CSM Tip:Personal MITRE ATT&CK – Did You Know You Can Print Your Entire Chart?
As we start off a very busy 2025m you may be thinking about preparing for your annual review conversation with your manager. Was upskilling a part of your personal goals? Ever wish you could print/view your personal Mitre ATT&CK framework straight from the Immersive platform. Good new, you CAN! In the Chrome browser Cmd + p (or control + p in windows), and adjusting the scale zoom so the whole thing fits on one page, can then get a pdf of full quality *MAC users be sure to go into “More Settings” and check this box (background graphics): Have you printed your personal MITRE ATT&CK chart? If so, how did you use it?
CSM Tip: Have A Summer Series! Are YOU Taking Advantage Of Summer?
Being the comedian I am, I was going to title this tip “Have Your Own Personal Summer series” but I didn’t want the core message of this idea to get lost in my wacky humor. Working with customers over the years across the globe, I’ve seen a trend. What is that trend? People on the team take their annual holidays to enjoy the weather, spend time with their families when the kids are out of school, spend more time in the fresh air away from screens, etc. Thus, structured programs and large projects wane a little bit as opposed to the fervor that resumes as autumn hits. One of the ways customers overcome this and stick to their personal growth and development plans as well as the broad organizational/department plans is to host “Summer Series”. What is that you say? Well, it is sometimes a large group activity or challenge over the summer (have you checked out the challenge labs in the Exercise section of Immersive?) Or, it’s a weekly/biweekly/monthly “workshop” drop in session that team members can attend (when they are not on their well-earned annual holidays) to learn more on a topic (come on, I KNOW you want to learn more about cutting edge topics like secure coding in the age of integrated LLM in your apps and systems). So, be the voice on your team to suggest this or, like my wacky idea for a tip topic suggests, implement your own Personal Summer series. You will be glad you did.kali linux: killall xfce4-panel
Hi @ all Maybe I am the only one that opens a root terminal on kali linux, pastes "killall xfce4-panel" to get rid of the menu bar at the bottom of the screen. For me it's a waste of screen space, esp. when running in a window. And if you ever wondered how to get rid of it, now you know. How do you deal with it? ncCSM Tip: Immerse Yourself In our Multi-Language Experience!
Did you know you can easily change your Immersive platform experience to a variety of supported languages? We are a global family and many of you are multi-lingual and/or have a primary language preference other than English. This fantastic capability has been available for a while, but I still talk with global teams from time to time that are unaware of this great feature. Simply head up to the top right of the platform and select from the dropdown globe symbol. Have you used this feature? Do you know some peers that may benefit from knowing about this and trying it in another language of their choice?CSM Tip Of The Month: How To Size Text When Accessing VM Labs
Did you know you can increase the font within virtual machines in the more difficult labs? If you are anything like me, I tend to adjust lighting, resolution, and just about anything on my various monitors. However, I have been asked by several customers recently about the font size/resolution in the virtual machines in Immersive. Here is how you can tweak this: In my example below in a lab, open the Kali box and adjust the resolution. Click on the icon (blue) upper left, then go to settings (general) and voila! I tend to do this when using VMs. Let me know if you have done this or will use this going forward.CSM Tip: CPD/CPE Credits Signed Certificate – Yes Please! Did You Know?
Well, well, well. I know many of you look for opportunities to earn CPD/CPE credits that you can submit for your annual renewals with various organizations each year. Did you know, the Immersive platform makes this so easy for you to track, pull, and submit a signed certificate? Have you used this in years past? Simply head to your profile/settings/reports (sound familiar? It is the same area of the platform I have sent you to get reporting on progress and achievements). Be ReadyCSM Tip: Are You Immersed In AI? Here's An Idea For You!
Does it seem like lately every meeting, every email in your personal and private life is either about how to leverage AI more and more or let’s be real, created leveraging AI? I say embrace it, be comfortable with it, and have fun with it! How? Recently I hosted a one hour Beat the Bot competition for a large financial company. Oh the fun, oh the silly prompts the team used to Beat The Bot. Did all complete the 10 levels within the hour? No, but we had four that DID before the session ended. Have you held a lunch hour challenge or a Friday afternoon challenge with your team? I CHALLENGE you to try this and let me know your feedback. Oh, and we have amazing content on the AI topic to really meet Immersers wherever they are, check them out as well: Be Ready
CVE-2024-3094 (XZ Utils Supply Chain Backdoor)
This training was a deep dive into supply chain attacks, focusing on how attackers compromise third-party libraries to infiltrate systems. 🌳 ROOT: The Core Lesson 🔹 Your code is only as secure as its weakest dependency. 🔹 Attackers don’t always target your app—they infect the libraries and tools you trust. 🔹 A single update from upstream can spread malware downstream into thousands of systems. 🌲 BRANCHES: Key Takeaways 1️⃣ Trunk: The Major Incidents (Real-World Cases) 📌 Log4j (CVE-2021-44228) – A simple logging library led to RCE attacks on millions of apps. 📌 XZ Utils Backdoor (CVE-2024-3094) – Attackers planted a hidden SSH backdoor inside a widely used Linux tool. 📌 SolarWinds Attack – A trusted software update infected top enterprises & governments. 2️⃣ Branches: How These Attacks Work? 🌿 Compromised Upstream – Hackers inject malicious code into open-source projects. 🌿 Silent Propagation – CI/CD pipelines & OS distros auto-fetch infected updates. 🌿 Exploitation in Production – The attacker gains remote access, RCE, or data leaks. 3️⃣ Leaves: Defensive Actions You Must Take! 🍃 Pin Dependencies – Use fixed versions instead of "latest". 🍃 Verify Integrity – Check hashes, signatures, and changelogs before updating. 🍃 Scan Your Stack – Use SCA tools like Dependabot, Trivy, or Snyk. 🍃 Restrict CI/CD Auto-Updates – Require manual reviews for third-party updates. 🍃 Monitor for Compromise – Set alerts for vulnerable dependencies. 🌟 TOP OF THE TREE: The Final Takeaway Supply chain security is not an option—it's a necessity! If upstream is compromised, everything downstream is at risk. Never blindly trust software updates—always verify before deploying. Your security is only as strong as the weakest library you import! Be proactive, not reactive—because the next Log4j or XZ Backdoor could already be in your pipeline!
