We get it. Your inbox is being spammed with end-of-year lists and, frankly, you just don’t care. But we have something special for you. Something a bit different.

We want to share our best labs of 2019 in one tidy package, as chosen by the experts. These are the ones that really make us tick. The ones that, like a tin of Roses, leave you wanting more long after they’re done. 

So without further ado… 

CVE-2018-20250 (WinRAR)

Chosen by – James Harris, Content Engineer

Because – The WinRAR lab was challenging to produce, and we had to invest a significant amount of time to take it from an online PoC into something we could deliver as a lab. It also required us to look at an area which isn’t covered by many of our labs (CRCs), which makes it novel and interesting.

CVE-2019-14287 (Sudo Exploit)

Chosen by – Joe Crocker, Senior Content Engineer and Will Edwards, Content Engineer

Because – Examining and using an exploit helps us understand how it works and builds our real-world understanding. The detailed instructions and explanations given in the content panels of this lab make it accessible to users with even modest expertise. 

CVE-2019-17387 (Aviatrix VPN Client Privilege Escalation)

Chosen by – Alex Seymour, Content Engineer

Because – This is our first vulnerability disclosure as a result of original internal research – and that’s a big deal.

Psst…This lab is available to try for free on Immersive Labs Lite! Simply register here then navigate to ‘Emerging Threats’. 

SQL Injection – Boolean-Based Blind

Chosen by – Stefan Apostol, Content Engineer

Because – This was the first lab I created after I joined the team; I liked that I was allowed to follow my own path and that it turned out well.

Signalling System No.7 (SS7) Interception

Chosen by – Matthew Parven, Principle Content Engineer

Because – Telecommunications and its associated protocols are an often overlooked area of cyber. The SS7 lab was an enjoyable opportunity to develop a realistic simulated telecommunication network within a lab. The user has to exploit several vulnerabilities that are within the SS7 protocol stack ‘by design’, and intercept an SMS 2FA message to access a victim’s bank account.


Chosen by – Kris Anderson, Principle Content Engineer

Because – Building the Meterpreter lab was fun because I used a technique learnt from another lab and applied it in a new environment. This enforced the benefits of what I had learnt and showed me how it can be used alongside other tools to make more targeted and specific attacks. 

Reverse Engineering with Radare2 – Episode 1

Chosen by – Ben McCarthy, Senior Content Engineer

Because – Teaching people how to use this novel tool while implementing capture-the-flag problems was a lot of fun. The tool is incredibly powerful and touches on many of the hacker colours we have come to love.

CVE-2019-14271 (Docker cp)

Chosen by – Nikhil Mohanlal, Content Engineer

Because – It was challenging to learn this stuff and really understand it, but it’s a lab I’m proud of because, where I would normally give up, my team were persistent in helping me complete it. 

XWD Screen Capture

Chosen by – Jaimi Anderson, Content Engineer

Because – This was the first practical lab I built and to this day I’m proud of how it came out. It was a great challenge and despite a few kinks that need to be ironed out, it’s one of the labs I always recommend.

Check Out Immersive Labs in the News.


December 17, 2019


Free Labs


Immersive Labs