New CTI/OT Lab: Norwegian Dam Compromise: Campaign Analysis
We have received reports of a cyber incident that occurred at the Lake Risevatnet Dam, near Svelgen, Norway, in April 2025. A threat actor gained unauthorized access to a web-accessible Human-Machine Interface (HMI) and fully opened a water valve at the facility. This resulted in an excess discharge of 497 liters per second above the mandated minimum water flow. Which persisted for four hours before detection. This attack highlights a dangerous reality: critical OT systems are increasingly exposed to the internet, making them accessible to threat actors. In this case, control over a dam’s valve system was obtained via an insecure web interface, a scenario that could have had even more severe consequences. A recent report by Censys identified over 400 exposed web-based interfaces across U.S. water utilities alone. This dam incident in Norway exemplifies the tangible risks posed by such exposures. In this lab, you will be taken through the attack from an offensive viewpoint, including cracking an HMI and fully opening two valves. Why should our customers care? OT environments, including dams, energy grids, and oil pipelines, are foundational to national security and daily life. These systems cannot be secured using traditional IT playbooks. As OT becomes more connected, tailored security strategies are critical to prevent unauthorized access and catastrophic failures. Who is it for? Incident responders SOC analyst Threat Hunters Red Teamer Penetration Testers OT Engineers Here is the link to the lab: https://immersivelabs.online/v2/labs/norwegian-dam-compromise-campaign-analysisBeyond the Gap: Why Neurodivergent Minds Are Cyber's Future
Neurodiversity advocate and my own personal hero, Chris Packham, recently made a series for the BBC titled Inside Our Minds. It focused on giving a voice to neurodivergent individuals by creating short films to explain how their minds work. During the episode on dyslexia, Chris visited GCHQ to discover why dyslexic people were being actively recruited for their pattern recognition and analytical skills. They discussed how a neurodiverse workforce (made up of both neurodivergent and neurotypical individuals) enabled them to solve more complex and wide-ranging problems. In particular, they highlighted how dyslexic people make ideal “analysts for the modern era”: “Their strengths include pattern recognition when dealing with big data, seeing the bigger picture when considering complex future scenarios, and finding solutions to novel and challenging problems.” – Dyslexic thinking skills are mission-critical for protecting the country, gchq.gov.uk. Identifying as neurodivergent The National Cyber Security Centre (NCSC)’s Decrypting Diversity 2021 report stated that 19% of industry professionals identify as neurodivergent – higher than the estimated 10% of the UK population. Neurodivergence encompasses a range of conditions including, but not limited to: Autism Spectrum Disorder (ASD) Dyspraxia Dyslexia Attention Deficit Hyperactivity Disorder (ADHD) Tourette Syndrome Cybersecurity appears to be a well-suited career path for neurodivergent individuals, due to several cognitive strengths that are valued in the field. These include: High attention to detail Pattern recognition The ability to hyperfocus Persistence Creative and innovative thinking With a much-publicised cybersecurity skills gap, are neurodivergent minds the answer to this? Removing barriers to entry in cybersecurity At Immersive, we partner with charities and organisations that support the neurodivergent community with access to our Cyber Million program. The program provides free access to hands-on cyber exercises for anyone over 16 years old, helping them build the necessary skills for a career in cybersecurity and remove barriers to entry. As an organisation, we also have many neurodivergent employees, including myself. Each person brings a unique skill set and perspective to their role. As a user researcher, seeing patterns in both qualitative and quantitative data, a strong ability to remember details and sequences, and an independent and creative way of thinking, all help me to do my job better. In addition to my day job, I also chair Immersive’s DEI Committee, which focuses on advocacy, education, and safe spaces for all. Many of our DEI events have spotlighted neurodiversity, with both external speakers and panels of Immersers sharing their stories. Get involved While we try our best, we acknowledge that our platform and content will likely pose some obstacles for the neurodivergent community. So, I want to know: Have you encountered any issues? What do you see as something that could be improved? If you see an issue or bug on the platform, you can post in our community Help Forum or contact our Customer Support team. They’ll investigate and get back to you with any feedback or resolution. If you’d like to give more general feedback on your experience of Immersive as (or on behalf of) a neurodivergent individual and have suggestions for improvements, please fill out this survey. I’ll compile this feedback and present it to relevant teams who may use it for feature prioritisation. As a thank you, we’ll provide a £10 (or local currency equivalent) eGift Card for all correctly completed surveys (limited to one per person). In a world that may not have been designed for them, neurodivergent individuals are forging paths in industries such as cybersecurity. Immersive wants to make sure that they’re not only heard and included, but have all the skills and opportunities to lead the way and Be Ready.
Did anyone actually win anything from the Human Connection Challenge?
It's been quite a while since the challenge ended, and still no official announcement about the winners. There was no live prize draw, and it feels like the whole thing just silently wrapped up. Don’t get me wrong, I’m not mad about not winning a major prize or anything. But it seems like nobody won anything ? I haven’t seen a single post from anyone saying “thank you” or mentioning they received something. That’s... odd, right? If you won a PS5, headphones, or any of the big prizes, please let us know. I’ll honestly be happy if I’m wrong and people did get rewarded. 😊 Just curious if there were actual winners
Modern Encryption: Demonstrate your skills
I am in the final lab of this collection and the step 3 I need to encrypt the file using aes 256 encryption using the following command and similar other commands I am using for setup 4 & 5 however the commands execute succesfully and a encrypted file is generated however a key file is not generated to decrypt the remaining for encrypted file to complete the lab. I need the help to solve this lab and get the badge. step 3- openssl enc -aes-256-cbc -a -pbkdf2 -nosalt -in plaintext_1.txt -out plaintext_1.enc step 4- Encrypt a file using RC4 openssl enc -rc4 -d -pbkdf2 -nosalt -in plaintext_2.txt -out plaintext_2.enc step 5- Encrypt a file using RC4 openssl enc --des-ede3-cbc -d -pbkdf2 -nosalt -in plaintext_3.txt -out plaintext_3.encFoundational Static Analysis: API Analysis
Hi all, I'm stuck in this part, where using Ghidra, I have to find where the Windows API GetModuleHandleA is used, in the binary called exercise_two.exe, and once located, find the parameter of this function. Taking a look about GetModuleHandleA, there's no references or calls to API in any part of the code. Also tried to look for references to GetProcAddress or LoadLibrary and nothing. Am doing something wrong? Any idea to find the "parameter" of the function that calls to the API?. Is the only question from this part remaining... Thanks and regards.
CVE-2024-3094 (XZ Utils Supply Chain Backdoor)
This training was a deep dive into supply chain attacks, focusing on how attackers compromise third-party libraries to infiltrate systems. 🌳 ROOT: The Core Lesson 🔹 Your code is only as secure as its weakest dependency. 🔹 Attackers don’t always target your app—they infect the libraries and tools you trust. 🔹 A single update from upstream can spread malware downstream into thousands of systems. 🌲 BRANCHES: Key Takeaways 1️⃣ Trunk: The Major Incidents (Real-World Cases) 📌 Log4j (CVE-2021-44228) – A simple logging library led to RCE attacks on millions of apps. 📌 XZ Utils Backdoor (CVE-2024-3094) – Attackers planted a hidden SSH backdoor inside a widely used Linux tool. 📌 SolarWinds Attack – A trusted software update infected top enterprises & governments. 2️⃣ Branches: How These Attacks Work? 🌿 Compromised Upstream – Hackers inject malicious code into open-source projects. 🌿 Silent Propagation – CI/CD pipelines & OS distros auto-fetch infected updates. 🌿 Exploitation in Production – The attacker gains remote access, RCE, or data leaks. 3️⃣ Leaves: Defensive Actions You Must Take! 🍃 Pin Dependencies – Use fixed versions instead of "latest". 🍃 Verify Integrity – Check hashes, signatures, and changelogs before updating. 🍃 Scan Your Stack – Use SCA tools like Dependabot, Trivy, or Snyk. 🍃 Restrict CI/CD Auto-Updates – Require manual reviews for third-party updates. 🍃 Monitor for Compromise – Set alerts for vulnerable dependencies. 🌟 TOP OF THE TREE: The Final Takeaway Supply chain security is not an option—it's a necessity! If upstream is compromised, everything downstream is at risk. Never blindly trust software updates—always verify before deploying. Your security is only as strong as the weakest library you import! Be proactive, not reactive—because the next Log4j or XZ Backdoor could already be in your pipeline!🚨 Calling all CISOs and Program Managers! 🚨
We’re looking to connect with security leaders who are passionate about team readiness and resilience. DaveSpencer and our user researcher PamelaSmith are exploring how organisations exercise and prepare their teams for evolving cyber threats. We’re developing a new cyber drills concept and would love to get your insights and feedback. If you're open to having a brief chat to share how you approach team exercises and provide your perspective on our ideas, your input would be invaluable. 👉 Interested or know someone who might be? Get in touch via email or comment below.Phishing != Security Awareness
Dear IL Community, I wanted to express some thoughts about the challenge that organizations may face if they want to establish a cybersecurity culture, especially when individuals within an organization do not prioritize or care about cybersecurity. From my perspective, one of the main reasons it's tough to get a cybersecurity culture going is that people just don't see the potential consequences of cyber threats. They often don't realize how much of an impact a security breach can have or how important it is for them to protect sensitive information. This lack of interest can create a big vulnerability in an organization's security defenses. Would love to get your view and discuss the following things: How can we make cybersecurity feel relevant to every employee? What innovative approaches have you seen in creating a security-minded culture? Are current training methods truly effective, or do we need a radical rethink? Is it about the missing Leadership commitment? Do we struggle to demonstrate the tangible business impacts of cybersecurity? It would be very appreciated if you can share your thoughts and experiences! All the best - Nermin
