the largest organizations in the world. Therefore, Immersive is releasing an ImmersiveOne approach to protecting our customers. This means customers now have access to the following: Lab – Scattered Spider and Dragonforce: Campaign Analysis Lab – Threat Actors: Scattered Spider Workforce Scenario – Social Engineering Techniques Crisis Sim – Responding to a Scattered Spider Attack The technical and non-technical labs, workforce scenario, and Crisis Sim scenario release will enable everyone inside an organization to prepare and be ready for threats posed by Scattered Spider. For an in-depth blog on Scattered Spider and what to think about in a crisis, follow the link here: https://www.immersivelabs.com/resources/blog/scattered-spider-what-these-breaches-reveal-about-crisis-leadership-under-pressureNew CTI Labs: CVE-2025-53770 (ToolShell SharePoint RCE): Offensive and Defensive
Recently, a critical zero-day vulnerability affecting on-premise SharePoint servers, identified as CVE-2025-53770, was uncovered. This vulnerability allows for authentication bypass, leading to remote code execution, and has been actively exploited in the wild. Eye Security researchers detected an in-the-wild exploit chain on July 18, 2025, during an incident response engagement. This discovery led to Microsoft assigning two CVEs: CVE-2025-53770 and CVE-2025-53771. The attack notably leveraged a combination of vulnerabilities to achieve its objectives, impacting numerous SharePoint servers globally. There is now a public exploit available for anyone wanting to achieve remote code execution. Why should our customers care? This critical vulnerability has been added to the CISA Kev Catalog. and with no authentication or user interaction, a vulnerable SharePoint server can be fully taken over remotely, letting attackers run arbitrary code as if they were privileged admins. SharePoint is a complex and large system that often holds a lot of sensitive data for organizations and is often a targeted system for attackers. Who is the defensive lab for? System Administrators SOC Analysts Incident Responders Threat Hunters Who is the offensive lab for? Red teamers Penetration Testers Threat Hunters Here are the links to the labs: Offensive: https://immersivelabs.online/v2/labs/cve-2025-53770-toolshell-sharepoint-rce-offensive Defensive: https://immersivelabs.online/v2/labs/cve-2025-53770-toolshell-sharepoint-rce-defensiveNew CTI Lab: CVE-2025-32463 (Sudo Chroot Elevation of Privilege): Offensive
On June 30, 2025, the Stratascale Cyber Research Unit (CRU) team identified a critical local privilege escalation vulnerability in sudo, tracked as CVE-2025-32463. This vulnerability, related to sudo's chroot option, can allow an attacker to escalate privileges to root on an affected system. Why should our customers care? This critical vulnerability is reasonably trivial to exploit, and should an attacker gain user-level access to a vulnerable machine, they'll be able to elevate their privileges and have full control over the machine. It has come to our attention that not many people are aware that sudo has versioning. It is a binary that is constantly iterated upon, which naturally may introduce new vulnerabilities. If administrators and security analysts are not aware of how these vulnerabilities work, this can lead to significant risks and impacts. Who is it for? Red Teamers Penetration Testers System Administrators Here is a link to the lab: https://iml.immersivelabs.online/labs/cve-2025-32463-sudo-chroot-elevation-of-privilege-offensiveNew CTI/OT Lab: Norwegian Dam Compromise: Campaign Analysis
We have received reports of a cyber incident that occurred at the Lake Risevatnet Dam, near Svelgen, Norway, in April 2025. A threat actor gained unauthorized access to a web-accessible Human-Machine Interface (HMI) and fully opened a water valve at the facility. This resulted in an excess discharge of 497 liters per second above the mandated minimum water flow. Which persisted for four hours before detection. This attack highlights a dangerous reality: critical OT systems are increasingly exposed to the internet, making them accessible to threat actors. In this case, control over a dam’s valve system was obtained via an insecure web interface, a scenario that could have had even more severe consequences. A recent report by Censys identified over 400 exposed web-based interfaces across U.S. water utilities alone. This dam incident in Norway exemplifies the tangible risks posed by such exposures. In this lab, you will be taken through the attack from an offensive viewpoint, including cracking an HMI and fully opening two valves. Why should our customers care? OT environments, including dams, energy grids, and oil pipelines, are foundational to national security and daily life. These systems cannot be secured using traditional IT playbooks. As OT becomes more connected, tailored security strategies are critical to prevent unauthorized access and catastrophic failures. Who is it for? Incident responders SOC analyst Threat Hunters Red Teamer Penetration Testers OT Engineers Here is the link to the lab: https://immersivelabs.online/v2/labs/norwegian-dam-compromise-campaign-analysisNew CTI Lab: CVE-2025-33073 (SMB Elevation of Privilege): Defensive
Another vulnerability patched was released during Microsoft's June 2025 patch Tuesday review! An important elevation of privilege vulnerability was listed, and if exploited successfully, attackers can achieve elevation of privilege on the compromised machine. Even though it's not recorded to have been exploited in the wild as yet, the fact that research exists with details on how the vulnerability was found improves the chances an attacker will attempt to exploit this flaw against a victim.In these labs, you will be taken through the vulnerability from both an offensive and defensive perspective. Why should our customers care? This is a new vulnerability that has just been patched, and is has in depth research released about it. Successful exploitation of this vulnerability allows attackers to elevate their privileges and achieve command execution on a victim machine. Learn what sort of indicators this exploit leaves, but also learn how to execute and take advantage of this vulnerability! Who is it for? Incident responders SOC analyst Threat Hunters Red Teamer Penetration Testers Here is the link to the labs: Defensive: https://immersivelabs.com/v2/labs/cve-2025-33073-smb-elevation-of-privilege-defensive Offensive: https://immersivelabs.com/v2/labs/cve-2025-33073-smb-elevation-of-privilege-offensive Container 7 Release We have released a threat detection for this particular vulnerability, helping the community to protect against any potential use of this vulnerability. https://github.com/Immersive-Labs-Sec/SigmaRules/blob/main/cve-2025-33073-smb-exploit.ymlLevel Up Your Resilience: Unlocking the Power of Cyber Drills with Immersive
Hello Immersive Community! You're already familiar with our hands-on learning and real-world scenarios to level up your cyber skills. You've seen how our labs and exercises can boost individual capabilities and build stronger teams. But are you ready to dive deep into ways to develop your organization's resilience? Today, we're diving into a crucial aspect of building true cyber readiness: Cyber Drilling. You might have heard the term before, but to really understand its comprehensive power and how it can improve your security posture, we're excited to highlight The Definitive Guide to Cyber Drilling. This is your essential resource, explaining everything from fundamental concepts to advanced implementation strategies for realistic cyber attack simulations that exercise both your technical and business leadership teams. In this series, we'll explore what a comprehensive Cyber Drilling program entails and, more importantly, how you, as part of the Immersive community, can leverage it to strengthen your organization's defenses – all laid out within the guide. As Phil Venables, CISO of Google Cloud, wisely stated, "The best training of all is a drill, exercise, or even a live-fire event. Having drills and exercises that get as close to reality as possible and test your people as well as your systems is ideal." 1 This isn't just about individual skill anymore; it's about how your entire organization performs when faced with a real-world cyber crisis – a concept thoroughly explored in the guide. Beyond Individual Labs: The Organizational View You've mastered individual labs, honed your threat hunting skills in Cyber Ranges, and perhaps even navigated crisis scenarios using simulations. These are vital building blocks. Cyber Drilling, as detailed in The Definitive Guide, applies that foundation to a broader organizational context, simulating real attacks to test technical prowess, communication, decision-making under pressure, and the effectiveness of your incident response plans across different teams. Think of Cyber Drilling as the ultimate "stress test" for your cyber defenses. It moves beyond theoretical knowledge and puts your collective capabilities to the test in a safe environment, revealing strengths and identifying areas for improvement you might not uncover through individual training alone – a comprehensive overview of which is provided in the guide. Why Should the Immersive Community Embrace Cyber Drills? As valued community members, you already understand the power of immersive learning. Cyber Drills are the natural evolution of that approach, offering significant benefits for your organization: Prove Your Readiness: Cyber Drills allow you to demonstrate the impact of your Immersive investment by showcasing your team's response capabilities. Identify Organizational Weaknesses: The methodologies explain how drills expose broader organizational gaps. Optimize Your Incident Response: Practical guidance helps you test and refine your plans. Enhance Team Cohesion: The principles highlight how drills improve collaboration. Demonstrate Value to Stakeholders: Use the frameworks to provide tangible evidence of preparedness. What Makes a Cyber Drill Effective? Just like our individual labs are designed for maximum learning impact, effective Cyber Drills share key characteristics: Leveraging Multiple Skills Creating Realistic Pressure Emphasizing Clear Communication Providing a Comprehensive View Mirroring Real-World Threats Tailored to Your Needs Driving Continuous Improvement What's Next? This is just the first step in understanding the power of Cyber Drilling. In the upcoming parts of this series, we'll delve into the practicalities of implementing these powerful exercises within your organization, building upon the foundation you've already established with Immersive – all based on the comprehensive insights within The Definitive Guide: Part 2: Planning and Executing Effective Cyber Drills: We'll explore how to define your objectives and develop scenarios. Part 3: Analyzing Results and Building a Culture of Continuous Improvement: We'll discuss how to interpret drill data and drive improvements. Unlock the full potential of your preparedness and enhance your organization's cyber resilience through the strategic practice of Cyber Drilling, which begins with The Definitive Guide to Cyber Drilling.Announcing the Immersive Cyber Resilience Awards 2025!
At Immersive, we recognize the exceptional efforts of organizations and individuals leading the charge in building true cyber resilience. That's why we’re thrilled to introduce the all-new Immersive Cyber Resilience Awards for 2025! These awards are designed to celebrate those demonstrating an outstanding commitment to proving and improving their cyber resilience through practical application and deep engagement with the Immersive One platform. For Cyber Awareness Month 2025, we're expanding last year’s successful Customer Awards program to nine honors across three categories – celebrating more top-tier organizations and cyber pros than ever. Let’s look at this year’s categories and what’s up for grabs when Cyber Awareness Month rolls around this October! Cyber Resilience Awards 01. Emerging Threats Leader This award recognizes those leading the charge in threat detection and hunting, proactively identifying risks and strengthening defenses using insights from our Cyber Threat Intelligence labs. To qualify for this award, we’ll be looking at the: Total number of Cyber Threat Intelligence (CTI) labs completed: Indicating a strong commitment to understanding the latest threat intelligence. Average time to complete and respond to every new CTI lab: Highlighting efficiency and agility in addressing emerging threats. 02. Cyber Resilience Leader This award acknowledges organizations that maximize the full use of the Immersive platform to fully optimize end-to-end cyber resilience. True cyber resilience goes beyond simply preventing attacks; it encompasses the ability to withstand, respond to, and recover from cyber incidents with minimal disruption. This award celebrates organizations that: Zero in on the breadth and depth of coverage across the MITRE ATT&CK framework: Demonstrating a comprehensive understanding and application of real-world attack tactics and techniques. Have taken it upon themselves to build Immersive fully into their cyber resilience program: Showing a deep integration of practical cyber skills development into their overall security strategy. 03. Immersive Trailblazer This award recognizes individuals who simply love Immersive and have shown exceptional dedication to the platform. This category celebrates personal commitment and enthusiasm for continuous learning and skill development in cybersecurity. We’re looking for individuals who: Have been our top point scorers since January 1, 2025: Indicating consistent engagement and mastery of a wide range of cyber skills. Have completed hundreds of labs and truly immersed themselves in the platform: Demonstrating an exceptional commitment to hands-on learning and practical skill development. Cyber Excellence and Innovation Awards 04. Exercising Excellence (Crisis Sim) This award recognizes organizations that have excelled in regularly using Crisis Sim scenarios to prove their cyber resilience. In the face of a major cyber incident, the ability to respond effectively and maintain business continuity is critical. This award celebrates organizations that: Have successfully run multiple simulations: Demonstrating a proactive approach to testing and refining their incident response plans. Have high participation in Immersive's own virtual Crisis Sims: Indicating a commitment to leveraging realistic and challenging scenarios to prepare their teams. 05. Exercising Excellence (Cyber Drilling) This Immersive-nominated prize rewards organizations that have successfully implemented and run cyber drill exercises with Immersive in 2025. Cyber Drills are dynamic, immersive simulations that test every aspect of an organization’s ability to detect, manage, and recover from high-impact cyber threats. This award celebrates organizations that have: Actively run Immersive-led cyber drills as part of their security training program: Showing a commitment to continuously improving technical capabilities. Demonstrated success in integrating Cyber Drill outcomes and learnings into their wider security landscape: Highlighting their ability to translate theoretical knowledge into practical skills. 06. Secure Development Champion (AppSec) This award celebrates organizations and individuals championing security throughout the software development lifecycle. Proactive security measures integrated early in the development process are essential for building secure and resilient applications. This award recognizes those who: Have implemented strong Developer Champion programs into their secure development training environment: Demonstrating a commitment to embedding security expertise within development teams. Have completed the highest number of AppSec lab content on the Immersive One platform: Demonstrating a dedication to hands-on practical learning and ongoing upskilling across the secure development lifecycle. Immersive Growth and Adoption Awards 07. Cybersecurity Maturity Leader This award recognizes organizations that have significantly shifted their security culture as a direct result of integrating the full Immersive One platform into their cybersecurity infrastructure. Building a strong security culture is fundamental to long-term cyber resilience, and this award celebrates those who have successfully fostered a more security-aware and engaged workforce. We’re looking for organizations that have demonstrated: A noticeable positive evolution in employee security behaviors and awareness. Evidence of Immersive One being a key driver in this cultural transformation. A commitment to embedding continuous learning and practical skills development across the organization. 08. Immersive Impact and Growth Leader This award recognizes organizations and individuals whose level of engagement with the Immersive One platform has significantly increased over 2025. This category celebrates those actively expanding their use of the platform to enhance their cyber capabilities. We’ll be taking into account factors such as: Overall growth in platform utilization and engagement. Involvement and engagement with Immersive-hosted challenges and competitions. 09. Community Leader This award recognizes individual members of the Human Connection Community who have significantly contributed to, and engaged with, both community content and their fellow community members. A strong and supportive community is invaluable in cybersecurity, fostering collaboration, knowledge sharing, and mutual growth. This award celebrates individuals who have: Consistently shared tips and advice. Engaged with popular threads and participated in community events and meetups. Actively helped to bring the Human Connection community to life. Now it’s over to you! We’ll be unveiling the winners of each category throughout Cyber Awareness Month in October 2025, with some exciting prizes up for grabs along the way to fuel your journey. All you have to do is stay on top of your game with Immersive. Throughout the year, keep your eyes peeled for fun and engaging challenges, competitions, and events meticulously designed to help you and your teams sharpen your skills, deepen your understanding of the threat landscape, and ultimately, strengthen your cyber resilience. We're excited to celebrate your progress and achievements as you continue to build a more secure digital future.
