Unlock the Complexities of Reverse Engineering with Immersive Labs
In the intricate landscape of cybersecurity, the ability to [...]
Smarter Cyber Recruiting Starts with a Skills-First Approach
Finding the right security talent is easier said than [...]
Don’t Revert to Type: Five Key Benefits of Continuous Cyber Exercising
Even the most skilled cyber professionals can be susceptible to [...]
Potent Preparation is Critical for Effective Cyber Response
A skilled and proficient technical cyber defense team is a [...]
Enhancing Cybersecurity Governance: The 3 Expected SEC Requirements for Board-Level Expertise
In an era of escalating cyber threats, organizations are [...]
Getting More Out of Cyber Exercising, from Techs to Execs
It’s not optional; organizations must prioritize building resilience to [...]
The Unforgotten: How Yesterday’s Vulnerabilities Shape Today’s Cyber Risks
Defenders – as human beings – tend to focus [...]
AI is here. What Does it Mean for Your Workforce?
For anyone reading the latest news, one thing is [...]
One Strategy to Overcome App and CloudSec Developer Challenges
In today's rapidly evolving digital landscape, the reliance on [...]
3 Strategies for Improved Cyber Recruitment and Career Development
As technology advances and cyber threats become more sophisticated, the [...]
The Power of Benchmarking: Enhancing Crisis Response
During a recent initiative, we asked several Immersive Labs’ [...]
Do You Know How Cyber Resilient Your Organization Is?
In today’s complex threat landscape, organizations face the daunting [...]
How a Safety-First Cybersecurity Event at Citi Dublin Drove Inclusion
The Global Cyber Security Forum says that 72% of [...]
Embrace Generative AI to Strengthen Cybersecurity
Generative AI is set to transform industries, roles, and [...]
Realizing the Full Potential of Drill Mode in Crisis Simulator
Unless you’ve been living under a rock for the last [...]
Using Custom Crisis Simulations to “Avoid an Asteroid”
In the world of cyber crisis preparedness, organizations are [...]
Concerns Mount as Senior Risk Leaders Deem Current Cyber Resilience Programs Ineffective
In an era of escalating cyberattacks and an ever-evolving [...]
Why Even the Best Tech Stack Isn’t Enough to Ensure Cyber Resilience
Cybersecurity spending is ever-increasing. Gartner estimated that cybersecurity spending [...]
Breaking Barriers, Building Careers. Join our Movement to Revolutionize Cyber Hiring
When the team and I first launched Immersive Labs, [...]
4 Strategies for Building Resilience against Emerging Threats
With cyber attacks on the rise, organizations face increasing [...]
Accelerate Your Cybersecurity Career With These 5 Cybersecurity Labs
As cyber threats continue to evolve in sophistication, the [...]
3 Ways Real-World Exercising Boosts Speed and Quality of Response to Cyber Threats
In today's hyper-connected world, organizations face a continuous battle [...]
On the Road to Inclusivity with A11yCon – An Accessibility Conference at Immersive Labs
One of the biggest draws for me when applying [...]
Is Continuous Cyber Exercising Even Possible?
Are you tired of the same old cybersecurity training [...]
Think Your Team is Cyber Resilient? It’s Time to Prove It
Data informs nearly every aspect of our day-to-day lives. [...]
Your People are Your Best Protection Against Cyber Threats. Learn how to Prepare Them
Less than one third of leaders believe their organization [...]
Meet Heimdall: The Lightweight Cyber Range Template with Heavyweight features
Cybersecurity threats have become increasingly sophisticated, and detecting and [...]
Preparing for DORA: The EU Regulation Impacting Financial Firms’ Digital Resilience and Cybersecurity
On January 17, 2025, the Digital Operational Resilience Act [...]
Detecting and decrypting Sliver C2 – a threat hunter’s guide
Originating from the Bishop Fox team, Sliver is an [...]
3 Ways Continuous Cyber Skills Exercising Boosts Resilience
72% of cyber leaders agree that the threat landscape [...]
Cyber Attacks are Unavoidable. 5 Tips to Help Prepare for the Next One
Cyber attacks will cost the world $10.5 trillion USD annually [...]
Want to Increase Cyber Resilience? Avoid These 5 Common Pitfalls
As the tactics cybercriminals use become more complex, so [...]
Top 10 AWS Attacker Techniques 2023
Amazon Web Services (AWS) is the most popular cloud [...]
Cybersecurity Training Companies are Failing Their Customers
Organizations are wasting their money on cybersecurity training. This may [...]
Exposing the Human Element in a Ransomware Attack
I never really thought about just how exposed the person-in-the-middle [...]
5 Challenges That Complicate Shifting Left Application Security and How to Overcome Them
Over 81% of developers knowingly ship vulnerable code regularly. This [...]
Why Does My Msfvenom-Generated Shellcode Fail at Fnstenv?
Both attackers and researchers often use msfvenom to generate shellcode. [...]
Unlocking Potential: Why You Should Adopt An Agile Mindset
Agile is one of the most common buzzwords used to [...]
How to Build a Positive Cybersecurity Culture in 3 Steps
Cybersecurity professionals. Administrative assistants. Engineers. HR professionals. Managing directors. [...]
Not a Developer? Why You Should Still Care About Git Security
Git, a version control system, is one of the [...]
Your People are Vital to Cyber Threat Defense. 3 Ways to Prepare Them
Cyber attacks are on the rise, threatening infrastructure, supply [...]
Why Traditional Application Security Training Approaches Fail
Application security (AppSec) vulnerabilities are increasing rapidly. According to [...]
3 Reasons Cybersecurity Certifications and Training Demand Disruption
There’s no shortage of cybersecurity training or certifications for [...]
3 Tips to Protect Against Cybersecurity Vulnerabilities This Holiday Season
This year, retailers are anticipating a high volume of [...]
Cyber Threats are Increasing. Can Your Team Stop the Next Attack?
How to prove cyber resilience Throwing money at cybersecurity [...]
Can You Trust Single Sign-On? A Novel Technique for Stealing Credentials
Can You Trust Single Sign-On? A Novel Technique for [...]
Logging in AWS – A Journey of Discovery
Logging in AWS – a journey of discovery Logging [...]
8 Tips for Becoming an Application Security Pro
Writing good quality code is not enough to improve [...]
We discovered major vulnerabilities in Control Web Panel. Here’s how we found them.
Overview Earlier this year, researchers at Immersive Labs responsibly [...]
What it takes to get developers engaged with security
Okay, so we all know developers are great problem solvers. Every day they harness this superpower of turning ideas into reality. However, with great power comes even greater responsibility. That means ensuring they create secure applications can be more important than making sure they deliver that exciting new feature on time.
Closing the cybersecurity talent gap
Cybersecurity talent acquisition and retention is one of the biggest challenges security executives face in 2022. The need for skilled cybersecurity resources is ever-increasing, so competition for experienced cybersecurity pros is fierce. Meanwhile, the unpredictable and unrelenting nature of cybersecurity often leads to burnout and employee turnover issues.
Test Your Response to Real-Life Cyber Attacks with our New Scenario Templates
Immersive Labs’ Crisis Sim customers can easily create bespoke scenarios using our new template range.
Sounding the alarm: how high-profile threats influence learning behaviors
In a previous post, we highlighted how the development [...]
Beyond patching: the value of human expertise in threat mitigation
One of the things that makes enterprise security so challenging [...]
Government Organizations are Relentlessly Targeted for Attacks: A New Approach to Cyber Threat Response is Needed
“Government organisations are routinely and relentlessly targeted [for cybersecurity [...]
One-Day at a Time: From security advisory to functional exploit
When hearing the term “exploit development”, your first instinct may be to recoil in horror, recalling news stories of nefarious hackers breaking into systems and stealing from the innocent. However, just as a lock pick can aid both a thief and a locksmith, exploit development is a skill that can be used for both ethical and unethical purposes.
Is Your Org Doing Enough to Prevent a Cybersecurity Breach? (Our research says ‘maybe not’!)
In our latest blog post, learn the human capabilities needed to respond, contain, and recover from the inevitable subset of cybersecurity breach attempts that succeed.
Hertzbleed: The new CPU vulnerability in a nutshell
In Q3 2021, a team of researchers reported a new [...]
Patch Newsday June – No new active threats but warnings for SharePoint users, incoming Autopatch rollout, Follina zero-day fixed
A fairly quiet Patch Tuesday this month but still [...]
Immersive Labs is bringing a cyber crisis to Infosecurity Europe
Join us at Infosecurity Europe on June 21–23 to play [...]
Immersive Labs is bringing McLaren racing to Infosecurity Europe.
Join us at Infosecurity Europe on June 21–23 to play [...]
Immersive Labs is bringing drama to Infosecurity Europe.
Join us at Infosecurity Europe on June 21–23 to [...]
The Psychology of Building a Resilient Cybersecurity Team
Resilience is important in any workplace. It’s been a [...]
How to define and execute an engineering strategy
Most start-ups invest significant time and energy in defining [...]
Patch Newsday May – NTLM relays, RDP again and the ongoing specter of Print Spooler
Security admins need to watch out for several vulnerabilities in [...]
How we connect across the globe in sales
I joined Immersive Labs’ revenue operations team in February [...]
Flexible working: at home, visiting friends, working holiday, and the office!
What was flexible working like before the pandemic? [James] Flexible working [...]
Spring4Shell: Java vulnerabilities bounce back into the headlines
In late March 2022, a security researcher accidentally disclosed [...]
Day in the life of Charlotte, Crisis Sim Content Specialist
It’s Monday morning in the Crisis Sim Content team at [...]
International Women’s Day: break the bias
On Tuesday March 8, Immersive Labs, along with countless other [...]
My career story: 18 months at Immersive Labs. What a ride!
Ain't no mountain high enough I only ever wanted [...]
A day in the life of Evander Pierre, Web Developer
Starting a new job remotely is pretty much the [...]
Parental Leave Adventures in a Campervan
Hi, I’m James. I look after our Talent Acquisition [...]
McLaren’s vision for optimizing its cyber workforce with Immersive Labs
We caught up with Ed Green, Head of Commercial Technology at McLaren, to discover his vision for optimizing the cyber workforce of the entire business.
Patch Newsday: Wild CVEs & CISA Directives
Kev Breen shares his thoughts on November's Patch Tuesday!
A day in the life of Rob, Product Designer
The start of XD Day Hello! I’m Rob Pezet, [...]
Patch Newsday: 12 October 2021 – Spooky Spooler and Sinister Scores
Kev Breen, Director of Cyber Threat Research, weighs in with his thoughts on this month's Patch Tuesday.
Building cyber resilience for the Financial Services sector with breadth and at scale
Today, we are proud to announce an initiative with the […]
Patch Newsday: 14 September 2021 – Lousy Browsers and Arsey RCEs
Kev Breen, Director of Cyber Threat Research, weighs in with his thoughts on this month's Patch Tuesday.
Analyzing the CVE-2021-40444 exploit
CVE-2021-40444 On the 7th of September 2021, Microsoft announced [...]
Take the power back: Tool-up against a notorious global threat group with our new FIN7 series
Earlier this year, a hacker found guilty for his ‘high-level’ involvement in a series of financially motivated cyberattacks received a ten-year jail sentence in Seattle.
Patch Newsday 10 August: Ironic exploitation and the spectre of PrintNightmare
Kev Breen, Director of Cyber Threat Research, weighs in with his thoughts on this month's Patch Tuesday.
Disclosure Dilemmas: Vulnerable Stalkerware
Our Director of Cyber Threat Research, Kev Breen, recently discovered […]
When Less Isn’t More: A Deep Dive into Exploiting the Less.js RCE
AppSec Engineers, Mat Rollings and Will Roberts, explore an RCE vulnerability in Less.js.
Patch Newsday – 13 July 2021
Kev Breen, Director of Cyber Threat Research, weighs in with his thoughts on this month's Patch Tuesday.
An investment into the cyber skilled workforce of the future
Immersive Labs is today announcing a Series C investment of $75m with Insight Partners, Menlo Ventures, Citi Ventures and existing investor Goldman Sachs. James Hadley, CEO and Founder, shares his plans for the future of the platform.
Patch Newsday – 8 June 2021
What comes after Patch Tuesday? Patch Newsday of course! Check out the biggest and baddest vulnerabilities from June 2021 Patch Tuesday here.
Welcome to the DarkSide: where IT and OT Collide
DarkSide's Colonial strike proved that attacks on IT can easily bleed into operations – and this will only encourage onlooking hackers.
Frustrations of an AppSec Engineer Part 1: Collaboration, Collaboration, Collaboration
In collaboration with Osterman Research, we recently embarked on a […]
It makes you WannaCry: Anti-Ransomware Day 2021
For Anti-Ransomware Day, we caught up with Kev Breen to find out what you need to know about ransomware in 2021.
Patch Newsday: May 11, 2021
It’s Patch Newsday! As always, we caught up with Kev Breen, Director of Cyber Threat Research here at Immersive Labs, to uncover all the best bits from this month’s Patch Tuesday.
It’s not all CorrectHorseBatteryStaple: How to power up your passwords in 2021
For World Password Day 2021, Kev Breen, our Director of Cyber Threat Research, weighs in with his advice on keeping your passwords safe.
Wagtail XSS + LocalStorage = Account Hijack
Kev Breen, Director of Cyber Threat Research, loves a bit of bug hunting. Here's what he's found this time...
Neurodiversity is my superpower!
Those hot pandemic looks! 2020 didn’t bring much positivity [...]
Interdependence and teamwork: managing crises effectively
When every decision impacts the next, it's crucial that crisis management teams are prepared to respond in tandem.
Play along with our new crisis scenario – Insider Threat: Pharma Drama!
Join one of our upcoming webinars to play through our exciting new pharma crisis scenario.
SaltStack: further injection vulnerabilities
The fix for CVE-2020-28243 in SaltStack may have prevented command injection – but it wasn't enough.
Hands-on with Hafnium: Proxylogon evolves
Hafnium has been exploiting four zero-day vulnerabilities in Microsoft Exchange, depositing tools that would enable threat actors to gain remote access to victim systems following initial access.
Patch Newsday: March 10, 2021
Kev Breen, Director of Cyber Threat Research here at Immersive Labs, shares his thoughts on this month's Patch Tuesday.
Introducing your vehicle’s nervous system, CANBus
The Controller Area Network (CAN) of a vehicle can be […]
International Women’s Day 2021: Choose to Challenge
In honor of International Women's Day 2021, we caught up with Debbie Tunstall, Account Director here at Immersive Labs.
The People of InfoSec on the People of InfoSec
In collaboration with Dan Raywood, we've been catching up with the people of InfoSec to find out what makes them tick. This is the first blog in our #CyberHumans series.
One-day exploit party with SaltStack
Here at Immersive Labs, we love to get exploits and […]
Why so salty? Local privilege escalation on SaltStack minions
Mat Rollings, Vulnerable App Developer at Immersive Labs, has uncovered a command injection vulnerability in SaltStack's Salt programme.
Diverse organizations build high-performing crisis response teams. Here’s how.
Global diversity is having a moment – and rightly so. […]
Being out in the workplace: Why being open matters
As part of LGBT+ History Month in the UK, we're catching up with Paul Thomas, Engineering Manager, to find out why being open matters.
The digitalization of kidnap and extortion: a modern business dilemma
Cyberextortion is now rife online – but where did it all begin? And what, if anything, can we learn from physical extortion cases?
Patch Newsday: February 9, 2021
Kev Breen, Director of Cyber Threat Research here at Immersive Labs, shares his thoughts on this month's Patch Tuesday.
The Time to Make History is Now
As part of our Life at Immersive Labs series, we catch up with Steph McCrary, Sales Development Representative, to discover just what Black History Month means to her - and why we should be celebrating it every month.
Facebook probably knows you better than you do – should you be worried?
In the first week of 2021, messaging giant WhatsApp announced […]
Cyber Crisis Simulator: Weathering the storm: public vs private crises
You can’t always anticipate a data breach. What do you do when the unexpected happens at a high-security organization? What if national secrets are now in the hands of your adversaries?
Introduction to Static Code Analysis for Reverse Engineering
Immersive Labs Announces New Series for Incident Responders and Threat [...]
Cyberattacks are hammering businesses and public sector organizations – but when is it really a crisis?
Before dipping your toes into the considerable waters of cyber crises, you should first understand what a crisis is more broadly. That might sound elementary – it’s just a bad situation right? – but the definition runs deeper than you might think.
Immersive Labs is officially one of the best places to work in Boston!
We knew it already, but now it’s official: Immersive Labs […]
Cyber Crisis Simulator: ransomware cripples major energy supplier – live it and learn
Immersive Labs’ Cyber Crisis Simulator is an online solution that drops defenders and decision makers into real-time cyber crises. The system challenges teams to make critical decisions when dealing with emerging incidents such as ransomware outbreaks, insider threats, data breaches, and spear-phishing attacks.
When the sun bursts: responding to global cyber events
The US government was recently hit by a severe [...]
Feel the heat of SUNBURST with Immersive Labs (so your business won’t have to)
The US government was recently hit by a severe [...]
The Psychology of Cyber: How to build cognitive agility with micro-drilling
This is the third post in a series by psychologist [...]
The Psychology of Cyber: How to build cognitive agility with micro-drilling
This is the third post in a series by [...]
What is AppSec, and why do you need it?
People often assume that AppSec focuses solely on the security involved in an app or service’s development – but this isn't the case.
Halloween: can you solve the murder mystery in our new series?
It's the spookiest time of the year, so naturally we've got free labs to get you ready for Halloween!
Upcoming Anatomy of a Hack: Hands-on Red Teaming with the “Zerologon” Vulnerability
Randy Franklin Smith of Ultimate Windows Security will discuss the details around the vulnerability, how it works, and what’s at risk. Not only that but our own Director of Cyber Threat Research, Kev Breen, will be totally hands-on and demonstrate how to use this attack in red teaming using the Immersive Labs platform.
Research: Can you build spyware for a Fitbit?
Kev Breen, Director of Cyber Threat Research at Immersive Labs, recently conducted research into the Fitbit app store. This is what he found.
The more the merrier: four ways to build a more diverse cybersecurity team
The cybersecurity landscape is, traditionally, not very diverse. There. We […]
Guest Blog: The Stress and Joy of Security Jobs
Guest blog by Phil Venables, CISO at Goldman Sachs. Originally appeared on the Risk & Cybersecurity: Thoughts from the Field blog.
Five steps every business should implement before ransomware strikes
Ransomware affected half of all businesses last year, and this […]
A sign we’re on the right Track
Immersive Labs is delighted to feature in Tech Track's 10 Ones to Watch. Our CEO James Hadley shares his thoughts.
The key element in your cybersecurity strategy isn’t process, tech or data – it’s people
Anyone who has formulated an organizational plan knows that [...]
If your cyber training isn’t gamified, it isn’t right
The evolving cyber field needs people who develop their skills continually, and you can encourage this by making learning fun.
InfoSec MythBusters: quelling common misconceptions
The folklore genre of mythology consists of narratives that play […]
CREST cancellations expose a wider problem with perception of cyber skills
A version of this appeared on Infosecurity magazine The suspension […]
The five types of insider threats – and how to tackle them
In light of Anthony Levandowski's sentencing, we take a look at the five types of insider threats – and how you can tackle them in your own organization.
Osterman Research Part 3: Learn and Adapt
We recently released one of the few definitive reports on cyber crisis preparedness. Compiled alongside Ostermann Research, it taps into the collective consciousness of around 400 CISOs and senior security leaders at organizations with more than 500 employees.
Osterman Research Part 2: The human element
We recently released one of the few definitive reports on cyber crisis preparedness. Compiled alongside Ostermann Research, it taps into the collective consciousness of around 400 CISOs and senior security leaders at organizations with more than 500 employees.
Osterman Research Part 1: Out of sync with the threat landscape
Today, we released one of the few definitive reports on cyber crisis preparedness. Compiled alongside Ostermann Research, it taps into the collective consciousness of around 400 CISOs and senior security leaders at organizations with more than 500 employees.
Cyber preparedness lessons from the trenches
The following piece comes from a discussion with a senior security practitioner at a large global brand hit by a major cyberattack. As media, regulators and commentators scrutinized every move, its cyber crisis response played out in real time in front of a global audience. The interviewee agreed to share their story in the hope it would help shape other companies’ responses to such situations.
Build capabilities, not just plans
After taking part in the launch of the Cyber Crisis Simulator, Phil Venables of Goldman Sachs shares his thoughts on why incident response should focus on human capabilities – not on playbooks.
Hacking in Hollywood: our experts review
Hollywood loves a good hacking scene. Supercomputers, neon strings of […]
Less stress, more success: how psychological safety affects your team’s performance
Mental health has weighed on our minds for as long […]
What does it take to keep young hackers on the right path?
Everyone remembers being a teenager and having to choose between […]
From Mitigation To Exploitation
At the end of a long week hunting threats and creating labs, Director of Cyber Threat Research, Kev Breen, was looking forward to a quiet weekend. But these things always seem to happen on a Friday afternoon, don’t they?
Powering Cyber Skills with KPMG
In a week-long online competition, a collaborative effort between KPMG New Zealand and Immersive Labs, 400 people from 169 NZ organizations pitted their skills against each other through their browsers on 750-plus knowledge based capture-the-flag style challenges.
The Evolution of Ransomware
Over the last few decades, the concept of malware has [...]
Can you really evidence human cyber readiness?
One of the biggest problems in cybersecurity today is [...]
New vulnerability in popular Android banker Anubis reported to authorities
Recording the new Immersive Labs podcast gives us a chance to […]
Sign in with Apple vulnerability: lessons to learn
Sean Wright, Lead Application Security SME at Immersive Labs, takes a look at the lessons to be learned in Apple's near miss...
When is a security vulnerability not a vulnerability?
Having taken a look at CVE-2020-19781, our very own Director of Cyber Threat Research, Kev Breen, got to thinking: when is a security vulnerability not a vulnerability?
What are red teams and which human traits help them succeed?
Enterprises now handle so much information in such varied [...]
CISSP now equivalent to a master’s – but what are they really worth?
The Certified Information Systems Security Professional (CISSP) certification is [...]
It’s been three years since WannaCry, so we asked our experts – where were you?
Three years ago this week, WannaCry shook the world. The [...]
