Top 10 AWS Attacker Techniques 2023
Amazon Web Services (AWS) is the most popular cloud [...]
Cybersecurity Training Companies are Failing Their Customers
Organizations are wasting their money on cybersecurity training. This may [...]
Exposing the Human Element in a Ransomware Attack
I never really thought about just how exposed the person-in-the-middle [...]
5 Challenges That Complicate Shifting Left Application Security and How to Overcome Them
Over 81% of developers knowingly ship vulnerable code regularly. This [...]
Why Does My Msfvenom-Generated Shellcode Fail at Fnstenv?
Both attackers and researchers often use msfvenom to generate shellcode. [...]
Unlocking Potential: Why You Should Adopt An Agile Mindset
Agile is one of the most common buzzwords used to [...]
How to Build a Positive Cybersecurity Culture in 3 Steps
Cybersecurity professionals. Administrative assistants. Engineers. HR professionals. Managing directors. [...]
Not a Developer? Why You Should Still Care About Git Security
Git, a version control system, is one of the [...]
Your People are Vital to Cyber Threat Defense. 3 Ways to Prepare Them
Cyber attacks are on the rise, threatening infrastructure, supply [...]
Why Traditional Application Security Training Approaches Fail
Application security (AppSec) vulnerabilities are increasing rapidly. According to [...]
3 Reasons Cybersecurity Certifications and Training Demand Disruption
There’s no shortage of cybersecurity training or certifications for [...]
3 Tips to Protect Against Cybersecurity Vulnerabilities This Holiday Season
This year, retailers are anticipating a high volume of [...]
Cyber Threats are Increasing. Can Your Team Stop the Next Attack?
How to prove cyber resilience Throwing money at cybersecurity [...]
Can You Trust Single Sign-On? A Novel Technique for Stealing Credentials
Can You Trust Single Sign-On? A Novel Technique for [...]
Logging in AWS – A Journey of Discovery
Logging in AWS – a journey of discovery Logging [...]
8 Tips for Becoming an Application Security Pro
Writing good quality code is not enough to improve [...]
We discovered major vulnerabilities in Control Web Panel. Here’s how we found them.
Overview Earlier this year, researchers at Immersive Labs responsibly [...]
What it takes to get developers engaged with security
Okay, so we all know developers are great problem solvers. Every day they harness this superpower of turning ideas into reality. However, with great power comes even greater responsibility. That means ensuring they create secure applications can be more important than making sure they deliver that exciting new feature on time.
Closing the cybersecurity talent gap
Cybersecurity talent acquisition and retention is one of the biggest challenges security executives face in 2022. The need for skilled cybersecurity resources is ever-increasing, so competition for experienced cybersecurity pros is fierce. Meanwhile, the unpredictable and unrelenting nature of cybersecurity often leads to burnout and employee turnover issues.
Test Your Response to Real-Life Cyber Attacks with our New Scenario Templates
Immersive Labs’ Crisis Sim customers can easily create bespoke scenarios using our new template range.
Sounding the alarm: how high-profile threats influence learning behaviors
In a previous post, we highlighted how the development [...]
Beyond patching: the value of human expertise in threat mitigation
One of the things that makes enterprise security so challenging [...]
Government Organizations are Relentlessly Targeted for Attacks: A New Approach to Cyber Threat Response is Needed
“Government organisations are routinely and relentlessly targeted [for cybersecurity [...]
One-Day at a Time: From security advisory to functional exploit
When hearing the term “exploit development”, your first instinct may be to recoil in horror, recalling news stories of nefarious hackers breaking into systems and stealing from the innocent. However, just as a lock pick can aid both a thief and a locksmith, exploit development is a skill that can be used for both ethical and unethical purposes.
Is Your Org Doing Enough to Prevent a Cybersecurity Breach? (Our research says ‘maybe not’!)
In our latest blog post, learn the human capabilities needed to respond, contain, and recover from the inevitable subset of cybersecurity breach attempts that succeed.
Hertzbleed: The new CPU vulnerability in a nutshell
In Q3 2021, a team of researchers reported a new [...]
Patch Newsday June – No new active threats but warnings for SharePoint users, incoming Autopatch rollout, Follina zero-day fixed
A fairly quiet Patch Tuesday this month but still [...]
Immersive Labs is bringing a cyber crisis to Infosecurity Europe
Join us at Infosecurity Europe on June 21–23 to play [...]
Immersive Labs is bringing McLaren racing to Infosecurity Europe.
Join us at Infosecurity Europe on June 21–23 to play [...]
Immersive Labs is bringing drama to Infosecurity Europe.
Join us at Infosecurity Europe on June 21–23 to [...]
The Psychology of Building a Resilient Cybersecurity Team
Resilience is important in any workplace. It’s been a [...]
How to define and execute an engineering strategy
Most start-ups invest significant time and energy in defining [...]
Patch Newsday May – NTLM relays, RDP again and the ongoing specter of Print Spooler
Security admins need to watch out for several vulnerabilities in [...]
How we connect across the globe in sales
I joined Immersive Labs’ revenue operations team in February [...]
Flexible working: at home, visiting friends, working holiday, and the office!
What was flexible working like before the pandemic? [James] Flexible working [...]
Spring4Shell: Java vulnerabilities bounce back into the headlines
In late March 2022, a security researcher accidentally disclosed [...]
Day in the life of Charlotte, Crisis Sim Content Specialist
It’s Monday morning in the Crisis Sim Content team at [...]
International Women’s Day: break the bias
On Tuesday March 8, Immersive Labs, along with countless other [...]
My career story: 18 months at Immersive Labs. What a ride!
Ain't no mountain high enough I only ever wanted [...]
A day in the life of Evander Pierre, Web Developer
Starting a new job remotely is pretty much the [...]
Parental Leave Adventures in a Campervan
Hi, I’m James. I look after our Talent Acquisition [...]
McLaren’s vision for optimizing its cyber workforce with Immersive Labs
We caught up with Ed Green, Head of Commercial Technology at McLaren, to discover his vision for optimizing the cyber workforce of the entire business.
Patch Newsday: Wild CVEs & CISA Directives
Kev Breen shares his thoughts on November's Patch Tuesday!
A day in the life of Rob, Product Designer
The start of XD Day Hello! I’m Rob Pezet, [...]
Patch Newsday: 12 October 2021 – Spooky Spooler and Sinister Scores
Kev Breen, Director of Cyber Threat Research, weighs in with his thoughts on this month's Patch Tuesday.
Building cyber resilience for the Financial Services sector with breadth and at scale
Today, we are proud to announce an initiative with the […]
Patch Newsday: 14 September 2021 – Lousy Browsers and Arsey RCEs
Kev Breen, Director of Cyber Threat Research, weighs in with his thoughts on this month's Patch Tuesday.
Analyzing the CVE-2021-40444 exploit
CVE-2021-40444 On the 7th of September 2021, Microsoft announced [...]
Take the power back: Tool-up against a notorious global threat group with our new FIN7 series
Earlier this year, a hacker found guilty for his ‘high-level’ involvement in a series of financially motivated cyberattacks received a ten-year jail sentence in Seattle.
Patch Newsday 10 August: Ironic exploitation and the spectre of PrintNightmare
Kev Breen, Director of Cyber Threat Research, weighs in with his thoughts on this month's Patch Tuesday.
Disclosure Dilemmas: Vulnerable Stalkerware
Our Director of Cyber Threat Research, Kev Breen, recently discovered […]
When Less Isn’t More: A Deep Dive into Exploiting the Less.js RCE
AppSec Engineers, Mat Rollings and Will Roberts, explore an RCE vulnerability in Less.js.
Patch Newsday – 13 July 2021
Kev Breen, Director of Cyber Threat Research, weighs in with his thoughts on this month's Patch Tuesday.
Stalkerware 101: Everything you need to know
Our Director of Cyber Threat Research, Kev Breen, recently discovered […]
An investment into the cyber skilled workforce of the future
Immersive Labs is today announcing a Series C investment of $75m with Insight Partners, Menlo Ventures, Citi Ventures and existing investor Goldman Sachs. James Hadley, CEO and Founder, shares his plans for the future of the platform.
Patch Newsday – 8 June 2021
What comes after Patch Tuesday? Patch Newsday of course! Check out the biggest and baddest vulnerabilities from June 2021 Patch Tuesday here.
Welcome to the DarkSide: where IT and OT Collide
DarkSide's Colonial strike proved that attacks on IT can easily bleed into operations – and this will only encourage onlooking hackers.
Frustrations of an AppSec Engineer Part 1: Collaboration, Collaboration, Collaboration
In collaboration with Osterman Research, we recently embarked on a […]
It makes you WannaCry: Anti-Ransomware Day 2021
For Anti-Ransomware Day, we caught up with Kev Breen to find out what you need to know about ransomware in 2021.
Patch Newsday: May 11, 2021
It’s Patch Newsday! As always, we caught up with Kev Breen, Director of Cyber Threat Research here at Immersive Labs, to uncover all the best bits from this month’s Patch Tuesday.
It’s not all CorrectHorseBatteryStaple: How to power up your passwords in 2021
For World Password Day 2021, Kev Breen, our Director of Cyber Threat Research, weighs in with his advice on keeping your passwords safe.
Wagtail XSS + LocalStorage = Account Hijack
Kev Breen, Director of Cyber Threat Research, loves a bit of bug hunting. Here's what he's found this time...
Neurodiversity is my superpower!
Those hot pandemic looks! 2020 didn’t bring much positivity [...]
Interdependence and teamwork: managing crises effectively
When every decision impacts the next, it's crucial that crisis management teams are prepared to respond in tandem.
Play along with our new crisis scenario – Insider Threat: Pharma Drama!
Join one of our upcoming webinars to play through our exciting new pharma crisis scenario.
SaltStack: further injection vulnerabilities
The fix for CVE-2020-28243 in SaltStack may have prevented command injection – but it wasn't enough.
Hands-on with Hafnium: Proxylogon evolves
Hafnium has been exploiting four zero-day vulnerabilities in Microsoft Exchange, depositing tools that would enable threat actors to gain remote access to victim systems following initial access.
Patch Newsday: March 10, 2021
Kev Breen, Director of Cyber Threat Research here at Immersive Labs, shares his thoughts on this month's Patch Tuesday.
Introducing your vehicle’s nervous system, CANBus
The Controller Area Network (CAN) of a vehicle can be […]
International Women’s Day 2021: Choose to Challenge
In honor of International Women's Day 2021, we caught up with Debbie Tunstall, Account Director here at Immersive Labs.
The People of InfoSec on the People of InfoSec
In collaboration with Dan Raywood, we've been catching up with the people of InfoSec to find out what makes them tick. This is the first blog in our #CyberHumans series.
One-day exploit party with SaltStack
Here at Immersive Labs, we love to get exploits and […]
Why so salty? Local privilege escalation on SaltStack minions
Mat Rollings, Vulnerable App Developer at Immersive Labs, has uncovered a command injection vulnerability in SaltStack's Salt programme.
Diverse organizations build high-performing crisis response teams. Here’s how.
Global diversity is having a moment – and rightly so. […]
Being out in the workplace: Why being open matters
As part of LGBT+ History Month in the UK, we're catching up with Paul Thomas, Engineering Manager, to find out why being open matters.
The digitalization of kidnap and extortion: a modern business dilemma
Cyberextortion is now rife online – but where did it all begin? And what, if anything, can we learn from physical extortion cases?
Patch Newsday: February 9, 2021
Kev Breen, Director of Cyber Threat Research here at Immersive Labs, shares his thoughts on this month's Patch Tuesday.
The Time to Make History is Now
As part of our Life at Immersive Labs series, we catch up with Steph McCrary, Sales Development Representative, to discover just what Black History Month means to her - and why we should be celebrating it every month.
Facebook probably knows you better than you do – should you be worried?
In the first week of 2021, messaging giant WhatsApp announced […]
Cyber Crisis Simulator: Weathering the storm: public vs private crises
You can’t always anticipate a data breach. What do you do when the unexpected happens at a high-security organization? What if national secrets are now in the hands of your adversaries?
Introduction to Static Code Analysis for Reverse Engineering
Immersive Labs Announces New Series for Incident Responders and Threat [...]
Cyberattacks are hammering businesses and public sector organizations – but when is it really a crisis?
Before dipping your toes into the considerable waters of cyber crises, you should first understand what a crisis is more broadly. That might sound elementary – it’s just a bad situation right? – but the definition runs deeper than you might think.
Immersive Labs is officially one of the best places to work in Boston!
We knew it already, but now it’s official: Immersive Labs […]
Cyber Crisis Simulator: ransomware cripples major energy supplier – live it and learn
Immersive Labs’ Cyber Crisis Simulator is an online solution that drops defenders and decision makers into real-time cyber crises. The system challenges teams to make critical decisions when dealing with emerging incidents such as ransomware outbreaks, insider threats, data breaches, and spear-phishing attacks.
When the sun bursts: responding to global cyber events
The US government was recently hit by a severe [...]
Feel the heat of SUNBURST with Immersive Labs (so your business won’t have to)
The US government was recently hit by a severe [...]
The Psychology of Cyber: How to build cognitive agility with micro-drilling
This is the third post in a series by psychologist [...]
The Psychology of Cyber: How to build cognitive agility with micro-drilling
This is the third post in a series by [...]
What is AppSec, and why do you need it?
People often assume that AppSec focuses solely on the security involved in an app or service’s development – but this isn't the case.
Halloween: can you solve the murder mystery in our new series?
It's the spookiest time of the year, so naturally we've got free labs to get you ready for Halloween!
Upcoming Anatomy of a Hack: Hands-on Red Teaming with the “Zerologon” Vulnerability
Randy Franklin Smith of Ultimate Windows Security will discuss the details around the vulnerability, how it works, and what’s at risk. Not only that but our own Director of Cyber Threat Research, Kev Breen, will be totally hands-on and demonstrate how to use this attack in red teaming using the Immersive Labs platform.
Research: Can you build spyware for a Fitbit?
Kev Breen, Director of Cyber Threat Research at Immersive Labs, recently conducted research into the Fitbit app store. This is what he found.
The more the merrier: four ways to build a more diverse cybersecurity team
The cybersecurity landscape is, traditionally, not very diverse. There. We […]
Guest Blog: The Stress and Joy of Security Jobs
Guest blog by Phil Venables, CISO at Goldman Sachs. Originally appeared on the Risk & Cybersecurity: Thoughts from the Field blog.
Five steps every business should implement before ransomware strikes
Ransomware affected half of all businesses last year, and this […]
A sign we’re on the right Track
Immersive Labs is delighted to feature in Tech Track's 10 Ones to Watch. Our CEO James Hadley shares his thoughts.
The key element in your cybersecurity strategy isn’t process, tech or data – it’s people
Anyone who has formulated an organizational plan knows that [...]
If your cyber training isn’t gamified, it isn’t right
The evolving cyber field needs people who develop their skills continually, and you can encourage this by making learning fun.
InfoSec MythBusters: quelling common misconceptions
The folklore genre of mythology consists of narratives that play […]
CREST cancellations expose a wider problem with perception of cyber skills
A version of this appeared on Infosecurity magazine The suspension […]
The five types of insider threats – and how to tackle them
In light of Anthony Levandowski's sentencing, we take a look at the five types of insider threats – and how you can tackle them in your own organization.
Osterman Research Part 3: Learn and Adapt
We recently released one of the few definitive reports on cyber crisis preparedness. Compiled alongside Ostermann Research, it taps into the collective consciousness of around 400 CISOs and senior security leaders at organizations with more than 500 employees.
Osterman Research Part 2: The human element
We recently released one of the few definitive reports on cyber crisis preparedness. Compiled alongside Ostermann Research, it taps into the collective consciousness of around 400 CISOs and senior security leaders at organizations with more than 500 employees.
Osterman Research Part 1: Out of sync with the threat landscape
Today, we released one of the few definitive reports on cyber crisis preparedness. Compiled alongside Ostermann Research, it taps into the collective consciousness of around 400 CISOs and senior security leaders at organizations with more than 500 employees.
Cyber preparedness lessons from the trenches
The following piece comes from a discussion with a senior security practitioner at a large global brand hit by a major cyberattack. As media, regulators and commentators scrutinized every move, its cyber crisis response played out in real time in front of a global audience. The interviewee agreed to share their story in the hope it would help shape other companies’ responses to such situations.
Build capabilities, not just plans
After taking part in the launch of the Cyber Crisis Simulator, Phil Venables of Goldman Sachs shares his thoughts on why incident response should focus on human capabilities – not on playbooks.
Hacking in Hollywood: our experts review
Hollywood loves a good hacking scene. Supercomputers, neon strings of […]
Less stress, more success: how psychological safety affects your team’s performance
Mental health has weighed on our minds for as long […]
What does it take to keep young hackers on the right path?
Everyone remembers being a teenager and having to choose between […]
From Mitigation To Exploitation
At the end of a long week hunting threats and creating labs, Director of Cyber Threat Research, Kev Breen, was looking forward to a quiet weekend. But these things always seem to happen on a Friday afternoon, don’t they?
Powering Cyber Skills with KPMG
In a week-long online competition, a collaborative effort between KPMG New Zealand and Immersive Labs, 400 people from 169 NZ organizations pitted their skills against each other through their browsers on 750-plus knowledge based capture-the-flag style challenges.
The Evolution of Ransomware
Over the last few decades, the concept of malware has [...]
Can you really evidence human cyber readiness?
One of the biggest problems in cybersecurity today is [...]
New vulnerability in popular Android banker Anubis reported to authorities
Recording the new Immersive Labs podcast gives us a chance to […]
Sign in with Apple vulnerability: lessons to learn
Sean Wright, Lead Application Security SME at Immersive Labs, takes a look at the lessons to be learned in Apple's near miss...
When is a security vulnerability not a vulnerability?
Having taken a look at CVE-2020-19781, our very own Director of Cyber Threat Research, Kev Breen, got to thinking: when is a security vulnerability not a vulnerability?
What are red teams and which human traits help them succeed?
Enterprises now handle so much information in such varied [...]
CISSP now equivalent to a master’s – but what are they really worth?
The Certified Information Systems Security Professional (CISSP) certification is a [...]
It’s been three years since WannaCry, so we asked our experts – where were you?
Three years ago this week, WannaCry shook the world. The [...]
How to lock onto the hackers targeting SaltStack minions
Hackers are targeting SaltStack systems following security firm F-Secure’s discovery [...]
Hackers are currently attacking vulnerable SaltStack systems – here’s how
The software SaltStack is a commercial, open source management [...]
How the crisis is unveiling the true cost of classroom cyber training
Every year organizations buy overpriced cyber courses that occur in [...]
Threat monitoring with AttackerKB
One of the core values Immersive Labs stands by is [...]
How the current crisis is exposing the pitfalls of classroom cyber training
Covid-19 has forced businesses around the world into remote working, [...]
When a cyberattack hits you need a prepared security team – not certificates
Cybersecurity training has entwined with certification over the years, but [...]
Six ransomware strains that demonstrate attacker innovation
Ransomware attacks happen when threat actors prevent organizations or individuals [...]
CVE-2020-10560 – OSSN Arbitrary File Read
Source: https://www.businessinsider.com/coronavirus-email-scam-covid-19-phishing-false-information-who-cdc-2020-2?r=US&IR=T#check-the-senders-email-domain-and-see-if-it-matches-the-website-of-the-organization-they-say-they-work-for-then-check-the-urls-included-in-the-email-1 Open source platforms, although extremely useful and popular, [...]
Covid-19 Phishing Emails: How to Spot Them
Unfortunately, coronavirus doesn’t seem to be going away any [...]
Defining NICE work roles: Cyber Defense Analyst
In a series of blogs, we’ll be using NIST’s [...]
We need to do more to help our CISOs – here’s why
Chief Information Security Officers (CISOs) currently average just 18 to [...]
Defining NICE work roles: Vulnerability Assessment Analyst
In a series of blogs, we’ll be using NIST’s [...]
Defining NICE work roles: Cyber Crime Investigator
In a series of blogs, we’ll be using NIST’s [...]
Defining NICE work roles: Cyber Defense Forensics Analyst
In a series of blogs, we’ll be using NIST’s [...]
China vs Equifax: A timeline of alleged cyber espionage
On Monday 10th February 2020, the US charged four Chinese [...]
Defining NICE work roles: Cyber Defense Incident Responder
In a series of blogs, we’ll be using NIST’s [...]
Codename Shitrix: attackers scramble to exploit CVE-2019-19781
US-based software firm Citrix last month released an advisory for [...]
RSA Conference 2020
Between 24th and 28th February Immersive Labs is joining cybersecurity [...]
The tech behind the headlines: Iran’s cyber capability explained
Iran’s cyber capabilities have been subject to intense scrutiny in recent years due to the high political tensions within the region.
teissLondon2020: The European Information Security Summit
Between 12th and 13th February the European Information Security Summit [...]
Travelex vs Sodinokibi: A cyber crisis timeline
Travelex recently faced a scenario that every organization dreads: an [...]
Reflecting on… Immersive Focus
Immersive Focus is integral to the growth of Immersive Labs, [...]
Immersive Labs: The best of 2019
We get it. Your inbox is being spammed with [...]
Immersive Labs Unearths Vulnerability in Aviatrix VPN
Aviatrix, an enterprise VPN company with customers including Nasa, [...]
Everyone’s discussing the new Windows UAC vuln – and you can explore it for FREE!
Anyone who’s anyone in security is today discussing CVE-2019-1388, a Windows privilege escalation vulnerability that exists in almost every Windows version from Windows 7 (including server versions).
A tame BlueKeep: Get hands-on with the exploit in our free lab
If you're a security professional, you will no doubt [...]
Measuring the effectiveness of your security tech is easy – but what about your people?
The problem for cybersecurity leaders is not measuring the effectiveness of technology – it is measuring the effectiveness of people.
Why MITRE ATT&CK™ is THE cybersecurity framework in 2019
Security fragmentation is one of the biggest issues facing [...]
Hackers have first-move advantage – that’s why defenders should learn like they do
If threat actors didn’t innovate, we would have already won.
The future of cyber defense is in the hands of entire workforces
Cyber threats are no longer confined to Hollywood movies [...]
Powered by Immersive Labs: Bringing Hiscox’s ‘Crack the Cube’ event to life through gamification
In May Immersive Labs helped Hiscox drum up excitement around […]
The countdown to Black Hat has begun
Black Hat is fast approaching and we’re starting to get [...]
How the ICO’s £183m BA fine should focus businesses on sharpening cyber skills at speed
Between 21 August and 5 September last year, hackers stole […]
US Government looks to boost cyber skills with gamified national contest
As the need for cyber security talent continues to grow […]
Learn how your decisions affect cyber risk in real time
How would you manage the transition of your company’s [...]
What is password spraying and how can you defend against it?
Last month news emerged that Iranian-linked hacker group IRIDIUM [...]
Why developing cyber skills is never game over
If you’ve ever completed a video game you might [...]
Finding hidden cyber talent in your organisation: A recruitment solution
In professional team sports, coaches rarely experiment with every player at their disposal – even when they face an on-field dilemma.
Cyber security talent is expensive – so why not develop your own?
Cyber talent is expensive. In the UK, security analysts [...]
Immersive Labs’ Developer Manager makes Top 30 Women in Software
Immersive Labs is proud to announce that our developer manager, Jaycee Cheong went from tech ambassador to role model last night (08 May 2019), by being included on Makers’ Women in Software Powerlist.
In our on-demand world, why is cyber skills development still so rigid?
The way we learn is changing. Digital solutions that accommodate (and even respond to) individual needs are finally ousting traditional training methods.
“Humans are underrated”: Why AI in cybersecurity isn’t a case of us or them
If you’ve seen even a handful of films on the [...]
Meet us @CYBERUK 2019
Immersive Labs is delighted to be exhibiting at the government’s [...]
RSA 2019 – Highlights
Every year tens of thousands of security enthusiasts swarm [...]
Government report states UK boards must improve cyber awareness – but how remains unclear
Cybersecurity is increasingly making headlines, so why do UK boards still lack awareness?
CompTIA and Immersive Labs issue penetration testing challenge
CompTIA and Immersive Labs are challenging cybersecurity professionals in the US and UK to test their penetration testing skills this month.
Exploiting SS7 to intercept text messages
When did you last use SMS for two-factor authentication [...]
Meet us at Cloud & Cyber Security Expo 2019
Immersive Labs will be exhibiting at the Cloud and Cyber [...]
APT10 – Quasar RAT analysis
Read Ben McCarthy's analysis of Quasar RAT
Why we’re yet to see the full potential of threat intelligence
In the third quarter of 2018 alone, new malware samples [...]
Gamification is the key to making cyber learning addictive
How many times have you endured a dry-as-dust PowerPoint [...]
The rise of financial fraud
Winter is coming – and so is increased cyber fraud [...]