Announcing the Winners of the 2025 Cyber Resilience Customer Awards!
What a year for cyber resilience! As we say goodbye to another Cybersecurity Awareness Month, we are thrilled to celebrate the organizations and individuals who have demonstrated exceptional dedication to proving and improving their cybersecurity posture, defending against emerging threats, and embedding a culture of resilience across their organizations using the Immersive One platform. Collectively, our customers have tackled countless labs and simulations, setting new benchmarks for capability and speed. After crunching the numbers and reviewing the nominations, we're ready to announce just some of the winners who truly excelled in 2025 across the following categories: Emerging Threats Leader Award The Emerging Threats Leader award recognizes organizations and individuals at the forefront of threat detection and threat hunting; proactively identifying risks and strengthening defenses using insights from our Cyber Threat Intelligence labs. 🏆 Emerging Threats Award Organization Winners include: NHS England T-Mobile Arctic Wolf 🏆 Emerging Threats Award Individual Winners include: Steven Glogger, Swisscom Paul Blance, Specsavers Taz Wake, Jones Lang LaSalle Mark Cox, NationalGrid Stephen Wilson, BT Group Cyber Resilience Leader Award This award acknowledges organizations that maximize the full use of the Immersive One platform to fully optimize end-to-end cyber readiness. True cyber resilience goes beyond simply preventing attacks; it encompasses the ability to prove, improve, benchmark and report your cyber resilience. 🏆 Cyber Resilience Leader Award Winners include: Swisscom NHS England Arctic Wolf Darktrace BT Group Secure Development Champions Award This award celebrates organizations and individuals who champion security throughout the software development lifecycle. It recognizes a proactive approach to building secure applications, emphasizing practices like threat modeling, secure coding standards, and rigorous testing using the Immersive One platform to prepare and demonstrate secure coding practices. 🏆 Secure Development Champion Organization Award Winners include: Citigroup GfK Swisscom 🏆 Secure Development Champion Individual Award Winners include: Steffen Wacker, Arctic Wolf Joao Santos, GfK Omkar Joshi, GfK Balaji Kannan, GfK Naresh Sivakumar, GfK Alexander Kolyshkin, EMCD Exercising Excellence Award The Exercising Excellence award recognizes organizations that have excelled in regularly using scenarios on the Immersive One platform to prove their cyber resilience. They have successfully run multiple crisis simulations to regularly exercise their teams and have high levels of participation and engagement. 🏆 Exercising Execellence Award Winners include: Mastercard Citigroup Siemens Energy NHS England Immersive Trailblazer Award This award recognizes individuals who simply love Immersive and have shown exceptional dedication to the platform. They have been amongst our top point scorers since January 1st 2025, completing thousands of labs and truly immersing themselves in the platform. 🏆 Immersive Trailblazer Award Winners include: Mico Marcos, PepsiCo QingKai Ma, Hubbel Community Leader Award Our final award, the Community Leader award, recognizes individual members of the Human Connection Community that have contributed to, and engaged with, both community content and their fellow community members. They have consistently shared tips and advice, engaged with popular threads and participated in community events and meetups, helping to bring the Human Connection community to life. 🏆 Community Leader Award Winners include: netcat steven CyberSharpe autom8on MegMarCyberTrust Nneka_AN Dooley DGNew CTI Lab: Lazarus Cyberespionage Campaign: Analysis
In early November 2025, North Korean state-sponsored actor Lazarus was reported to have launched various attacks as part of a long-standing cyberespionage campaign linked to Operation DreamJob. Targets of the attacks include European organizations manufacturing unmanned aerial vehicles (UAV), aircraft component manufacturers, and British industrial automation organization. Lazarus's and by extension North Korea's operational objectives with these attacks is assessed with high confidence to be cyber espionage. What is this about? The attacks launched by Lazarus used a custom remote access trojan called ScoringMathTea RAT, which uses its own cipher system to obfuscate its code to conceal its functionality from analysts. The lab involves reverse engineering the malware and identify indicators of compromise by breaking the cipher and using that to identify what the malware is doing. Why is this critical for you and your team? North Korean cybercriminals and state sponsored actors are highly skilled, persistent, and aggressive in the pursuit of the North Korean regimes objectives, and one of those objectives is stealing information from targets that can affect national security. Understanding how North Korean cyber operators conduct attacks and understanding their tooling is essential for analysts to be better equipped to tackle these threats. Who is the content for? Malware Analysts and Reverse Engineers SOC Analysts Incident Responders Threat Hunters Tactical and Operational Cyber Threat Intelligence Analysts Here is a link to the lab: Lazarus Cyberespionage Campaign: AnalysisImmersive Certifications: From incident responders to SOC analysts, we’ve got you covered!
Our career paths are crafted by Immersive experts and designed to give you hands-on, in-depth technical learning across a range of areas. When you complete a career path, we’ve always been proud to see people share their achievements and showcase their badges online. But you called for something more – and we heard you. Now, when you complete one of our 39 Immersive Certified career paths, you’ll be able to download a certificate to demonstrate your achievement and showcase your skills. Our Immersive Certifications cover a range of areas, whatever your interests and expertise – from SOC analysts to incident responders, penetration testers to threat hunters, and Java developers to malware analysts. And a number of the Immersive Certified career paths range from beginner to advanced levels, so you can keep building your skills. If you’ve already completed one of the Immersive Certified career paths, you’ll be able to download a certificate today. Simply head into the Achievements area of the platform (Upskill > Achievements) and select the relevant career path. If you haven’t completed a career path yet, check out the options in the Upskill > Career Paths area of the platform. You can find further information on Immersive Certifications and all of our Immersive Certified career paths in the FAQs page on the Helpdesk. Immersive Certifications are a new feature. We’re keen to hear your feedback on how they can help develop your skills, share your achievements with others, and demonstrate your learning. Leave a comment below to let us know your thoughts!New CTI Labs: CVE-2017-1000353 Offensive and Defensive (October 2025 CISA KEV Additions)
In October 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added five new vulnerabilities to its known exploited vulnerabilities catalogue, one of which was a critical 2017 vulnerability affecting Jenkins versions 2.56 and earlier and 2.46 LTS and earlier. This vulnerability allowed attackers to gain remote code execution on vulnerable instances. Why is this critical for you and your team? Jenkins is a widely used application. Shodan reports confirm that there are 000s of instances exposed to the internet, with the vulnerable versions. With this vulnerability being a critical remote code execution vulnerability, the impact is significant. Understanding how to investigate logs for this attack and understanding how to successfully achieve exploitation is important for any team. Even though it's a 2017 vulnerability, it's a very recent addition to CISA KEV, which illustrates just how significant it is, and that even today, attackers are using this vulnerability to gain footholds and compromise vulnerable victims. Who is the lab for? SOC Analysts Incident Responders Penetration Testers Red Teamers Threat Hunters Here are the links to the labs: Offensive: https://immersivelabs.online/v2/labs/cve-2017-1000353-jenkins-command-injection-offensive Defensive: https://immersivelabs.online/v2/labs/cve-2017-1000353-jenkins-command-injection-defensiveOctober is here! Prepare for Cybersecurity Awareness Month with Immersive 🎃
In a world where technology and threats are constantly evolving, building a resilient team is more important than ever. At Immersive, we're proud to be your partner in this journey, and we've put together a fantastic lineup of events, challenges, and resources throughout October to help you and your teams stay ahead of the curve. What’s on at Immersive this Cybersecurity Awareness Month 📆 Oct 1st Whitepaper: GenAI’s Impact on Cybersecurity Skills and Training Oct 6th Trick or Treat on Specter Street Challenge Begins: Labs 1-3 Oct 9th Labs Live: Ripper's Riddle Community Webinar Oct 13th Trick or Treat on Specter Street Challenge: Labs 4 - 6 Oct 15th Webinar: How to Build a People-Centric Defense for AI-Driven Attacks Oct 16th Labs Live: Cursed Canvas Community Webinar Oct 20th Trick or Treat on Specter Street Challenge: Labs 7 - 9 Oct 22nd Cyber Resilience Customer Awards Winners Revealed Oct 23rd Labs Live: Macro Polo Community Webinar Oct 27th Trick or Treat on Specter Street Challenge: Labs 10-12 Oct 30th Labs Live: Phantom Pages Webinar Oct 31st Trick or Treat on Specter Street Challenge Finale: Labs 13 Oct 31st Virtual Crisis Sim: The Puppet Master’s Trick or Treat Challenges and Labs Trick or Treat on Specter Street 👻 Welcome to Trick or Treat on Specter Street, a Halloween-themed cybersecurity challenge where you'll use both offensive and defensive skills to solve a mystery unlike anything we’ve encountered before. Each week throughout October, we’ll drop new hands-on labs that slowly begin to uncover the secrets of Specter Street. Can you crack the case? Find out more. AI Foundations 🤖 Ready to navigate the rapidly evolving world of Artificial Intelligence with confidence? Give our new AI Foundations lab collection a go! Designed to equip your teams with critical AI knowledge and practical implementation skills; this initial collection features seven foundational labs that progressively guide your teams from high-level overviews to secure, hands-on AI implementation. Find out more. Events and Webinars Webinar How to Build a People-Centric Defense for AI-Driven Attacks Wednesday October 15th A must-attend event for understanding how threat actors are leveraging AI and other emerging technologies to carry out attacks. Register Now. Virtual Crisis Sim The Puppet Master’s Trick or Treat Friday October 31st Join us on Halloween as the notorious Puppet Master returns for a fiendish game of Trick or Treat 🎃 Play along with our Immersive crisis response experts as we tackle a LIVE coordinated attack from the Puppet Master on a Critical National Infrastructure organization. Dare you play the Puppet Master’s game and survive, or will they finally get their revenge?! Register Now. AI and Emerging Threats Throughout the month, we’re shining a spotlight on the rise of AI in cyber. From our all-new AI Foundational lab series to cutting edge research from the experts at the cutting edge of GenAI in cybersecurity in our latest whitepaper: GenAI’s Impact on Cybersecurity Skills and Training. Explore our latest AI-focused resources and upskill your teams to confidently face the future of cyber resilience. Check out our latest reports, articles, webinars and more on GenAI, here. Celebrating Cyber Resilience Heroes 🏆 We're also celebrating the individuals and organizations at the forefront of cyber resilience with our Cyber Resilience Customer Awards. Keep your eyes peeled on our social channels! We'll be unveiling our latest winners on October 22nd, recognizing those who demonstrate an outstanding commitment to proving and improving their cyber readiness. It's going to be a jam-packed month focused on practical application and deep engagement. Let’s make this the most secure October yet!New Labs - Malterminal: Malware Analysis
With artificial intelligence (AI) and large language models (LLMs) fast becoming a more popular and talked-about set of technologies in every industry in society, it's no surprise that LLM-enabled malware now exists that can dynamically generate code, query data, and offload malicious functionality to LLMs, lowering the barrier of entry for threat actors deploying malware. This lab introduces one of the first known malware samples to ever facilitate the use of LLMs to perform malicious functionality. Why should our customers care? Most, if not all, companies are looking into using AI to varying degrees, whether to make their workforce more efficient and productive or to build full models that facilitate technical processes. With this in mind, and with the advent of basic malware that can use API keys to query LLMs and AI services, we will likely see this particular malware set evolve over time. By doing this lab, you'll begin to see how these pieces of malware are just the stub and querier for AI and how they can be used maliciously. This will showcase what this threat is like in its current state. We shall be monitoring how this threat evolves, so stay tuned for more labs. Who is the defensive lab for? SOC Analysts Incident Responders Threat Hunting Here is a link to the lab: https://immersivelabs.online/v2/labs/malterminal-analysis
Enter The Maze Challenge: Immersive’s Most Advanced Collection Yet
Today marks the release of the Maze Challenge, Immersive’s most advanced and cunningly designed offensive cybersecurity collection yet. This new series of labs is more than just a test of skills. It's a puzzle, a game, and a creative brain-bender, crafted by two of Immersive’s most brilliant minds: StefanApostol and SabrinaKayaci. Stefan, known to many as the "evil genius" behind the Human Connection Challenge, and Sabrina, who recently inspired our London community meetup attendees with her predictions on AI within the AppSec space, have teamed up to create something truly unique. We sat down with them to get their insights on what makes the Maze Challenge so special, so challenging, and so much fun. What was the main inspiration behind the maze theme, and how did you translate that narrative into a collection of technical labs? The core idea for the Maze Challenge, as Stefan explained, came from a shared love of games. "Both Sabrina and I are geeks. We like games, and we wanted to create a challenge with an overarching goal that was more than about earning a completion token." While our labs have always awarded tokens for completion, Stefan and Sabrina wanted to create a narrative that would engage users on a deeper level. "A maze is the perfect example of that," Stefan said. "We wanted to include a game element in these challenges." This isn't just a series of technical scenarios. It's a cohesive puzzle where each lab is a step toward a larger objective. The maze narrative encourages participants to think creatively, connecting different skills and techniques in a way that feels more like a game than a traditional capture the flag (CTF). I’ve heard that this is the most advanced lab collection yet. So, what makes these labs more challenging than the thousands of others in Immersive's catalogue? This collection is Immersive's most advanced to date, introducing a range of techniques not yet widely covered in the platform. The labs are a combination of real-world examples drawn from the creators' past experiences and internal testing, all woven together with a good deal of imagination. While the challenge covers a broad spectrum of offensive skills, including web, Linux, Windows, and Active Directory, Stefan was quick to name binary exploitation as an obvious concept that will have participants scratching their heads. The team collaborated with BenMcCarthy on this particular lab, and Ben being Ben, he poured all his creativity into it, making even Stefan nervous to attempt this mean challenge! Sabrina added that the real difficulty lies in the type of thinking required. "Some of them will really require outside-the-box thinking," she said. "They're unusual in a way that requires not just the technical skill, but some creativity and more critical thinking." This is a key theme throughout the collection. Participants can't rely on a simple, formulaic approach. Instead, they must be flexible and resourceful. Sabrina noted that some challenges will require "multiple sets of skills," forcing users to chain together their expertise in different areas to find a solution. Without giving away any spoilers, can you describe a moment in one of the labs that you're particularly proud of designing? Sabrina beamed as she recalled the Inner Maze lab. "I really enjoyed creating Inner Maze," she said, before adding a cryptic twist. "When you break out of that maze is when you're really trapped." She was particularly proud of her ability to create and then beat her own challenge, finding the exploit even more difficult than the design itself. Can you give users any hints or tips? The Maze Challenge is designed to be tough, and you should certainly expect it to be just that. However, the creators want everyone to have a fair shot, so they’ve some advice for those who might feel intimidated. Use the platform to your advantage. Stefan noted that around 98% of concepts within this challenge can be learned in the rest of our lab catalogue. “If you get stuck on a specific skill, take a break from the maze, find the relevant labs on the platform, and then come back with your newfound knowledge.” We encourage you to learn along the way, and persistence is always rewarded! Failure can be a sign of progress. Sabrina shared a key insight: "Sometimes it's important to take note of what it is you're doing that's failing... If you're failing at the same spot in a particular approach, that could actually mean that you're doing something right." Go figure that one out! Don't go it alone. Sabrina advises anyone starting their journey to ask others for advice and help. Our community help forum is a great resource for sharing knowledge and getting tips from fellow participants. We want you to have fun, and part of that fun is collaborating with your industry peers along the way. In the end, what do you hope participants will take away from this experience, beyond the technical skills? Stefan and Sabrina both hope it's a "desire for more challenges”! They also dropped a teaser for a community Halloween challenge… That’s all you’re getting for now! 👀 Want a head start? Join Stefan and Sabrina for a Labs Live webinar on August 19th. They’ll be solving the Improbable Maze lab live on the call, in collaboration with you. Attendees are encouraged to play along, offer their suggestions, methods, and frustrations. It’s the perfect opportunity to see the creators’ thought process and gain some momentum for your own journey through the maze. See you there!New Labs: BlackHat 2025 and DefCon 33
Throughout early August 2025, representatives from Immersive's cyber team attended the BlackHat 2025 and DefCon 33 conferences and got great exposure to the latest technologies, topics, and techniques presented by the sharpest minds in our industry. As a result of attending these talks, workshops, and villages, Immersive has created brand new labs going through the various talks that took place, allowing you to get hands-on with the latest technologies and exploits. We present a number of brand new labs covering some of the most interesting and insightful topics from the events, from operational technology (OT) to achieving privilege escalation through firewall software. AI was a hot topic, as you would imagine, especially around Prompt Injection attacks. We already have plenty of content on Prompt Injection, not to mention the new AI Foundations content, so for this series, we created an Appsec Style lab around preventing Prompt Injection attacks. Why should our customers care? BlackHat and DefCon are two conferences that attract the greatest minds in cyber to get together and share their knowledge through workshops, official talks, and villages. Given the high diversity of events and talks that took place, there is something for everyone! Many of the topic areas shared are things that attackers could easily exploit themselves, so taking advantage of the information in these labs equips our customers with the knowledge of the latest vulnerabilities, threats, and exploitation techniques currently being talked about in the industry - improving your resilience and preparation against the latest threats. Who are the labs for? Offensive Security Engineers and Penetration Testers SOC Analysts and Incident Responders Malware Reverse Engineers Operational Technology Engineers Cyber Security Engineers Here is a list of the labs in this release: Binary Facades: Extracting Embedded Scripts CVE-2024-5921 Redux - Bypassing mitigations to PrivEsc with Palo Alto Global Protect Chrome Alone: Transforming a Browser into a C2 Platform No VPN Needed?: Cryptographic Attacks Against the OPC UA Protocol Python: AI Prompt Injection If you'd like to do any of these labs, here is a link to the BlackHat/DefCon collection: https://immersivelabs.online/series/defcon-black-hat/ImmersiveOne: Scattered Spider Release
Scattered Spider has continuously been a threat to many of our customers, and one of the reasons is that they have techniques and tactics that can affect all members of an organization. From their advanced social engineering tactics targeting less security-focused users in an organization to bypassing defences long enough to deploy ransomware and steal data from some of the largest organizations in the world. Therefore, Immersive is releasing an ImmersiveOne approach to protecting our customers. This means customers now have access to the following: Lab – Scattered Spider and Dragonforce: Campaign Analysis Lab – Threat Actors: Scattered Spider Workforce Scenario – Social Engineering Techniques Crisis Sim – Responding to a Scattered Spider Attack The technical and non-technical labs, workforce scenario, and Crisis Sim scenario release will enable everyone inside an organization to prepare and be ready for threats posed by Scattered Spider. For an in-depth blog on Scattered Spider and what to think about in a crisis, follow the link here: https://www.immersivelabs.com/resources/blog/scattered-spider-what-these-breaches-reveal-about-crisis-leadership-under-pressureNew CTI Labs: CVE-2025-53770 (ToolShell SharePoint RCE): Offensive and Defensive
Recently, a critical zero-day vulnerability affecting on-premise SharePoint servers, identified as CVE-2025-53770, was uncovered. This vulnerability allows for authentication bypass, leading to remote code execution, and has been actively exploited in the wild. Eye Security researchers detected an in-the-wild exploit chain on July 18, 2025, during an incident response engagement. This discovery led to Microsoft assigning two CVEs: CVE-2025-53770 and CVE-2025-53771. The attack notably leveraged a combination of vulnerabilities to achieve its objectives, impacting numerous SharePoint servers globally. There is now a public exploit available for anyone wanting to achieve remote code execution. Why should our customers care? This critical vulnerability has been added to the CISA Kev Catalog. and with no authentication or user interaction, a vulnerable SharePoint server can be fully taken over remotely, letting attackers run arbitrary code as if they were privileged admins. SharePoint is a complex and large system that often holds a lot of sensitive data for organizations and is often a targeted system for attackers. Who is the defensive lab for? System Administrators SOC Analysts Incident Responders Threat Hunters Who is the offensive lab for? Red teamers Penetration Testers Threat Hunters Here are the links to the labs: Offensive: https://immersivelabs.online/v2/labs/cve-2025-53770-toolshell-sharepoint-rce-offensive Defensive: https://immersivelabs.online/v2/labs/cve-2025-53770-toolshell-sharepoint-rce-defensive
