Snort Rules: Ep.9 – Exploit Kits
I am pulling my hair with question number 8 Create a Snort rule to detect the third GET request in the second PCAP file, then submit the token. This one should do it but it is not working. alert tcp any any -> any any (msg:"detect the third GET request"; content:"e31e6edb08bf0ae9fbb32210b24540b6fl"; sid:1000001) I tried so many rules base on the first GET header and still unable to get the token. Any tips?CSM Tip: Have A Summer Series! Are YOU Taking Advantage Of Summer?
Being the comedian I am, I was going to title this tip “Have Your Own Personal Summer series” but I didn’t want the core message of this idea to get lost in my wacky humor. Working with customers over the years across the globe, I’ve seen a trend. What is that trend? People on the team take their annual holidays to enjoy the weather, spend time with their families when the kids are out of school, spend more time in the fresh air away from screens, etc. Thus, structured programs and large projects wane a little bit as opposed to the fervor that resumes as autumn hits. One of the ways customers overcome this and stick to their personal growth and development plans as well as the broad organizational/department plans is to host “Summer Series”. What is that you say? Well, it is sometimes a large group activity or challenge over the summer (have you checked out the challenge labs in the Exercise section of Immersive?) Or, it’s a weekly/biweekly/monthly “workshop” drop in session that team members can attend (when they are not on their well-earned annual holidays) to learn more on a topic (come on, I KNOW you want to learn more about cutting edge topics like secure coding in the age of integrated LLM in your apps and systems). So, be the voice on your team to suggest this or, like my wacky idea for a tip topic suggests, implement your own Personal Summer series. You will be glad you did.New CTI/OT Lab: Norwegian Dam Compromise: Campaign Analysis
We have received reports of a cyber incident that occurred at the Lake Risevatnet Dam, near Svelgen, Norway, in April 2025. A threat actor gained unauthorized access to a web-accessible Human-Machine Interface (HMI) and fully opened a water valve at the facility. This resulted in an excess discharge of 497 liters per second above the mandated minimum water flow. Which persisted for four hours before detection. This attack highlights a dangerous reality: critical OT systems are increasingly exposed to the internet, making them accessible to threat actors. In this case, control over a dam’s valve system was obtained via an insecure web interface, a scenario that could have had even more severe consequences. A recent report by Censys identified over 400 exposed web-based interfaces across U.S. water utilities alone. This dam incident in Norway exemplifies the tangible risks posed by such exposures. In this lab, you will be taken through the attack from an offensive viewpoint, including cracking an HMI and fully opening two valves. Why should our customers care? OT environments, including dams, energy grids, and oil pipelines, are foundational to national security and daily life. These systems cannot be secured using traditional IT playbooks. As OT becomes more connected, tailored security strategies are critical to prevent unauthorized access and catastrophic failures. Who is it for? Incident responders SOC analyst Threat Hunters Red Teamer Penetration Testers OT Engineers Here is the link to the lab: https://immersivelabs.online/v2/labs/norwegian-dam-compromise-campaign-analysisBeyond the Gap: Why Neurodivergent Minds Are Cyber's Future
Neurodiversity advocate and my own personal hero, Chris Packham, recently made a series for the BBC titled Inside Our Minds. It focused on giving a voice to neurodivergent individuals by creating short films to explain how their minds work. During the episode on dyslexia, Chris visited GCHQ to discover why dyslexic people were being actively recruited for their pattern recognition and analytical skills. They discussed how a neurodiverse workforce (made up of both neurodivergent and neurotypical individuals) enabled them to solve more complex and wide-ranging problems. In particular, they highlighted how dyslexic people make ideal “analysts for the modern era”: “Their strengths include pattern recognition when dealing with big data, seeing the bigger picture when considering complex future scenarios, and finding solutions to novel and challenging problems.” – Dyslexic thinking skills are mission-critical for protecting the country, gchq.gov.uk. Identifying as neurodivergent The National Cyber Security Centre (NCSC)’s Decrypting Diversity 2021 report stated that 19% of industry professionals identify as neurodivergent – higher than the estimated 10% of the UK population. Neurodivergence encompasses a range of conditions including, but not limited to: Autism Spectrum Disorder (ASD) Dyspraxia Dyslexia Attention Deficit Hyperactivity Disorder (ADHD) Tourette Syndrome Cybersecurity appears to be a well-suited career path for neurodivergent individuals, due to several cognitive strengths that are valued in the field. These include: High attention to detail Pattern recognition The ability to hyperfocus Persistence Creative and innovative thinking With a much-publicised cybersecurity skills gap, are neurodivergent minds the answer to this? Removing barriers to entry in cybersecurity At Immersive, we partner with charities and organisations that support the neurodivergent community with access to our Cyber Million program. The program provides free access to hands-on cyber exercises for anyone over 16 years old, helping them build the necessary skills for a career in cybersecurity and remove barriers to entry. As an organisation, we also have many neurodivergent employees, including myself. Each person brings a unique skill set and perspective to their role. As a user researcher, seeing patterns in both qualitative and quantitative data, a strong ability to remember details and sequences, and an independent and creative way of thinking, all help me to do my job better. In addition to my day job, I also chair Immersive’s DEI Committee, which focuses on advocacy, education, and safe spaces for all. Many of our DEI events have spotlighted neurodiversity, with both external speakers and panels of Immersers sharing their stories. Get involved While we try our best, we acknowledge that our platform and content will likely pose some obstacles for the neurodivergent community. So, I want to know: Have you encountered any issues? What do you see as something that could be improved? If you see an issue or bug on the platform, you can post in our community Help Forum or contact our Customer Support team. They’ll investigate and get back to you with any feedback or resolution. If you’d like to give more general feedback on your experience of Immersive as (or on behalf of) a neurodivergent individual and have suggestions for improvements, please fill out this survey. I’ll compile this feedback and present it to relevant teams who may use it for feature prioritisation. As a thank you, we’ll provide a £10 (or local currency equivalent) eGift Card for all correctly completed surveys (limited to one per person). In a world that may not have been designed for them, neurodivergent individuals are forging paths in industries such as cybersecurity. Immersive wants to make sure that they’re not only heard and included, but have all the skills and opportunities to lead the way and Be Ready.
Did anyone actually win anything from the Human Connection Challenge?
It's been quite a while since the challenge ended, and still no official announcement about the winners. There was no live prize draw, and it feels like the whole thing just silently wrapped up. Don’t get me wrong, I’m not mad about not winning a major prize or anything. But it seems like nobody won anything ? I haven’t seen a single post from anyone saying “thank you” or mentioning they received something. That’s... odd, right? If you won a PS5, headphones, or any of the big prizes, please let us know. I’ll honestly be happy if I’m wrong and people did get rewarded. 😊 Just curious if there were actual winnersModern Encryption: Demonstrate your skills
I am in the final lab of this collection and the step 3 I need to encrypt the file using aes 256 encryption using the following command and similar other commands I am using for setup 4 & 5 however the commands execute succesfully and a encrypted file is generated however a key file is not generated to decrypt the remaining for encrypted file to complete the lab. I need the help to solve this lab and get the badge. step 3- openssl enc -aes-256-cbc -a -pbkdf2 -nosalt -in plaintext_1.txt -out plaintext_1.enc step 4- Encrypt a file using RC4 openssl enc -rc4 -d -pbkdf2 -nosalt -in plaintext_2.txt -out plaintext_2.enc step 5- Encrypt a file using RC4 openssl enc --des-ede3-cbc -d -pbkdf2 -nosalt -in plaintext_3.txt -out plaintext_3.encFoundational Static Analysis: API Analysis
Hi all, I'm stuck in this part, where using Ghidra, I have to find where the Windows API GetModuleHandleA is used, in the binary called exercise_two.exe, and once located, find the parameter of this function. Taking a look about GetModuleHandleA, there's no references or calls to API in any part of the code. Also tried to look for references to GetProcAddress or LoadLibrary and nothing. Am doing something wrong? Any idea to find the "parameter" of the function that calls to the API?. Is the only question from this part remaining... Thanks and regards.
CVE-2024-3094 (XZ Utils Supply Chain Backdoor)
This training was a deep dive into supply chain attacks, focusing on how attackers compromise third-party libraries to infiltrate systems. 🌳 ROOT: The Core Lesson 🔹 Your code is only as secure as its weakest dependency. 🔹 Attackers don’t always target your app—they infect the libraries and tools you trust. 🔹 A single update from upstream can spread malware downstream into thousands of systems. 🌲 BRANCHES: Key Takeaways 1️⃣ Trunk: The Major Incidents (Real-World Cases) 📌 Log4j (CVE-2021-44228) – A simple logging library led to RCE attacks on millions of apps. 📌 XZ Utils Backdoor (CVE-2024-3094) – Attackers planted a hidden SSH backdoor inside a widely used Linux tool. 📌 SolarWinds Attack – A trusted software update infected top enterprises & governments. 2️⃣ Branches: How These Attacks Work? 🌿 Compromised Upstream – Hackers inject malicious code into open-source projects. 🌿 Silent Propagation – CI/CD pipelines & OS distros auto-fetch infected updates. 🌿 Exploitation in Production – The attacker gains remote access, RCE, or data leaks. 3️⃣ Leaves: Defensive Actions You Must Take! 🍃 Pin Dependencies – Use fixed versions instead of "latest". 🍃 Verify Integrity – Check hashes, signatures, and changelogs before updating. 🍃 Scan Your Stack – Use SCA tools like Dependabot, Trivy, or Snyk. 🍃 Restrict CI/CD Auto-Updates – Require manual reviews for third-party updates. 🍃 Monitor for Compromise – Set alerts for vulnerable dependencies. 🌟 TOP OF THE TREE: The Final Takeaway Supply chain security is not an option—it's a necessity! If upstream is compromised, everything downstream is at risk. Never blindly trust software updates—always verify before deploying. Your security is only as strong as the weakest library you import! Be proactive, not reactive—because the next Log4j or XZ Backdoor could already be in your pipeline!
