New CTI Lab: CVE-2025-33073 (SMB Elevation of Privilege): Defensive
Another vulnerability patched was released during Microsoft's June 2025 patch Tuesday review! An important elevation of privilege vulnerability was listed, and if exploited successfully, attackers can achieve elevation of privilege on the compromised machine. Even though it's not recorded to have been exploited in the wild as yet, the fact that research exists with details on how the vulnerability was found improves the chances an attacker will attempt to exploit this flaw against a victim.In these labs, you will be taken through the vulnerability from both an offensive and defensive perspective. Why should our customers care? This is a new vulnerability that has just been patched, and is has in depth research released about it. Successful exploitation of this vulnerability allows attackers to elevate their privileges and achieve command execution on a victim machine. Learn what sort of indicators this exploit leaves, but also learn how to execute and take advantage of this vulnerability! Who is it for? Incident responders SOC analyst Threat Hunters Red Teamer Penetration Testers Here is the link to the labs: Defensive: https://immersivelabs.com/v2/labs/cve-2025-33073-smb-elevation-of-privilege-defensive Offensive: https://immersivelabs.com/v2/labs/cve-2025-33073-smb-elevation-of-privilege-offensive Container 7 Release We have released a threat detection for this particular vulnerability, helping the community to protect against any potential use of this vulnerability. https://github.com/Immersive-Labs-Sec/SigmaRules/blob/main/cve-2025-33073-smb-exploit.ymlLevel Up Your Resilience: Unlocking the Power of Cyber Drills with Immersive
Hello Immersive Community! You're already familiar with our hands-on learning and real-world scenarios to level up your cyber skills. You've seen how our labs and exercises can boost individual capabilities and build stronger teams. But are you ready to dive deep into ways to develop your organization's resilience? Today, we're diving into a crucial aspect of building true cyber readiness: Cyber Drilling. You might have heard the term before, but to really understand its comprehensive power and how it can improve your security posture, we're excited to highlight The Definitive Guide to Cyber Drilling. This is your essential resource, explaining everything from fundamental concepts to advanced implementation strategies for realistic cyber attack simulations that exercise both your technical and business leadership teams. In this series, we'll explore what a comprehensive Cyber Drilling program entails and, more importantly, how you, as part of the Immersive community, can leverage it to strengthen your organization's defenses – all laid out within the guide. As Phil Venables, CISO of Google Cloud, wisely stated, "The best training of all is a drill, exercise, or even a live-fire event. Having drills and exercises that get as close to reality as possible and test your people as well as your systems is ideal." 1 This isn't just about individual skill anymore; it's about how your entire organization performs when faced with a real-world cyber crisis – a concept thoroughly explored in the guide. Beyond Individual Labs: The Organizational View You've mastered individual labs, honed your threat hunting skills in Cyber Ranges, and perhaps even navigated crisis scenarios using simulations. These are vital building blocks. Cyber Drilling, as detailed in The Definitive Guide, applies that foundation to a broader organizational context, simulating real attacks to test technical prowess, communication, decision-making under pressure, and the effectiveness of your incident response plans across different teams. Think of Cyber Drilling as the ultimate "stress test" for your cyber defenses. It moves beyond theoretical knowledge and puts your collective capabilities to the test in a safe environment, revealing strengths and identifying areas for improvement you might not uncover through individual training alone – a comprehensive overview of which is provided in the guide. Why Should the Immersive Community Embrace Cyber Drills? As valued community members, you already understand the power of immersive learning. Cyber Drills are the natural evolution of that approach, offering significant benefits for your organization: Prove Your Readiness: Cyber Drills allow you to demonstrate the impact of your Immersive investment by showcasing your team's response capabilities. Identify Organizational Weaknesses: The methodologies explain how drills expose broader organizational gaps. Optimize Your Incident Response: Practical guidance helps you test and refine your plans. Enhance Team Cohesion: The principles highlight how drills improve collaboration. Demonstrate Value to Stakeholders: Use the frameworks to provide tangible evidence of preparedness. What Makes a Cyber Drill Effective? Just like our individual labs are designed for maximum learning impact, effective Cyber Drills share key characteristics: Leveraging Multiple Skills Creating Realistic Pressure Emphasizing Clear Communication Providing a Comprehensive View Mirroring Real-World Threats Tailored to Your Needs Driving Continuous Improvement What's Next? This is just the first step in understanding the power of Cyber Drilling. In the upcoming parts of this series, we'll delve into the practicalities of implementing these powerful exercises within your organization, building upon the foundation you've already established with Immersive – all based on the comprehensive insights within The Definitive Guide: Part 2: Planning and Executing Effective Cyber Drills: We'll explore how to define your objectives and develop scenarios. Part 3: Analyzing Results and Building a Culture of Continuous Improvement: We'll discuss how to interpret drill data and drive improvements. Unlock the full potential of your preparedness and enhance your organization's cyber resilience through the strategic practice of Cyber Drilling, which begins with The Definitive Guide to Cyber Drilling.Announcing the Immersive Cyber Resilience Awards 2025!
At Immersive, we recognize the exceptional efforts of organizations and individuals leading the charge in building true cyber resilience. That's why we’re thrilled to introduce the all-new Immersive Cyber Resilience Awards for 2025! These awards are designed to celebrate those demonstrating an outstanding commitment to proving and improving their cyber resilience through practical application and deep engagement with the Immersive One platform. For Cyber Awareness Month 2025, we're expanding last year’s successful Customer Awards program to nine honors across three categories – celebrating more top-tier organizations and cyber pros than ever. Let’s look at this year’s categories and what’s up for grabs when Cyber Awareness Month rolls around this October! Cyber Resilience Awards 01. Emerging Threats Leader This award recognizes those leading the charge in threat detection and hunting, proactively identifying risks and strengthening defenses using insights from our Cyber Threat Intelligence labs. To qualify for this award, we’ll be looking at the: Total number of Cyber Threat Intelligence (CTI) labs completed: Indicating a strong commitment to understanding the latest threat intelligence. Average time to complete and respond to every new CTI lab: Highlighting efficiency and agility in addressing emerging threats. 02. Cyber Resilience Leader This award acknowledges organizations that maximize the full use of the Immersive platform to fully optimize end-to-end cyber resilience. True cyber resilience goes beyond simply preventing attacks; it encompasses the ability to withstand, respond to, and recover from cyber incidents with minimal disruption. This award celebrates organizations that: Zero in on the breadth and depth of coverage across the MITRE ATT&CK framework: Demonstrating a comprehensive understanding and application of real-world attack tactics and techniques. Have taken it upon themselves to build Immersive fully into their cyber resilience program: Showing a deep integration of practical cyber skills development into their overall security strategy. 03. Immersive Trailblazer This award recognizes individuals who simply love Immersive and have shown exceptional dedication to the platform. This category celebrates personal commitment and enthusiasm for continuous learning and skill development in cybersecurity. We’re looking for individuals who: Have been our top point scorers since January 1, 2025: Indicating consistent engagement and mastery of a wide range of cyber skills. Have completed hundreds of labs and truly immersed themselves in the platform: Demonstrating an exceptional commitment to hands-on learning and practical skill development. Cyber Excellence and Innovation Awards 04. Exercising Excellence (Crisis Sim) This award recognizes organizations that have excelled in regularly using Crisis Sim scenarios to prove their cyber resilience. In the face of a major cyber incident, the ability to respond effectively and maintain business continuity is critical. This award celebrates organizations that: Have successfully run multiple simulations: Demonstrating a proactive approach to testing and refining their incident response plans. Have high participation in Immersive's own virtual Crisis Sims: Indicating a commitment to leveraging realistic and challenging scenarios to prepare their teams. 05. Exercising Excellence (Cyber Drilling) This Immersive-nominated prize rewards organizations that have successfully implemented and run cyber drill exercises with Immersive in 2025. Cyber Drills are dynamic, immersive simulations that test every aspect of an organization’s ability to detect, manage, and recover from high-impact cyber threats. This award celebrates organizations that have: Actively run Immersive-led cyber drills as part of their security training program: Showing a commitment to continuously improving technical capabilities. Demonstrated success in integrating Cyber Drill outcomes and learnings into their wider security landscape: Highlighting their ability to translate theoretical knowledge into practical skills. 06. Secure Development Champion (AppSec) This award celebrates organizations and individuals championing security throughout the software development lifecycle. Proactive security measures integrated early in the development process are essential for building secure and resilient applications. This award recognizes those who: Have implemented strong Developer Champion programs into their secure development training environment: Demonstrating a commitment to embedding security expertise within development teams. Have completed the highest number of AppSec lab content on the Immersive One platform: Demonstrating a dedication to hands-on practical learning and ongoing upskilling across the secure development lifecycle. Immersive Growth and Adoption Awards 07. Cybersecurity Maturity Leader This award recognizes organizations that have significantly shifted their security culture as a direct result of integrating the full Immersive One platform into their cybersecurity infrastructure. Building a strong security culture is fundamental to long-term cyber resilience, and this award celebrates those who have successfully fostered a more security-aware and engaged workforce. We’re looking for organizations that have demonstrated: A noticeable positive evolution in employee security behaviors and awareness. Evidence of Immersive One being a key driver in this cultural transformation. A commitment to embedding continuous learning and practical skills development across the organization. 08. Immersive Impact and Growth Leader This award recognizes organizations and individuals whose level of engagement with the Immersive One platform has significantly increased over 2025. This category celebrates those actively expanding their use of the platform to enhance their cyber capabilities. We’ll be taking into account factors such as: Overall growth in platform utilization and engagement. Involvement and engagement with Immersive-hosted challenges and competitions. 09. Community Leader This award recognizes individual members of the Human Connection Community who have significantly contributed to, and engaged with, both community content and their fellow community members. A strong and supportive community is invaluable in cybersecurity, fostering collaboration, knowledge sharing, and mutual growth. This award celebrates individuals who have: Consistently shared tips and advice. Engaged with popular threads and participated in community events and meetups. Actively helped to bring the Human Connection community to life. Now it’s over to you! We’ll be unveiling the winners of each category throughout Cyber Awareness Month in October 2025, with some exciting prizes up for grabs along the way to fuel your journey. All you have to do is stay on top of your game with Immersive. Throughout the year, keep your eyes peeled for fun and engaging challenges, competitions, and events meticulously designed to help you and your teams sharpen your skills, deepen your understanding of the threat landscape, and ultimately, strengthen your cyber resilience. We're excited to celebrate your progress and achievements as you continue to build a more secure digital future.New CTI Lab: CVE-2025-35433 (Erlang SSH): Offensive
On April 16, 2025, a critical vulnerability, identified as CVE-2025-32433, was disclosed in the Erlang/OTP SSH server. This critical vulnerability allows unauthenticated attackers to execute arbitrary code on affected systems by sending specially crafted SSH messages before authentication. After these messages have been sent, attackers have code execution on the victim machine. This lab will walk you through the mechanics of this vulnerability, helping you understand its implications and learn how an attacker could exploit it. Why is this lab important? Given Erlang's widespread use in telecommunications, IoT, and distributed systems, this vulnerability poses a significant risk to victims in multiple sectors and industries. Customers using Erlang should assess its vulnerability status and patch as soon as practicable. Who is this lab for? This lab is an offensive CTI lab, so it primarily benefits penetration testers and red teamers. That said, it's still incredibly valuable for defensive personas as well, so they can see how the attack could work. These personas include: SOC Analysts Incident Responders Threat Hunters Here is the link to the lab: https://iml.immersivelabs.online/v2/labs/cve-2025-35433-erlang-ssh-offensive
