In a world built on software, the fallout from SUNBURST is an example of the importance of a secure SDLC. With a few more checks and balances, nation-state actors might not have been able to weaponize the SolarWinds application and bend it to their will and compromise everything from Government entities to tech companies.

Join our Director of Cyber Threat Research, Kev Breen, and Sean Wright, Lead Application Security SME, as they demonstrate a series of labs on this unprecedented threat to organizations. By starting with foundational concepts and moving through to detailed hands-on simulations, you will learn firsthand the critical lessons underlined by the attack on Solarwinds.

Using the gamified Immersive Labs platform, you will be guided through a five-part series, featuring:

  1. Compromising SolarWinds NMS – Theory: What is an NMS, why is it a target and how was it attacked?
  2. Who is Cozy Bear – Theory: Using MITRE, understand how the infamous UNC2452 threat actor operates
  3. Build Server Investigation – Practical: Our experts use our platform to simulate being a threat hunter and show how to review a build server and pipelines to identify malicious code injects
  4. IOC Investigation – Practical: We walk through the indicators of compromise to demonstrate how to review your NMS host and identify if it has been infected
  5. Malware Investigation – Practical: Kevin and Sean step into the shoes of a threat hunter, analyse the SUNBURST malware to understand further IoCs, and discern what suspicious network activity looks like


  • Kev Breen; Director of Cyber Threat Research, Immersive Labs 
  • Sean Wright; Lead Application Security SME, Immersive Labs

Watch Now!

December 22, 2020