CSM Tip: Are You Immersed In AI? Here's An Idea For You!
Does it seem like lately every meeting, every email in your personal and private life is either about how to leverage AI more and more or let’s be real, created leveraging AI? I say embrace it, be comfortable with it, and have fun with it! How? Recently I hosted a one hour Beat the Bot competition for a large financial company. Oh the fun, oh the silly prompts the team used to Beat The Bot. Did all complete the 10 levels within the hour? No, but we had four that DID before the session ended. Have you held a lunch hour challenge or a Friday afternoon challenge with your team? I CHALLENGE you to try this and let me know your feedback. Oh, and we have amazing content on the AI topic to really meet Immersers wherever they are, check them out as well: Be Ready
CVE-2024-3094 (XZ Utils Supply Chain Backdoor)
This training was a deep dive into supply chain attacks, focusing on how attackers compromise third-party libraries to infiltrate systems. 🌳 ROOT: The Core Lesson 🔹 Your code is only as secure as its weakest dependency. 🔹 Attackers don’t always target your app—they infect the libraries and tools you trust. 🔹 A single update from upstream can spread malware downstream into thousands of systems. 🌲 BRANCHES: Key Takeaways 1️⃣ Trunk: The Major Incidents (Real-World Cases) 📌 Log4j (CVE-2021-44228) – A simple logging library led to RCE attacks on millions of apps. 📌 XZ Utils Backdoor (CVE-2024-3094) – Attackers planted a hidden SSH backdoor inside a widely used Linux tool. 📌 SolarWinds Attack – A trusted software update infected top enterprises & governments. 2️⃣ Branches: How These Attacks Work? 🌿 Compromised Upstream – Hackers inject malicious code into open-source projects. 🌿 Silent Propagation – CI/CD pipelines & OS distros auto-fetch infected updates. 🌿 Exploitation in Production – The attacker gains remote access, RCE, or data leaks. 3️⃣ Leaves: Defensive Actions You Must Take! 🍃 Pin Dependencies – Use fixed versions instead of "latest". 🍃 Verify Integrity – Check hashes, signatures, and changelogs before updating. 🍃 Scan Your Stack – Use SCA tools like Dependabot, Trivy, or Snyk. 🍃 Restrict CI/CD Auto-Updates – Require manual reviews for third-party updates. 🍃 Monitor for Compromise – Set alerts for vulnerable dependencies. 🌟 TOP OF THE TREE: The Final Takeaway Supply chain security is not an option—it's a necessity! If upstream is compromised, everything downstream is at risk. Never blindly trust software updates—always verify before deploying. Your security is only as strong as the weakest library you import! Be proactive, not reactive—because the next Log4j or XZ Backdoor could already be in your pipeline!CSM Tip:Personal MITRE ATT&CK – Did You Know You Can Print Your Entire Chart?
As we start off a very busy 2025m you may be thinking about preparing for your annual review conversation with your manager. Was upskilling a part of your personal goals? Ever wish you could print/view your personal Mitre ATT&CK framework straight from the Immersive platform. Good new, you CAN! In the Chrome browser Cmd + p (or control + p in windows), and adjusting the scale zoom so the whole thing fits on one page, can then get a pdf of full quality *MAC users be sure to go into “More Settings” and check this box (background graphics): Have you printed your personal MITRE ATT&CK chart? If so, how did you use it?Introducing the Human Connection Study Group! 💻🔐
We’re excited to kick off the first ✨ Immersive Study Group ✨ of 2025! This new initiative is all about learning together, tackling one cyber lab each week, chosen by you, our community. It’s your chance to dive into a new subject, tap into the collective knowledge of fellow professionals and enthusiasts, and make meaningful peer connections along the way. Here’s how it works: Vote for the topic: Every week, you’ll have the chance to vote on the lab topic. Complete the lab: The community lab choice will be announced in the forum every Monday. Then it’s over to you to start (and finish) it within the week. Collaborate & Discuss: Join the forum discussion to share your experiences, challenges, top tips while you are completing the lab. Peer-to-peer support is the name of the game! Ready to get started? Click here to cast your vote for the first lab of 2025!Welcome to this week's new members!
Please join me in welcoming all of the new members who joined us this week! PhilTalby TomHills MartinChau JohnQ TobiF SureshKumar AbdelrhamnaAttia rev2k8 pradkum MathewM itskw271 Al13nz karthik518 0xjch PuddyHax It's great to have you all here and we hope that you are enjoying everything that this community has to offer. As a starting point, be sure to check out our getting started guides to help you get the most out of your membership. You might be here for support with labs, or maybe you'd like to put your knowledge to the test? In any case, you may want to check out our brand new Study Group and Human Connection Challenge: Season 1, of which lab 4 of the season will be launching soon, so watch this space!CSM Tip – Annual Review Season Is Here! Remember To Grab Your Personal Reports from the Immersive platform to bring to the conversation.
Annual Review Season Is Here! Remember To Grab Your Personal Reports from the Immersive platform to bring to the conversation. Are you ready to share with your manager the progress you made towards your personal upskill goals? Want to pull reports to share in your year end review? Remember, you can pull several reports to bring to these conversations. Simply head to your profile (Initials) in the upper right of the header, in the dropdown, click settings, select the report tab, select activity report, and voila! Have you done this in the past?CSM Tip:Leverage A Screen Share And Complete A Lab Together (Team Lunch & Learn)
Lately, I have talked with more than a few teams that have taken the concept of mentoring and meeting team members where they are in their up-skilling journey to the next level. How? Sr team members are “taking” a difficult lab with their team and really spending time talking about how they approach the task the way they do, examples from real life that are similar, and other colorful commentary. Feedback from these occasional shared lab sessions is positive. Consult with your team manager and try this approach. What are your thoughts? Have you tried something similar? Share in the comments section below!CSM Tip: Streaks- Because We All Appreciate Self-Motivation Tools
Are you a person that is motivated by goals? Did you know you can configure a weekly personalized streak setting? Have a stretch goal? Consider upping your weekly streak setting and watch your progress really accelerate as you upskill and prepare yourself for your future. Have you changed your streak setting to challenge and motivate yourself? What is your streak setting at and how many weeks have you achieved it? Remember, you can watch your personal streak record build on your Launchpad.CSM Tip: Social Sharing - How To Let Your Network Know What You Are Accomplishing
Did you know the Immersive Labs platform allows for easily sharing out to your social networks what content you are completing on the platform? Tip, if you are not seeing this feature, please head to your profile > settings > and check the following box to allow for easy social sharing! Now you can share the good news on your accomplishments and let others know. Wish you could share past achievements earned before turning this feature on? Well you are in luck, you CAN! Head to your profile > achievements > click on the collection badge you would like to share.CSM Tip: Leverage Your Companies Pioneer Or Last Completed Insight On All Labs
Did you know you can see who at your organization first completed a lab (see below)? This is the Pioneer badge found under the Awards tab on every lab. Additionally, you can see who most recently completed the lab. I see lots of collaboration between users when stumped by a question in a lab by using this awards section and connecting with peers. Have you used this feature?
