Offensive Labs

Immersive Labs contains hundreds of cyber skill experiences and content for red teams, penetration testers and ethical hackers. And we’re always adding more powered by the very latest threat intelligence.

Skill paths
to rapidly tool up teams

Our hands-on labs and challenges can be instantly accessed from a browser. They are designed to move teams and individuals through a four phase process to power up your organization’s human cyber readiness.

Coach

Embedding core skills through guided, hands-on experiences. Users can begin here with little to no prior experience.

Demonstrate

Enabling individuals to show expertise through experiences, in these exercises users will prove their mastery of relevant tools and technology.

Challenge

Applying acquired skills and experience to the latest threats and techniques, these labs test not only the skills acquired to this point but also critical thinking and flexibility.

Simulate

Testing expertise and decision making against likely scenarios. This is where things get real, as we test individual and organizational readiness.

Top role objectives

Use sets of industry standard objectives, use NIST NICE or build your own in Immersive Labs. Objectives equip teams and individuals with relevant and continually evolving expertise.

Practical exercises to help uncover the basics of web attacks and exploitation. Culminating in a “for real” red team mini series identifying vulnerabilities in a newly released web app.

Want to hack the Death Star, breach a bank, cut off a power station? There’s a huge range of CTF-style exercises to earn points and test offensive capabilities in Immersive Labs.

This work role is also defined in the industry as Pen Tester or red teamer. These teams conduct assessments of threats and vulnerabilities and develop countermeasures.

Top MITRE techniques

We’ve mapped labs to MITRE ATT&CK, helping you understand where human capabilities align to threat tactics and techniques.

Top on-demand labs

Our labs are bite-sized, challenge-based experiences designed to get your teams hands on with the very latest tools and techniques in seconds.

John the Ripper

In this lab you will get to grips with password-cracking tool John the Ripper. John the Ripper is an open source piece of software pre-loaded on Kali Linux; it is one of the oldest and most popular password-cracking tools.

Mimikatz

Mimikatz is an open source Windows tool often used to perform post-exploitation activities. It can extract Windows authentication passwords, tokens and hashes from memory.

Heist: Episode 1

This mini-series simulates a Red Team engagement against the world's leading (albeit fictitious) financial services company. Walking through the various stages of a simulated targeted attack, starting with information gathering and gaining access.

Reflected XSS

Cross-site scripting (XSS) is a code injection attack whereby malicious scripts are injected into a web page. It is a very common attack and is included in the OWASP Top 10.

Latest Blog posts