Offensive Labs
Immersive Labs contains hundreds of cyber skill experiences and content for red teams, penetration testers and ethical hackers. And we’re always adding more powered by the very latest threat intelligence.
Skill paths
to rapidly tool up teams
Our hands-on labs and challenges can be instantly accessed from a browser. They are designed to move teams and individuals through a four phase process to power up your organization’s human cyber readiness.
Coach
Embedding core skills through guided, hands-on experiences. Users can begin here with little to no prior experience.
Demonstrate
Enabling individuals to show expertise through experiences, in these exercises users will prove their mastery of relevant tools and technology.
Challenge
Applying acquired skills and experience to the latest threats and techniques, these labs test not only the skills acquired to this point but also critical thinking and flexibility.
Simulate
Testing expertise and decision making against likely scenarios. This is where things get real, as we test individual and organizational readiness.
Top role objectives
Use sets of industry standard objectives, use NIST NICE or build your own in Immersive Labs. Objectives equip teams and individuals with relevant and continually evolving expertise.
Practical exercises to help uncover the basics of web attacks and exploitation. Culminating in a “for real” red team mini series identifying vulnerabilities in a newly released web app.
Want to hack the Death Star, breach a bank, cut off a power station? There’s a huge range of CTF-style exercises to earn points and test offensive capabilities in Immersive Labs.
This work role is also defined in the industry as Pen Tester or red teamer. These teams conduct assessments of threats and vulnerabilities and develop countermeasures.
Top MITRE techniques
We’ve mapped labs to MITRE ATT&CK, helping you understand where human capabilities align to threat tactics and techniques.
Top on-demand labs
Our labs are bite-sized, challenge-based experiences designed to get your teams hands on with the very latest tools and techniques in seconds.
John the Ripper
In this lab you will get to grips with password-cracking tool John the Ripper. John the Ripper is an open source piece of software pre-loaded on Kali Linux; it is one of the oldest and most popular password-cracking tools.
Mimikatz
Mimikatz is an open source Windows tool often used to perform post-exploitation activities. It can extract Windows authentication passwords, tokens and hashes from memory.
Heist: Episode 1
This mini-series simulates a Red Team engagement against the world's leading (albeit fictitious) financial services company. Walking through the various stages of a simulated targeted attack, starting with information gathering and gaining access.
Reflected XSS
Cross-site scripting (XSS) is a code injection attack whereby malicious scripts are injected into a web page. It is a very common attack and is included in the OWASP Top 10.
Latest Blog posts
Patch Newsday: 12 October 2021 – Spooky Spooler and Sinister Scores
13 October 2021
Building cyber resilience for the Financial Services sector with breadth and at scale
4 October 2021
OWASP Top 10 2021 has finally landed – here’s why you should care
27 September 2021
Financial Sector Insider Threat: Master Key Compromise
27 September 2021
Patch Newsday: 14 September 2021 – Lousy Browsers and Arsey RCEs
15 September 2021
Analyzing the CVE-2021-40444 exploit
13 September 2021
