The Latest category on the Immersive Labs cybersecurity training platform delivers hands-on exercises aligned to what’s breaking now—newly disclosed CVEs, active adversary campaigns, and malware families dominating the threat landscape. In the Latest CVEs collection, you’ll practice both exploitation and defense across timely vulnerabilities such as Linux nf_tables privilege escalation (CVE-2024-1086) with Splunk, Microsoft Sentinel, and Elastic detection labs, Palo Alto PAN-OS issues (CVE-2024-0012, CVE-2024-9474), CrushFTP (CVE-2025-31161), Sudo chroot escalation (CVE-2025-32463), Docker container escape (CVE-2025-9074), and SMB elevation of privilege (CVE-2025-33073). Many scenarios are offered in offensive and defensive variants, enabling you to validate exploit paths, tune detections, and practice rapid mitigation on real-world stacks from Windows to Linux and cloud.
The Emerging Threats collection focuses on zero-days, novel tradecraft, and evolving actor TTPs, including the xz supply chain compromise (CVE-2024-3094), campaign analyses of groups like Scattered Spider and Lazarus, GhostEngine, COM persistence (TypeLib), detection of dual-use RMM tooling such as Atera and MeshCentral, and sector-specific incident case studies like the Norwegian dam compromise. In Trending Malware, you’ll dissect prevalent families and tooling—LockBit and BlackCat ransomware, GOOTLOADER, StealC, XWorm, and C2 frameworks like Sliver and Brute Ratel—building skills in memory forensics, Yara rule writing, IOC extraction, SIEM triage, and adversary emulation.
This category is designed for SOC analysts, incident responders, threat hunters, red and purple teamers, and vulnerability management professionals who need to stay ahead of the curve. By completing these collections, you’ll be equipped to rapidly assess and prioritize new vulnerabilities, hunt and detect active campaigns, contain and remediate malware-driven incidents, and communicate risk and response options with confidence.
Threat Actors: Salt Typhoon – SNAPPYBEE Campaign Analysis
6
practical
UAC-0063 Intrusion: SIEM Analysis
6
practical
DEEP GOSU Campaign: Analysis
6
practical
LockBit Builder: Analysis
5
practical
Ransomware: LockBit
6
practical
GOOTLOADER Downloader: Analysis
6
practical
Threat Research: Sliver C2 – Memory Forensics
7
practical
Brute Ratel C4 (BRc4): Yara Detection
4
practical
Brute Ratel: Extracting Indicators of Compromise
6
practical
BlackCat WinSCP ISO Trojan: Analysis
5
practical
Malicious OneNote Analysis
7
practical
StealC: Decoding and Decrypting
5
practical
StrelaStealer Malware Campaign: Analysis
6
practical
GhostEngine: Analysis
5
practical
Tickler Malware: Analysis
5
practical
Xworm: Analysis
5
practical
Sandworm Campaign: ZEROLOT Wiper
5
practical
Lazarus Cyber Espionage Campaign: Analysis
6
practical
Lotus Blossom: Notepad++ Campaign Analysis
6
practical
Google Cloud
On the Immersive Labs cybersecurity training platform, the Google Cloud category develops practical skills for building, securing, and defending workloads on Google Cloud and within Google Security Operations. The Google Cloud Basics collection introduces core cloud concepts and hands-on experience with the Google Cloud Console, Identity and Access Management (IAM), Cloud Storage, VPC networks, and Compute Engine, culminating in a skills demonstration to reinforce foundational knowledge. Building on that, the Google Security Operations: Fundamentals collection equips learners to detect and respond to threats using Google’s SecOps stack, covering the Unified Data Model (UDM), efficient event searching, writing YARA-L detection rules, creating SOAR playbooks for automation, managing detection rules, and handling cases, with a final capstone to consolidate capabilities.
To validate skills in a realistic context, the Google Cloud Challenges collection includes the Google Cloud Challenge: Traflytics at Metrolio – Offensive, an applied scenario that tests the ability to identify and analyze malicious activity in a Google Cloud environment. This category is ideal for security analysts, SOC and incident response teams, detection engineers, cloud security practitioners, and cloud administrators seeking end-to-end proficiency. Learners will be equipped to design and govern secure GCP deployments, operationalize detections in Google Security Operations, automate responses with SOAR, and conduct end-to-end investigations in cloud-first environments.
Collections
Collection Name
Lab Count
Google Security Operations: Fundamentals
8
Google Cloud Basics
7
Google Cloud Challenges
1
Google Security Operations: Fundamentals
Lab
Difficulty
Format
Google SecOps Fundamentals: Introduction
4
practical
Google SecOps Fundamentals: Unified Data Model (UDM)
2
theory
Google SecOps Fundamentals: Searching for Events
3
practical
Google SecOps Fundamentals: YARA-L for Detection Rules
4
practical
Google SecOps Fundamentals: SOAR Playbooks
4
practical
Google SecOps Fundamentals: Managing Detection Rules
3
practical
Google SecOps Fundamentals: Cases
4
practical
Google SecOps Fundamentals: Demonstrate Your Skills
4
practical
Google Cloud Basics
Lab
Difficulty
Format
Google Cloud Basics: Fundamental Concepts
1
theory
Google Cloud Basics: Introduction to the Console
4
practical
Google Cloud Basics: Identity and Access Management (IAM)
5
practical
Google Cloud Basics: Cloud Storage
5
practical
Google Cloud Basics: VPC Networks
5
practical
Google Cloud Basics: Compute Engine
5
practical
Google Cloud Basics: Demonstrate Your Skills
6
practical
Google Cloud Challenges
Lab
Difficulty
Format
Google Cloud Challenge: Traflytics at Metrolio – Offensive
7
practical
Microsoft Azure
On the Immersive Labs cybersecurity training platform, the Microsoft Azure category provides hands-on labs that take learners from Azure fundamentals to advanced security operations across Microsoft’s cloud ecosystem. The pathway builds practical fluency in Azure services, Kusto Query Language (KQL), cloud security posture management, SIEM deployment and monitoring with Microsoft Sentinel, and SOAR automation, culminating in real-world threat hunting with workbooks and notebooks.
Learners start with Microsoft Azure Basics to understand core cloud concepts and practice navigating the portal, configuring storage accounts, virtual networks, virtual machines, Function Apps, and Logic Apps. The Kusto Query Language collection develops the analytical foundation needed to query and transform telemetry at scale, covering syntax, filtering, aggregation, time analysis, parsing complex data, and advanced operations used throughout Sentinel. Microsoft Defender for Cloud guides learners through setup, CSPM and compliance, inventory and recommendations, alert triage, and Attack Path analysis with the Cloud Security Explorer. Microsoft Sentinel Blue Team Ops focuses on operational detection and response with KQL-driven analytics rules, incident handling, and enrichment with threat intelligence, while Microsoft Sentinel Deployment & Log Ingestion covers initial setup and the ingestion of platform and VM logs via diagnostic settings. Rounding out operations, Microsoft Sentinel: Security Orchestration Automation and Response (SOAR) teaches automation rules and playbooks with Logic Apps, and Microsoft Sentinel: Threat Hunting with Notebooks and Workbooks equips learners to visualize metrics, analyze security data, and conduct investigations. This category is designed for security analysts, SOC and blue team practitioners, and cloud engineers; upon completion, they will be ready to deploy and secure Azure workloads, operationalize Sentinel, automate incident response, and proactively hunt threats in Microsoft cloud environments.
Collections
Collection Name
Lab Count
Kusto Query Language
11
Microsoft Azure Basics
8
Microsoft Defender for Cloud
6
Microsoft Sentinel Blue Team Ops
6
Microsoft Sentinel Deployment & Log Ingestion
5
Microsoft Sentinel: Security Orchestration Automation and Response (SOAR)
5
Microsoft Sentinel: Threat Hunting with Notebooks and Workbooks
4
Kusto Query Language
Lab
Difficulty
Format
Kusto Query Language: Introduction to KQL
4
practical
Kusto Query Language: KQL Syntax
5
practical
Kusto Query Language: Exploring Data Types
4
practical
Kusto Query Language: Filtering and Searching
5
practical
Kusto Query Language: Data Aggregation
6
practical
Kusto Query Language: Unions and Joins
5
practical
Kusto Query Language: String Processing
6
practical
Kusto Query Language: Time Processing
6
practical
Kusto Query Language: Parsing Complex Data Types
7
practical
Kusto Query Language: Advanced Data Operations
7
practical
Kusto Query Language: Demonstrate Your Skills
8
practical
Microsoft Azure Basics
Lab
Difficulty
Format
Microsoft Azure Basics: Fundamental Concepts
1
theory
Microsoft Azure Basics: Navigating the Web Portal
4
practical
Microsoft Azure Basics: Storage Accounts
4
practical
Microsoft Azure Basics: Virtual Networks
4
practical
Microsoft Azure Basics: Virtual Machines
4
practical
Microsoft Azure Basics: Function Apps
5
practical
Microsoft Azure Basics: Logic Apps
5
practical
Microsoft Azure Basics: Demonstrate Your Skills
6
practical
Microsoft Defender for Cloud
Lab
Difficulty
Format
Introduction to Microsoft Defender
1
theory
Microsoft Defender for Cloud: An Introduction
2
theory
Microsoft Defender for Cloud: Setup, CSPM, and Compliance
4
theory
Microsoft Defender for Cloud: Inventory, Resource Health, and Recommendations
3
theory
Microsoft Defender for Cloud: Security Alerts and Incidents
4
theory
Microsoft Defender for Cloud: Attack Path Analysis and the Cloud Security Explorer
4
theory
Microsoft Sentinel Blue Team Ops
Lab
Difficulty
Format
Introduction to Microsoft Sentinel
4
practical
Microsoft Sentinel Blue Team Ops: KQL Basics
5
practical
Microsoft Sentinel Blue Team Ops: Analytics Rules
5
practical
Microsoft Sentinel Blue Team Ops: Incident Basics
5
practical
Microsoft Sentinel Blue Team Ops: Data Enrichment and Threat Intelligence
5
practical
Microsoft Sentinel Blue Team Ops: Demonstrate Your Skills
6
practical
Microsoft Sentinel Deployment & Log Ingestion
Lab
Difficulty
Format
Introduction to Microsoft Sentinel
4
practical
Microsoft Sentinel Deployment & Log Ingestion: Initial Setup
5
practical
Microsoft Sentinel Deployment & Log Ingestion: Ingesting Platform Logs via Diagnostic Settings
5
practical
Microsoft Sentinel Deployment & Log Ingestion: Ingesting Virtual Machine Logs
5
practical
Microsoft Sentinel Deployment & Log Ingestion: Demonstrate Your Skills
6
practical
Microsoft Sentinel: Security Orchestration Automation and Response (SOAR)
Lab
Difficulty
Format
Introduction to Microsoft Sentinel
4
practical
Microsoft Azure Basics: Logic Apps
5
practical
Microsoft Sentinel SOAR: Introduction & Automation Rules
4
practical
Microsoft Sentinel SOAR: Playbooks
5
practical
Microsoft Sentinel SOAR: Demonstrate Your Skills
6
practical
Microsoft Sentinel: Threat Hunting with Notebooks and Workbooks
Lab
Difficulty
Format
Azure Workbooks: Monitoring Metrics
5
practical
Microsoft Sentinel: Security Analysis with Workbooks
5
practical
Microsoft Sentinel: Introduction to Notebooks
5
practical
Microsoft Sentinel: Threat Hunting with Notebooks
6
practical
Defensive Fundamentals
The Defensive Fundamentals category on the Immersive Labs cybersecurity training platform builds core blue-team knowledge and hands-on skills to prevent, detect, and respond to threats across enterprise, cloud, and AI-enabled environments. It develops a solid grounding in security principles, frameworks, and operational practices while reinforcing practical investigation and response techniques.
Learners translate standards into action through NIST – Security and Privacy Controls for Information Systems and Organizations (800-53), gaining proficiency across key control families from access control and incident response to risk assessment and supply chain risk management. Complementing this, NIST – Guidelines on Security and Privacy in Public Cloud Computing (800-144) covers governance, compliance, architecture, IAM, and incident response unique to public cloud. Operational detection and response skills are strengthened in Introduction To Elastic, where learners practice querying, triage, detection rules, investigations, escalation, and ES|QL. Windows Forensics Artifacts trains analysts to extract evidence from Amcache, AppCompatCache, Prefetch, Event Logs, ShellBags, the MFT, LNK files, and more to reconstruct activity. Secure Fundamentals reinforces defense in depth, authentication, authorization, least privilege, patching, and the CIA triad, while AI Fundamentals addresses data ethics, emerging AI-driven threats, prompt injection, and responder-focused AI skills. CTI First Principles builds the ability to run the intelligence lifecycle, use models and sources, and visualize findings, and an Assessment: Security Operations validates readiness.
This category is designed for aspiring and early-career defenders, SOC analysts, system administrators, cloud and security engineers, and risk and compliance professionals. Graduates will be equipped to implement and assess controls, harden systems, use a SIEM to triage and investigate alerts, perform Windows host forensics, manage cloud risk, apply threat intelligence to operations, navigate AI-related security issues, and demonstrate operational competence through assessment.
Collections
Collection Name
Lab Count
NIST – Security and Privacy Controls for Information Systems and Organizations (800-53)
22
Introduction To Elastic
10
NIST – Guidelines on Security and Privacy in Public Cloud Computing (800-144)
10
Windows Forensics Artifacts
10
AI Fundamentals
9
Secure Fundamentals
8
CTI First Principles
7
Assessment: Security Operations
1
NIST – Security and Privacy Controls for Information Systems and Organizations (800-53)
Lab
Difficulty
Format
NIST 800-53: Security and Privacy Controls for Information Systems and Organizations
2
theory
NIST 800-53: Access Control
2
practical
NIST 800-53: Awareness and Training
2
theory
NIST 800-53: Audit and Accountability
2
theory
NIST 800-53: Assessment, Authorization, and Monitoring
2
theory
NIST 800-53: Configuration Management
2
theory
NIST 800-53: Contingency Planning
2
theory
NIST 800-53: Identification and Authentication
2
theory
NIST 800-53: Incident Response
2
theory
NIST 800-53: Maintenance
2
theory
NIST 800-53: Media Protection
2
theory
NIST 800-53: Physical and Environmental Protection
2
theory
NIST 800-53: Planning
2
theory
NIST 800-53: Program Management
2
theory
NIST 800-53: Personnel Security
2
theory
NIST 800-53: Personally Identifiable Information Processing and Transparency (PIIPT)
3
theory
NIST 800-53: Risk Assessment
2
theory
NIST 800-53: System and Services Acquisition
2
theory
NIST 800-53: System and Communications Protection
3
practical
NIST 800-53: System and Information Integrity
3
theory
NIST 800-53: Supply Chain Risk Management
2
theory
NIST 800-53: Demonstrate Your Knowledge
3
theory
Introduction To Elastic
Lab
Difficulty
Format
Introduction To Elastic: What is Elastic?
3
theory
Introduction To Elastic: Querying Data
5
practical
Introduction To Elastic: Triage
4
practical
Introduction To Elastic: Focus (Alert Detailing)
5
practical
Introduction To Elastic: Focus (Detection Rules)
5
practical
Introduction To Elastic: Investigate
4
practical
Introduction To Elastic: Escalate
4
practical
Introduction To Elastic: Act
5
practical
Introduction To Elastic: ES
QL
6
Introduction To Elastic: Demonstrate Your Skills
6
practical
NIST – Guidelines on Security and Privacy in Public Cloud Computing (800-144)
Lab
Difficulty
Format
NIST 800-144: Guidelines on Security and Privacy in Public Cloud Computing
1
theory
NIST 800-144 Cloud Security: Governance
1
theory
NIST 800-144 Cloud Security: Compliance
1
theory
NIST 800-144 Cloud Security: Trust
1
theory
NIST 800-144 Cloud Security: Architecture
1
theory
NIST 800-144 Cloud Security: Identity and Access Management
2
theory
NIST 800-144 Cloud Security: Software Isolation
2
theory
NIST 800-144 Cloud Security: Data Protection
1
theory
NIST 800-144 Cloud Security: Availability
1
theory
NIST 800-144 Cloud Security: Incident Response
1
theory
Windows Forensics Artifacts
Lab
Difficulty
Format
Windows Forensics Artifacts: Amcache
3
theory
Windows Forensics Artifacts: AppCompatCache
3
theory
Windows Forensics Artifacts: Prefetch Files
3
theory
Windows Forensics Artifacts: Event Logs
3
theory
Windows Forensics Artifacts: UserAssist
3
theory
Windows Forensics Artifacts: ShellBags
3
theory
Windows Forensics Artifacts: Recycle Bin
3
theory
Windows Forensics Artifacts: Master File Table
3
theory
Windows Forensics Artifacts: Link Files (LNK)
2
theory
Windows Forensics Artifacts: Demonstrate Your Skills
4
theory
AI Fundamentals
Lab
Difficulty
Format
AI: Introduction to AI
2
theory
AI: Data Ethics and Responsible Use
2
theory
AI: Emerging Threats
2
theory
AI: TensorFlow for Machine Learning
3
practical
AI: Image Classification
3
practical
AI: Generative AI Models
2
practical
AI: Prompt Injection Attacks
5
practical
AI: Artificial Intelligence for Incident Responders
2
practical
AI: Demonstrate Your Skills
4
practical
Secure Fundamentals
Lab
Difficulty
Format
Secure Fundamentals: Defense In Depth
1
theory
Secure Fundamentals: Authentication
1
theory
Secure Fundamentals: Authorization
1
theory
Secure Fundamentals: Principle of Least Privilege
1
theory
Secure Fundamentals: Security Patching
1
theory
Secure Fundamentals: Attribution and Accountability
2
theory
Secure Fundamentals: The CIA Triad
2
theory
Secure Data Handling
3
theory
CTI First Principles
Lab
Difficulty
Format
CTI First Principles: What is Cyber Threat Intelligence?
1
theory
CTI First Principles: Lifecycles
2
practical
CTI First Principles: Models and Methodologies
3
practical
CTI First Principles: Threat Actors and Attribution
4
practical
CTI First Principles: Threat Intelligence Sources
3
practical
CTI First Principles: Decomposition and Visualization
3
practical
CTI First Principles: Demonstrate Your Knowledge
4
practical
Assessment: Security Operations
Lab
Difficulty
Format
Assessment: Security Operations
1
practical
Amazon Web Services
On the Immersive Labs cybersecurity training platform, the Amazon Web Services category builds practical cloud security capability from fundamentals to advanced defense and response. Learners start with the “Amazon Web Services” collection to ground themselves in core services, then deepen expertise with “IAM (Identity and Access Management)” to master users, groups, policies, roles, MFA, STS, and guardrails like resource policies and permissions boundaries. They apply secure-by-design practices in “EC2 (Elastic Compute Cloud)” across encryption, security groups, AMIs, launch templates, load balancing, and auto scaling; harden storage in “S3 (Simple Storage Service)” with access controls, MRAPs, protection mechanisms, inventory, and recovery; segment networks and enable private connectivity in “VPC & Network Security”; protect secrets and data with “Secrets and Encryption in AWS” using Secrets Manager and AWS KMS; secure serverless pipelines in “Securing Serverless Workflows with AWS Lambda”; and operationalize safe administration in “AWS Systems Manager” with Session Manager, Run Command, Automation, and patching.
Detection, compliance, and incident response are developed through “Logging & Monitoring in AWS,” where learners operationalize CloudTrail, EventBridge, CloudWatch, VPC Flow Logs, SIEM integration, and automated response; and “Advanced Logging in AWS,” covering the CloudWatch agent, Logs Insights, and investigations with Athena. Governance and central visibilitybuild are reinforced with “AWS Config” for rules and remediation and “AWS Security Hub” for control aggregation and custom actions, while “Threat Detection with Amazon GuardDuty” builds managed threat detection skills. Real-world investigation capability is sharpened in “Investigating IAM Incidents in AWS,” “Introduction to Incident Response & Forensics in AWS,” and “Incident Response and Forensics for EC2,” and web defenses are addressed in “Securing Web Applications with AWS WAF and CloudFront.” The “Top 10 AWS Attacker Techniques 2023” collection exposes common cloud attack paths and mitigations, and the “AWS Challenge: Jobs at Metrolio” scenario validates offensive, defensive, and remediation skills under pressure. This category is designed for security engineers, cloud architects, DevOps practitioners, SOC analysts, and incident responders who need to design, harden, monitor, detect, investigate, and respond across AWS environments with confidence and at scale.
Collections
Collection Name
Lab Count
IAM (Identity and Access Management)
13
Logging & Monitoring in AWS
12
EC2 (Elastic Compute Cloud)
11
Top 10 AWS Attacker Techniques 2023
10
S3 (Simple Storage Service)
9
Amazon Web Services
7
AWS Systems Manager
7
VPC & Network Security
7
AWS Config
6
Advanced Logging in AWS
5
AWS Security Hub
5
Introduction to Incident Response & Forensics in AWS
5
Securing Serverless Workflows with AWS Lambda
5
Investigating IAM Incidents in AWS
4
Secrets and Encryption in AWS
4
Securing Web Applications with AWS WAF and CloudFront
4
Threat Detection with Amazon GuardDuty
4
AWS Challenge: Jobs at Metrolio
3
Incident Response and Forensics for EC2
3
IAM (Identity and Access Management)
Lab
Difficulty
Format
Introduction to the AWS Console
4
practical
IAM: Users and Groups
4
practical
IAM: Policy
4
practical
IAM: Roles
4
practical
IAM: Tagging
4
practical
IAM: Security Token Service (STS)
4
practical
IAM: Access Analyzer
4
practical
IAM: Access Advisor
4
practical
IAM: Multi-Factor Authentication
5
practical
IAM and EC2: Instance Profiles
5
practical
IAM: Resource Policies
5
practical
IAM: Permissions Boundaries
6
practical
IAM: Demonstrate Your Skills
7
practical
Logging & Monitoring in AWS
Lab
Difficulty
Format
AWS Logging and Monitoring: Introduction to CloudTrail
2
theory
AWS Logging and Monitoring: Deploying CloudTrail
4
practical
AWS Logging and Monitoring: Introduction to EventBridge
1
theory
AWS Logging and Monitoring: Configuring EventBridge and Event Patterns
4
practical
AWS Logging and Monitoring: Introduction to CloudWatch
2
theory
AWS Logging and Monitoring: The CloudWatch Dashboard
4
practical
AWS Logging and Monitoring: CloudWatch Alarms and Metric Filters
5
practical
AWS Logging and Monitoring: CloudWatch CIS Alarms
5
practical
AWS Logging and Monitoring: Configuring VPC Flow Logs
5
practical
AWS Logging and Monitoring: CloudTrail SIEM Integration (Splunk)
6
practical
AWS Logging and Monitoring: Automating Incident Response with EventBridge
5
practical
AWS Logging and Monitoring: Demonstrate Your Skills
6
practical
EC2 (Elastic Compute Cloud)
Lab
Difficulty
Format
Introduction to the AWS Console
4
practical
EC2: Practical Introduction
4
practical
EC2: Disk Encryption
4
practical
EC2: Amazon Machine Images (AMIs)
4
practical
EC2: Security Groups
4
practical
EC2: Launch Templates
4
practical
EC2: Key Pairs
4
practical
IAM and EC2: Instance Profiles
5
practical
EC2: Load Balancers
5
practical
EC2: Auto Scaling
5
practical
EC2: Demonstrate Your Skills
6
practical
Top 10 AWS Attacker Techniques 2023
Lab
Difficulty
Format
Subdomain Takeover Using S3
4
practical
Exploiting Lambda Execution Roles
5
practical
Discovering and Stealing Data from Public SNS and SQS Queues
6
practical
Privilege Escalation via IAM:PassRole Misconfiguration
4
practical
Compromising EC2 via Instance User Data
5
practical
Hijacking Public EBS Snapshots
4
practical
Stealing EC2 Metadata V1 Credentials via SSRF
5
practical
Privilege Escalation Through IAM Permissions
6
practical
Hunting for Public S3 Buckets
5
practical
Hunting Leaked IAM Keys and Gaining Persistence with Federation Tokens
6
practical
S3 (Simple Storage Service)
Lab
Difficulty
Format
Introduction to the AWS Console
4
practical
S3: Practical Introduction
4
practical
S3: Restricting Access
4
practical
S3: Multi-Region Access Points (MRAPs)
4
practical
S3: Protecting Objects
4
practical
S3: Inventory Report
4
practical
S3: Backup and Recovery
4
practical
S3: Access Policies
5
practical
S3: Demonstrate Your Skills
6
practical
Amazon Web Services
Lab
Difficulty
Format
AWS: Introduction to Amazon Web Services (AWS)
1
theory
AWS: Introduction to Simple Storage Service (S3)
2
theory
AWS: Introduction to Elastic Cloud Compute (EC2)
2
theory
AWS: Introduction to AWS Identity and Access Management (IAM)
2
theory
AWS: Introduction to Security Groups
3
theory
AWS Lambda: Introduction to Serverless Functions on AWS
2
theory
AWS Logging and Monitoring: Introduction to CloudTrail
2
theory
AWS Systems Manager
Lab
Difficulty
Format
Systems Manager: Introduction
4
practical
Systems Manager: Session Manager
4
practical
Systems Manager: Run Command
4
practical
Systems Manager: Inventory
4
practical
Systems Manager: Automation
5
practical
Systems Manager: Patching and Compliance
5
practical
Systems Manager: Demonstrate Your Skills
6
practical
VPC & Network Security
Lab
Difficulty
Format
VPC & Network Security: Introduction to Virtual Private Cloud Networking
4
practical
VPC & Network Security: Subnets, Route Tables, and Segmentation
5
practical
VPC & Network Security: Gateways
5
practical
VPC & Network Security: Network ACLs
5
practical
VPC & Network Security: Transit Gateways and Peering
6
practical
VPC & Network Security: PrivateLink and Endpoint Services
6
practical
VPC & Network Security: Demonstrate Your Skills
7
practical
AWS Config
Lab
Difficulty
Format
AWS Config: An Introduction to Resource Auditing
2
theory
AWS Config: Setup and Configuration
4
practical
AWS Config: Items, History, and Snapshots
5
practical
AWS Config: Rules and Conformance Packs
5
practical
AWS Config: Notification and Remediation
5
practical
AWS Config: Demonstrate Your Skills
7
practical
Advanced Logging in AWS
Lab
Difficulty
Format
AWS Advanced Logging: Enabling Access Logging in AWS
5
practical
AWS Advanced Logging: CloudWatch Agent
4
practical
AWS Advanced Logging: CloudWatch Logs Insights
4
practical
AWS Advanced Logging: Athena
6
practical
AWS Advanced Logging: Investigating Incidents with Amazon Athena
6
practical
AWS Security Hub
Lab
Difficulty
Format
AWS Security Hub: Centralizing Security
2
theory
AWS Security Hub: Setup, Controls, and Aggregation
5
practical
AWS Security Hub: Findings and Insights
5
practical
AWS Security Hub: Integrations and Custom Actions
5
practical
AWS Security Hub: Demonstrate Your Skills
6
practical
Introduction to Incident Response & Forensics in AWS
Lab
Difficulty
Format
Introduction to Incident Response and Forensics in AWS: Preparation
2
theory
Introduction to Incident Response and Forensics in AWS: Detection
2
theory
Introduction to Incident Response and Forensics in AWS: Analysis
2
theory
Introduction to Incident Response and Forensics in AWS: Containment, Eradication, and Recovery
2
theory
Introduction to Incident Response and Forensics in AWS: Post-Incident Activity
2
theory
Securing Serverless Workflows with AWS Lambda
Lab
Difficulty
Format
AWS Lambda: Introduction to Serverless Functions on AWS
2
theory
AWS Lambda: Practical Introduction to the Console
4
practical
AWS Lambda: Creating and Managing Secure Lambda Functions
5
practical
AWS Lambda: Step Functions
5
practical
AWS Lambda: Demonstrate Your Skills
6
practical
Investigating IAM Incidents in AWS
Lab
Difficulty
Format
Investigating IAM Incidents in AWS: Preparation
6
practical
Investigating IAM Incidents in AWS: Detection and Analysis – Leaked Keys and Privilege Escalation
5
practical
Investigating IAM Incidents in AWS: Detection and Analysis – Overly Permissive Policies
5
practical
Investigating IAM Incidents in AWS: Containment and Eradication
4
practical
Secrets and Encryption in AWS
Lab
Difficulty
Format
Secrets Manager: Creating and Protecting Secrets
5
practical
Secrets Manager: Retrieving and Rotating Secrets
5
practical
AWS KMS: Configuring Keys and Data Encryption
5
practical
Secrets and Encryption in AWS: Demonstrate Your Skills
7
practical
Securing Web Applications with AWS WAF and CloudFront
Lab
Difficulty
Format
Introduction to AWS Web Application Firewall (WAF)
5
practical
Configuring Secure Web Hosting with AWS CloudFront
5
practical
Securing Web Applications with AWS WAF and CloudFront
6
practical
AWS WAF and CloudFront: Demonstrate Your Skills
6
practical
Threat Detection with Amazon GuardDuty
Lab
Difficulty
Format
GuardDuty: An Introduction to Security Monitoring
2
theory
GuardDuty: Configuration and Understanding Findings
4
practical
GuardDuty: Service-Level Protection and IP Lists
5
practical
GuardDuty: Demonstrate Your Skills
6
practical
AWS Challenge: Jobs at Metrolio
Lab
Difficulty
Format
AWS Challenge: Jobs at Metrolio – Offensive
7
practical
AWS Challenge: Jobs at Metrolio – Defensive
5
practical
AWS Challenge: Jobs at Metrolio – Remediation
6
practical
Incident Response and Forensics for EC2
Lab
Difficulty
Format
Incident Response and Forensics for EC2: Preparation
6
practical
Incident Response and Forensics for EC2: Detection and Analysis
7
practical
Incident Response and Forensics for EC2: Containment and Eradication
6
practical
Secure Fundamentals
Secure Fundamentals on the Immersive Labs cybersecurity training platform builds the knowledge and hands-on skills needed to design, build, and operate secure systems across modern environments. Through practical labs and scenario-driven exercises, the category establishes core principles while mapping them to widely adopted standards and real-world attack techniques spanning web, mobile, cloud, AI, and cryptographic technologies.
Learners start with foundational concepts in the Secure Fundamentals collection, covering defense in depth, authentication and authorization, the principle of least privilege, security patching, attribution and accountability, the CIA triad, and secure data handling—skills that underpin every secure architecture. Technical depth is added through Introduction to Cryptography, which demystifies symmetric and asymmetric encryption, hashing, digital signatures, key management, and PKI, and TLS Fundamentals, where learners analyze X.509 certificates, understand cipher suites and key exchange, and configure modern TLS 1.3 securely.
To strengthen application security, OWASP Top 10 (2021) and OWASP Top 10 (2025) guide learners through identifying and mitigating risks such as broken access control, injection, cryptographic failures, security misconfiguration, software supply chain issues, and logging and alerting gaps, including a focus on APIs. Mobile Application Security Fundamentals aligns with OWASP MASVS and the MSTG to address insecure communication and storage, insufficient cryptography, binary protections, privacy, and auth weaknesses. Rounding out emerging risk areas, AI Fundamentals and OWASP Top 10 for LLMs and GenAI prepare learners to handle prompt injection, sensitive information disclosure, model and data poisoning, excessive agency, and other GenAI-specific threats. This category is ideal for developers, security engineers, DevSecOps, IT and cloud practitioners, and aspiring analysts, equipping them to apply secure-by-design practices, validate and harden configurations, prioritize remediation, and respond effectively to evolving threats across web, mobile, and AI-enabled systems.
Collections
Collection Name
Lab Count
OWASP Top 10 (2021)
13
Introduction to Cryptography
12
Mobile Application Security Fundamentals
12
OWASP Top 10 (2025)
11
OWASP Top 10 for LLMs and GenAI
10
AI Fundamentals
9
Secure Fundamentals
8
TLS Fundamentals
8
OWASP Top 10 (2021)
Lab
Difficulty
Format
Introduction to the OWASP Top 10
1
theory
OWASP 2021: Broken Access Control
2
theory
OWASP 2021: Cryptographic Failures
2
theory
OWASP 2021: Injection
2
theory
OWASP 2021: Insecure Design
2
theory
OWASP 2021: Security Misconfiguration
2
theory
OWASP 2021: Vulnerable and Outdated Components
2
theory
OWASP 2021: Identification and Authentication Failures
2
theory
OWASP 2021: Software and Data Integrity Failures
2
theory
OWASP 2021: Security Logging and Monitoring Failures
2
theory
OWASP 2021: Server-Side Request Forgery
2
theory
OWASP API Security Top 10
2
theory
OWASP 2021: Demonstrate Your Knowledge
3
theory
Introduction to Cryptography
Lab
Difficulty
Format
Introduction to Cryptography: What is Cryptography?
3
theory
Introduction to Cryptography: Symmetric Key Encryption
3
theory
Introduction to Cryptography: Asymmetric Encryption
3
theory
Introduction to Cryptography: Stream Ciphers
3
theory
Introduction to Cryptography: One-Time Pad
3
theory
Introduction to Cryptography: Message Integrity
3
theory
Introduction to Cryptography: Public and Private Key Management
3
theory
Introduction to Cryptography: Public Key Infrastructure
3
theory
Introduction to Cryptography: Block Ciphers
3
theory
Introduction to Cryptography: Digital Signatures
3
theory
Introduction to Cryptography: Hashing
2
theory
Introduction to Cryptography: Demonstrate Your Knowledge
3
theory
Mobile Application Security Fundamentals
Lab
Difficulty
Format
Mobile Application Security Fundamentals: OWASP Mobile Application Security Verification Standard
3
theory
Mobile Application Security Fundamentals: OWASP Mobile Application Security Testing Guide
3
theory
Mobile Application Security Fundamentals: Insecure Communication
2
theory
Mobile Application Security Fundamentals: Insecure Data Storage
2
theory
Mobile Application Security Fundamentals: Insufficient Binary Protections
2
theory
Mobile Application Security Fundamentals: Insufficient Cryptography
2
theory
Mobile Application Security Fundamentals: Inadequate Supply Chain Security
2
theory
Mobile Application Security Fundamentals: Insufficient Input/Output Validation
2
theory
Mobile Application Security Fundamentals: Improper Credential Usage
3
theory
Mobile Application Security Fundamentals: Inadequate Privacy Controls
3
theory
Mobile Application Security Fundamentals: Security Misconfiguration
3
theory
Mobile Application Security Fundamentals: Insecure Authentication and Authorization
3
theory
OWASP Top 10 (2025)
Lab
Difficulty
Format
OWASP Top 10 (2025): Introduction
1
theory
OWASP Top 10 (2025): A01 – Broken Access Control
2
theory
OWASP Top 10 (2025): A02 – Security Misconfiguration
2
theory
OWASP Top 10 (2025): A03 – Software Supply Chain Failures
2
theory
OWASP Top 10 (2025): A04 – Cryptographic Failures
2
theory
OWASP Top 10 (2025): A05 – Injection
2
theory
OWASP Top 10 (2025): A06 – Insecure Design
2
theory
OWASP Top 10 (2025): A07 – Authentication Failures
2
theory
OWASP Top 10 (2025): A08 – Software or Data Integrity Failures
2
theory
OWASP Top 10 (2025): A09 – Logging and Alerting Failures
2
theory
OWASP Top 10 (2025): A10 – Mishandling of Exceptional Conditions
2
theory
OWASP Top 10 for LLMs and GenAI
Lab
Difficulty
Format
OWASP Top 10 for LLMs and GenAI: Prompt Injection
2
theory
OWASP Top 10 for LLMs and GenAI: Sensitive Information Disclosure
2
theory
OWASP Top 10 for LLMs and GenAI: Supply Chain
2
theory
OWASP Top 10 for LLMs and GenAI: Data and Model Poisoning
2
theory
OWASP Top 10 for LLMs and GenAI: Improper Output Handling
2
theory
OWASP Top 10 for LLMs and GenAI: Excessive Agency
2
theory
OWASP Top 10 for LLMs and GenAI: System Prompt Leakage
2
theory
OWASP Top 10 for LLMs and GenAI: Vector and Embedding Weaknesses
2
theory
OWASP Top 10 for LLMs and GenAI: Misinformation
2
theory
OWASP Top 10 for LLMs and GenAI: Unbounded Consumption
2
theory
AI Fundamentals
Lab
Difficulty
Format
AI: Introduction to AI
2
theory
AI: Data Ethics and Responsible Use
2
theory
AI: Emerging Threats
2
theory
AI: TensorFlow for Machine Learning
3
practical
AI: Image Classification
3
practical
AI: Generative AI Models
2
practical
AI: Prompt Injection Attacks
5
practical
AI: Artificial Intelligence for Incident Responders
2
practical
AI: Demonstrate Your Skills
4
practical
Secure Fundamentals
Lab
Difficulty
Format
Secure Fundamentals: Defense In Depth
1
theory
Secure Fundamentals: Authentication
1
theory
Secure Fundamentals: Authorization
1
theory
Secure Fundamentals: Principle of Least Privilege
1
theory
Secure Fundamentals: Security Patching
1
theory
Secure Fundamentals: Attribution and Accountability
2
theory
Secure Fundamentals: The CIA Triad
2
theory
Secure Data Handling
3
theory
TLS Fundamentals
Lab
Difficulty
Format
TLS Fundamentals: Introduction
3
theory
TLS Fundamentals: Client Hello and Server Hello
3
theory
TLS Fundamentals: Cipher Suites
4
theory
TLS Fundamentals: Key Exchange and Session Resumes
3
theory
TLS Fundamentals: X.509 Introduction
3
theory
TLS Fundamentals: X.509 Analysis
4
practical
TLS Fundamentals: TLS 1.3
3
theory
TLS Fundamentals: Final Challenge
5
practical
The Human Connection Challenge
On the Immersive Labs cybersecurity training platform, The Human Connection Challenge category brings together scenario-led, hands-on labs that build practical security skills across core technical domains. Learners progress through real-world tasks that develop competence in operating system fundamentals, reconnaissance and scanning, web application exploitation, platform-specific administration and defense, thick client application testing, and Active Directory essentials.
The Human Connection Challenge: Season 1 collection spans seven labs—Basic OS Skills, Scanning, Web Exploitation, Linux, Windows, Thick Client Applications, and Active Directory—giving learners guided practice in command-line fluency, enumerating networks and services, identifying and exploiting common web vulnerabilities, managing and hardening Linux and Windows hosts, assessing thick client behaviors, and navigating AD structures and misconfigurations. This category is ideal for aspiring and junior cybersecurity professionals, upskilling IT practitioners, and seasoned analysts seeking a focused refresher. By the end, learners will be equipped to investigate and remediate common weaknesses, perform ethical assessment tasks with confidence, and apply a repeatable methodology to real operational scenarios.
Collections
Collection Name
Lab Count
The Human Connection Challenge: Season 1
7
The Human Connection Challenge: Season 1
Lab
Difficulty
Format
Human Connection Challenge: Season 1 – Basic OS Skills
6
practical
Human Connection Challenge: Season 1 – Scanning
7
practical
Human Connection Challenge: Season 1 – Web Exploitation
7
practical
Human Connection Challenge: Season 1 – Linux
7
practical
Human Connection Challenge: Season 1 – Windows
7
practical
Human Connection Challenge: Season 1 – Thick Client Applications
8
practical
Human Connection Challenge: Season 1 – Active Directory
8
practical
Incident Response
The Incident Response category on the Immersive Labs cybersecurity training platform builds real-world skills across the full IR lifecycle—from preparation and detection to containment, eradication, and recovery. Learners start with fundamentals in the Introduction to Incident Response collection, validating SIEM results and practicing post-incident activities, then apply those concepts in hands-on scenarios within the Incident Response collection, including phishing email triage, data exfiltration, persistence via accessibility features, application shimming, RAT investigations, PST parsing, and modern phishing evasion such as ZWSP attacks. Broad log expertise is developed through Web Log Analysis and Log Analysis, while Elastic Stack labs teach data ingest with Beats and practical analysis workflows; Introduction to Detection Engineering strengthens alert logic, parent/child process reasoning, and custom detections.
Technical depth is expanded through Malware Analysis and Practical Malware Analysis, covering static and dynamic techniques, network simulation, memory analysis, and case studies of real threats like Quasar RAT, DarkComet, Qakbot, and ransomware families including Ryuk and Conti. Malicious Documents Analysis trains VBA, OLE, DDE, and dropper tradecraft; Packet Analysis sharpens tcpdump, ngrep, Wireshark, and BPF filtering for traffic triage and artifact extraction. Detection content creation is advanced with Yara and Snort rule authoring and tuning, and adversary-focused DFIR is exercised in DFIR – Wizard Spider, including Sigma-based detection and end-to-end ransomware operations. CVEs (Threat Hunting) equips learners to investigate and defend against high-impact vulnerabilities across enterprise technologies, while Introduction to Velociraptor builds endpoint triage and VQL-driven hunting skills.
This category is ideal for SOC analysts, incident responders, threat hunters, detection engineers, and blue team leads. Graduates will be equipped to rapidly detect and investigate incidents, craft high-fidelity detections, analyze malware and malicious documents, hunt across endpoints and networks, and contain, eradicate, and recover from attacks with confidence.
Collections
Collection Name
Lab Count
Malware Analysis
18
CVEs (Threat Hunting)
16
Packet Analysis
15
Incident Response
14
Practical Malware Analysis
12
Yara
12
Snort
11
DFIR - Wizard Spider
10
Elastic Stack
10
Log Analysis
10
Malicious Documents Analysis
10
Introduction to Incident Response
8
Introduction to Velociraptor
8
Web Log Analysis
6
Introduction to Detection Engineering
5
Malware Analysis
Lab
Difficulty
Format
Malware Analysis: Tracking a LOLBins Campaign – Infection
5
practical
Malware Analysis: Tracking a LOLBins Campaign – Acquisition
6
practical
Malware Analysis: Tracking a LOLBins Campaign – Examination
6
practical
Malware Analysis: Quasar RAT
8
practical
Malware Analysis: EvilGnome
7
practical
Malware Analysis: WikiWorm.exe
7
practical
Malware Analysis: CookieMiner
6
practical
Malware Analysis: ELECTRICFISH
6
practical
Malware Analysis: GlitchPOS Memory Analysis
6
practical
Malware Analysis: AutoIt
6
practical
Malware Analysis: DarkComet
7
practical
Malware Analysis: Scranos Rootkit
6
practical
Malware Analysis: HTTPotato.dll
6
practical
Malware Analysis: Shlayer
6
practical
Malware Analysis: Qakbot
6
practical
Malware Analysis: Kovter Trojan
5
practical
Ransomware: Conti – Source Code Analysis
5
practical
Malware Analysis: SpeakUp
6
practical
CVEs (Threat Hunting)
Lab
Difficulty
Format
Windows LPE (InstallerFileTakeOver) – Defensive
7
practical
CVE-2021-41773 (Apache) – Defensive
5
practical
CVE-2021-40444 (MSHTML) – Defensive
4
practical
CVE-2021-25281 (SaltStack) – Defensive
5
practical
CVE-2021-22205 (GitLab) – Defensive
5
practical
CVE-2021-3156 (Baron Samedit) – Defensive
6
practical
CVE-2021-1675 (PrintNightmare) – Defensive
5
practical
CVE-2020-16898 (Bad Neighbor) – Defensive
6
practical
CVE-2020-11651 (SaltStack RCE) – Defensive
6
practical
CVE-2020-5902 (F5 BIG-IP) – Defensive
5
practical
CVE-2019-19781 (Citrix RCE) – Defensive
5
practical
CVE-2019-10149 (Exim Server RCE) — Defensive
5
practical
CVE-2022-1388 (F5 BIG-IP) – Defensive
5
practical
Control Web Panel – Defensive
5
practical
LogCrusher: Offensive
6
practical
CVSS v4.0
1
theory
Packet Analysis
Lab
Difficulty
Format
Packet Analysis: Packet Capture Basics
4
practical
Packet Analysis: TLS Handshake
4
practical
Packet Analysis: Device Information
5
practical
Packet Analysis: Malware Traffic
5
practical
Packet Capture: Key Extraction
6
practical
Packet Analysis: Using ngrep
5
practical
Packet Analysis: Using tcpdump
5
practical
Packet Analysis: BPF Syntax
4
practical
Packet Analysis: Demonstrate Your Skills
7
practical
Wireshark: Metrics and Statistics
4
practical
Wireshark: Using Tshark
5
practical
Wireshark: Display Filters – Diving In
5
practical
Wireshark: Display Filters – Combining Filters
5
practical
Wireshark: Stream/Object Extraction
5
practical
Wireshark: Display Filters – Introduction to Filters
4
practical
Incident Response
Lab
Difficulty
Format
Malicious Document Analysis: Introduction to Malicious Documents
5
practical
Malicious Document Analysis: Visual Basic for Applications (VBA)
Practical Malware Analysis: Demonstrate Your Skills
6
practical
Ransomware: Ryuk
4
practical
Marap
5
practical
Yara
Lab
Difficulty
Format
Yara: Creating Rules
5
practical
Yara: Boolean Operators
5
practical
Yara: Regular Expressions
5
practical
Yara: Scanning Malicious Files
5
practical
Yara: Strings for Rule Creation
5
practical
Yara: Detecting Evasive Malware
5
practical
Yara: Detecting Cryptographic Strings
5
practical
Yara: Rule Building with Matching Strings
5
practical
Yara: Using Yara Modules
5
practical
Yara: Modules
5
practical
Yara: Tuning Rules
6
practical
Yara: Demonstrate Your Skills
6
practical
Snort
Lab
Difficulty
Format
Snort Rules: Introduction
5
practical
Snort Rules: DNS
6
practical
Snort Rules: HTTP
6
practical
Snort Rules: SMTP
6
practical
Snort Rules: Fake Tech Support Popup
6
practical
Snort Rules: Credential Stealer via FTP Traffic
6
practical
Snort Rules: Lokibot Infection Traffic
6
practical
Snort Rules: Emotet with Trickbot Infection Traffic
6
practical
Snort Rules: Exploit Kits
6
practical
Snort Rules: Demonstrate Your Skills
7
practical
Spelevo Exploit Kit
5
practical
DFIR - Wizard Spider
Lab
Difficulty
Format
Wizard Spider DFIR: What is Wizard Spider?
3
theory
Wizard Spider DFIR: Ransomware Analysis
5
practical
Wizard Spider DFIR: Risk Identification
5
practical
Wizard Spider DFIR: Compromise Assessment
5
practical
Wizard Spider DFIR: Network Traversal
5
practical
Wizard Spider DFIR: Enumeration
5
practical
Wizard Spider DFIR: Initial Access
5
practical
Wizard Spider DFIR: Dropper Analysis
6
practical
Wizard Spider DFIR: Sigma
5
practical
Wizard Spider DFIR: Demonstrate Your Skills
6
practical
Elastic Stack
Lab
Difficulty
Format
Elastic Playground: eCommerce Data
4
practical
Elastic Playground: Flight Data
4
practical
Elastic Playground: Web Logs
4
practical
Elastic Data Ingest: Auditbeat
5
practical
Elastic Data Ingest: Filebeat
5
practical
Elastic Data Ingest: Metricbeat
5
practical
Elastic Data Ingest: Packetbeat
5
practical
Elastic Data Ingest: Heartbeat
5
practical
Elastic Data Ingest: Winlogbeat
5
practical
Elastic Data Ingest: Demonstrate Your Skills
6
practical
Log Analysis
Lab
Difficulty
Format
Web Log Analysis: What are Web Server Logs?
2
theory
Web Log Analysis: Log Formats
2
theory
Web Log Analysis: Access Logs
4
practical
Web Log Analysis: Error Logs
4
practical
Web Log Analysis: Searching Web Server Logs using Linux CLI
5
practical
Web Log Analysis: The Tomcat's Out Of The Bag
6
practical
Log Finder
4
practical
SMTP Log Analysis
4
practical
Elastic Playground: Accounting and Audit
5
practical
Splunk: Malicious Account Creation
5
practical
Malicious Documents Analysis
Lab
Difficulty
Format
Malicious Document Analysis: Introduction to Malicious Documents
5
practical
PowerPoint as a Malware Dropper
4
practical
Digital Forensics: DDE Analysis
5
practical
ODT Dropper Analysis
6
practical
Malicious Document Analysis: Visual Basic for Applications (VBA)
6
practical
Malicious Documents Analysis: Copy and Paste Compromise
6
practical
Malicious Document Analysis: Dropper Analysis
6
practical
Browser Extensions: Chrome
5
practical
Mshta
5
practical
Malicious Document Analysis: OLE tools
6
practical
Introduction to Incident Response
Lab
Difficulty
Format
Introduction to Incident Response: Introduction
3
theory
Introduction to Incident Response: Process
3
theory
Introduction to Incident Response: Preparation
3
theory
Introduction to Incident Response: Detection and Analysis
3
theory
Introduction to Incident Response: Containment, Eradication, and Recovery
3
theory
Introduction to Incident Response: Post-Incident Activity
3
theory
Validating SIEM Results
3
theory
Introduction to Incident Response: Demonstrate Your Knowledge
3
theory
Introduction to Velociraptor
Lab
Difficulty
Format
Introduction to Velociraptor: What is Velociraptor?
2
theory
Introduction to Velociraptor: Getting Started
4
practical
Introduction to Velociraptor: VQL
4
practical
Introduction to Velociraptor: Searching
4
practical
Introduction to Velociraptor: NTFS
4
practical
Introduction to Velociraptor: Triage
4
practical
Introduction to Velociraptor: Client Monitoring
4
practical
Introduction to Velociraptor: Demonstrate Your Skills
5
practical
Web Log Analysis
Lab
Difficulty
Format
Web Log Analysis: What are Web Server Logs?
2
theory
Web Log Analysis: Log Formats
2
theory
Web Log Analysis: Access Logs
4
practical
Web Log Analysis: Error Logs
4
practical
Web Log Analysis: Searching Web Server Logs using Linux CLI
5
practical
Web Log Analysis: The Tomcat's Out Of The Bag
6
practical
Introduction to Detection Engineering
Lab
Difficulty
Format
Introduction to Detection Engineering: Fundamentals
3
theory
Introduction to Detection Engineering: Foundational Concepts
5
practical
Introduction to Detection Engineering: Parent Processes
5
practical
Introduction to Detection Engineering: Advanced Skills
6
practical
Introduction to Detection Engineering: Custom Alerting
7
practical
Reconnaissance
The Reconnaissance category on the Immersive Labs cybersecurity training platform builds the foundational skills used to discover, collect, and assess information about targets before active engagement. Through hands-on labs, learners practice both passive and active techniques to map attack surfaces, reduce investigator exposure, and turn publicly available data into actionable intelligence. The OSINT collection develops disciplined open-source intelligence workflows, from mastering search engines and working with cached and archived content to maintaining online anonymity and investigator OPSEC using tools like Tor. Labs delve into harvesting data from social media and understanding privacy implications, extracting EXIF metadata, interpreting robots.txt, uncovering default credentials, and enriching domain intelligence with platforms such as Shodan.io and Spiderfoot—ensuring learners can correlate signals and pivot efficiently while staying ethical and compliant.
Complementing passive intelligence, the Scanning collection equips learners to validate findings and enumerate services safely and systematically. You will practice banner grabbing and DNS enumeration (including zone transfers), explore network scanning and port knocking concepts, and apply targeted web assessments with Nikto, DIRB, WPScan, and DrupeScan. The collection culminates in a “Demonstrate Your Skills” lab that reinforces methodology and tool selection in realistic scenarios. This category is ideal for aspiring and practicing penetration testers, red teamers, SOC analysts, incident responders, and defenders who need to understand how adversaries profile environments. By completing it, learners will be able to plan and execute reconnaissance with strong OPSEC, select the right tools for each context, and produce high-quality intelligence that informs both offensive testing and defensive hardening.
Collections
Collection Name
Lab Count
OSINT
15
Scanning
9
OSINT
Lab
Difficulty
Format
Open Source Intelligence (OSINT): Search Engines
2
theory
Open Source Intelligence (OSINT): Online Anonymity
3
theory
Open Source Intelligence (OSINT): Cached and Archived Websites
2
theory
Open Source Intelligence (OSINT): Social Media and Privacy
1
theory
Open Source Intelligence (OSINT): Investigator Operations Security (OPSEC)
3
theory
Open Source Intelligence (OSINT): Robots.txt
3
theory
Open Source Intelligence (OSINT): EXIF
3
theory
Open Source Intelligence (OSINT): Social Media
3
theory
Open Source Intelligence (OSINT): Boarding Pass
4
theory
Open Source Intelligence (OSINT): Shodan.io
2
theory
Tor
3
theory
Open Source Intelligence (OSINT): Deleted Tweet
3
theory
Open Source Intelligence (OSINT): Default Credentials
2
practical
Spiderfoot
3
practical
Open Source Intelligence (OSINT): Domain Intel
3
theory
Scanning
Lab
Difficulty
Format
Scanning: Nikto and DIRB
4
practical
Scanning: Port Knocking
5
practical
Scanning: DNS Enumeration
5
practical
Scanning: WPScan
5
practical
Scanning: DrupeScan
5
practical
Scanning: Banner Grabbing
4
practical
Scanning: DNS Zone Transfer
5
practical
Scanning: Network Scanning
4
practical
Scanning: Demonstrate Your Skills
5
practical
Web App Hacking
The Web App Hacking category on the Immersive Labs cybersecurity training platform builds hands-on skills for identifying, exploiting, and mitigating weaknesses in modern web applications. Learners start with strong fundamentals in collections like Introduction to Web App Hacking, which covers mapping applications, reviewing page source, using OWASP ZAP, and common flaws such as directory traversal and command injection. The OWASP Top 10 (2021) collection reinforces core risk areas—Broken Access Control, Injection, Security Misconfiguration, and more—while Hack Your First Web Application guides learners through enumeration to exploiting low-, medium-, and high-risk issues. Practical tooling is covered in the Burp Suite collection, and related foundations are supported by Databases and Introduction to Penetration Testing for broader context.
Deeper technical capability is developed through targeted tracks such as SQL Injection Basics and the advanced SQL Injection collection, Cross-Site Scripting (XSS), and Server-Side Template Injection, alongside Authentication and Authorization Flaws and Intermediate Web App Hacking for topics like SSRF, XXE, JWT weaknesses, and log poisoning. Real-world exposure comes from the extensive CVEs (Web App Hacking) collection, where learners investigate high-impact vulnerabilities—including Spring4Shell (CVE-2022-22965), Apache Struts flaws, Redis Lua RCE, Dirty Pipe, and Text4Shell—across both offensive and defensive scenarios to understand exploitation, detection, and remediation. Language-specific risks are addressed in OWASP (2017) Java, and skills are validated in the Assessment: Web Application Security Testing. This category is ideal for aspiring and practicing penetration testers, defenders, and developers; by completing it, learners will be equipped to test web applications end to end, communicate risk effectively, and implement practical fixes and controls.
Server-Side Template Injection: SSTI in Jinja2 Templates
6
practical
Server-Side Template Injection: SSTI in Embedded Ruby (ERB) Templates
6
practical
Server-Side Template Injection: SSTI in Twig Templates
6
practical
Server-Side Template Injection: Demonstrate Your Skills
6
practical
Burp Suite
Lab
Difficulty
Format
Burp Suite Basics: Introduction
4
practical
Burp Suite Basics: HTTPS
4
practical
Burp Suite Basics: Target
5
practical
Burp Suite Basics: Intruder
5
practical
Burp Suite Basics: Repeater
5
practical
Databases
Lab
Difficulty
Format
MongoDB: An Introduction
4
practical
SQL: An Introduction
4
practical
SQLite3: An Introduction
4
practical
Introduction to osquery
4
practical
Encrypted mongoDB
5
practical
Introduction to Penetration Testing
Lab
Difficulty
Format
Introduction to Penetration Testing: Infrastructure
3
theory
Introduction to Penetration Testing: Mobile Applications
3
theory
Introduction to Penetration Testing: Web Applications
3
theory
Introduction to Penetration Testing: The Basics
2
theory
Introduction to Penetration Testing: Demonstrate Your Knowledge
3
theory
SQL Injection
Lab
Difficulty
Format
SQL Injection: File Download
6
practical
SQL Injection: Boolean-Based Blind
7
practical
SQL Injection: Time-Based Blind
7
practical
SQL Injection: sqlmap
5
practical
SQL Injection: UNION
6
practical
Assessment: Web Application Security
Lab
Difficulty
Format
Assessment: Web Application Security Testing
1
practical
AI Essentials
On the Immersive Labs cybersecurity training platform, the AI Essentials category builds practical knowledge and skills for understanding, using, and securing artificial intelligence—especially modern generative AI and large language models. It blends core AI concepts with hands-on defense techniques, governance considerations, and threat-focused scenarios so learners can safely adopt AI and respond to emerging risks.
Learners explore the OWASP Top 10 for LLMs and GenAI, a 10‑lab collection that develops the ability to identify, exploit, and mitigate risks such as prompt injection, sensitive information disclosure, supply chain weaknesses, data and model poisoning, improper output handling, excessive agency, system prompt leakage, vector and embedding weaknesses, misinformation, and unbounded consumption. AI Fundamentals lays a strong base across AI concepts, data ethics and responsible use, emerging threats, TensorFlow, image classification, generative AI models, prompt injection attacks, and incident response, culminating in a skills demonstration. AI Foundations dives deeper into modern architectures and patterns—Large Language Models (LLMs), Retrieval Augmented Generation (RAG), Model Context Protocol (MCP), and Agentic AI—alongside a knowledge check. Fundamental AI Algorithms teaches practical machine learning with security-flavored use cases using K-Means, Decision Trees, and SVMs for tasks like beacon, script, and behavior detection. AI for Business equips decision‑makers with an understanding of what AI is, its benefits and risks, and how to use AI at work responsibly.
This category is designed for security practitioners, incident responders, detection engineers, developers building with LLMs, and business and risk leaders. By completing it, learners will be equipped to evaluate and securely deploy AI capabilities, recognize and mitigate LLM‑specific risks, implement guardrails and governance, and respond confidently to AI‑driven threats.
Collections
Collection Name
Lab Count
OWASP Top 10 for LLMs and GenAI
10
AI Fundamentals
9
AI Foundations
7
Fundamental AI Algorithms
7
AI for Business
6
AWS Bedrock Guardrails
3
Azure Foundry Guardrails
3
NVIDIA NeMo Guardrails
4
AI Agents Idendity
3
OWASP Top 10 for LLMs and GenAI
Lab
Difficulty
Format
OWASP Top 10 for LLMs and GenAI: Prompt Injection
2
theory
OWASP Top 10 for LLMs and GenAI: Sensitive Information Disclosure
2
theory
OWASP Top 10 for LLMs and GenAI: Supply Chain
2
theory
OWASP Top 10 for LLMs and GenAI: Data and Model Poisoning
2
theory
OWASP Top 10 for LLMs and GenAI: Improper Output Handling
2
theory
OWASP Top 10 for LLMs and GenAI: Excessive Agency
2
theory
OWASP Top 10 for LLMs and GenAI: System Prompt Leakage
2
theory
OWASP Top 10 for LLMs and GenAI: Vector and Embedding Weaknesses
2
theory
OWASP Top 10 for LLMs and GenAI: Misinformation
2
theory
OWASP Top 10 for LLMs and GenAI: Unbounded Consumption
2
theory
AI Fundamentals
Lab
Difficulty
Format
AI: Introduction to AI
2
theory
AI: Data Ethics and Responsible Use
2
theory
AI: Emerging Threats
2
theory
AI: TensorFlow for Machine Learning
3
practical
AI: Image Classification
3
practical
AI: Generative AI Models
2
practical
AI: Prompt Injection Attacks
5
practical
AI: Artificial Intelligence for Incident Responders
2
practical
AI: Demonstrate Your Skills
4
practical
AI Foundations
Lab
Difficulty
Format
AI Foundations: Artificial Intelligence
1
theory
AI Foundations: Core Components
1
theory
AI Foundations: Large Language Models (LLMs)
1
theory
AI Foundations: Retrieval Augmented Generation (RAG)
2
practical
AI Foundations: Model Context Protocol (MCP)
2
practical
AI Foundations: Agentic AI
2
practical
AI Foundations: Demonstrate Your Knowledge
1
theory
Fundamental AI Algorithms
Lab
Difficulty
Format
Fundamental AI Algorithms: Introduction
3
theory
Fundamental AI Algorithms: K-Means Introduction
5
practical
Fundamental AI Algorithms: K-Means Beacon Detection
6
practical
Fundamental AI Algorithms: Decision Trees Introduction
5
practical
Fundamental AI Algorithms: Decision Trees Script Detection
6
practical
Fundamental AI Algorithms: SVMs Introduction
5
practical
Fundamental AI Algorithms: SVMs Behavior Detection
6
practical
AI for Business
Lab
Difficulty
Format
AI for Business: Defining Artificial Intelligence
1
theory
AI for Business: Algorithms and Datasets
1
theory
AI for Business: The AI Ecosystem
1
theory
AI for Business: Risks and Responsible Integration
1
theory
AI for Business: Regulatory and Ethical Landscapes
The Building with AI category on the Immersive Labs cybersecurity training platform guides practitioners through designing, implementing, and securing AI-enabled applications and agent workflows from first prompt to production. Through hands-on labs, you’ll build proficiency in manual prompting and spec-driven development, safe tool invocation via the Model Context Protocol (MCP) and extensions, multi-agent patterns, plugin and slash-command interfaces, sandboxing, hooks, and skills. You will also learn to implement policy engines and guardrails that deliver governance, auditability, and risk controls for real-world use.
In the Building with AI: Claude Code collection, learners progress from foundational prompting to advanced topics including Tools and MCP, Slash Commands, Claude Skills, Subagents, Hooks, Plugins, and Guardrails, culminating in a Demonstrate Your Knowledge capstone. Building with AI: Gemini CLI adds agent skills, sandboxes, hooks, a policy engine, and guardrails to help you design resilient, governed agent workflows, while Building with AI: Codex CLI focuses on practical prompting, spec-driven development, Tools and MCP, Slash Commands, and Guardrails for streamlined, secure delivery. This category is ideal for software engineers, security engineers, DevSecOps practitioners, and platform teams who need to ship AI features responsibly; by the end, you’ll be equipped to prototype and integrate AI, apply guardrails and policies, govern tool use, and operate AI systems that are robust, auditable, and aligned with security and compliance requirements.
Collections
Collection Name
Lab Count
Building with AI: Claude Code
11
Building with AI: Gemini CLI
10
Building with AI: Codex CLI
7
AI Agent Governance
3
Model Evaluation
3
Building with AI: Claude Code
Lab
Difficulty
Format
Building with AI: Claude Code – Introduction
3
practical
Building with AI: Claude Code – Manual Prompting
3
practical
Building with AI: Claude Code – Spec-Driven Development
4
practical
Building with AI: Claude Code – Tools and MCP
4
practical
Building with AI: Claude Code – Slash Commands
4
practical
Building with AI: Claude Code – Claude Skills
4
practical
Building with AI: Claude Code – Subagents
4
practical
Building with AI: Claude Code – Hooks
4
practical
Building with AI: Claude Code – Plugins
4
practical
Building with AI: Claude Code – Guardrails
3
practical
Building with AI: Claude Code – Demonstrate Your Knowledge
4
theory
Building with AI: Gemini CLI
Lab
Difficulty
Format
Building with AI: Gemini CLI – Introduction
3
practical
Building with AI: Gemini CLI – Manual Prompting
3
practical
Building with AI: Gemini CLI – Spec-Driven Development (Conductor)
3
practical
Building with AI: Gemini CLI – Agent Skills
4
practical
Building with AI: Gemini CLI – Sandboxes
4
practical
Building with AI: Gemini CLI – Hooks
4
practical
Building with AI: Gemini CLI – Policy Engine
4
practical
Building with AI: Gemini CLI – Guardrails
3
practical
Building with AI: Gemini CLI – Tools, MCP, and Extensions
4
practical
Building with AI: Gemini CLI – Demonstrate Your Knowledge
4
theory
Building with AI: Codex CLI
Lab
Difficulty
Format
Building with AI: Codex CLI – Introduction
3
practical
Building with AI: Codex CLI – Manual Prompting
4
practical
Building with AI: Codex CLI – Spec-Driven Development
4
practical
Building with AI: Codex CLI – Tools and MCP
3
theory
Building with AI: Codex CLI – Slash Commands
4
practical
Building with AI: Codex CLI – Guardrails
3
practical
Building with AI: Codex CLI – Demonstrate Your Knowledge
4
theory
AI Agent Governance
Lab
Difficulty
Format
AI Agent Governance: Auditing an Over-Privileged Agent
5
practical
AI Agent Governance: Applying Least Privilege to Agents
5
practical
AI Agent Governance: Demonstrate Your Skills
5
practical
Model Evaluation
Lab
Difficulty
Format
Model Evaluation: Prompt Evaluation
5
practical
Model Evaluation: Trace and Agent Evaluation
5
practical
Model Evaluation: Demonstrate Your Knowledge
5
practical
Secure AI Adoption
Regulated industries and large organizations are trying to find ways to implement AI without it scaring leadership and these collections can help bridge the knowledge gaps required to effectively answer these questions. Secure AI Adoption will empower your teams to:
Enforce "Secure by Design" principles: Wrap unpredictable models in a verified security layer.
Accelerate Innovation: Move to production faster by neutralizing poor implementation of AI inside an organization.
These labs cover ROI and Use Case Analysis, AI Framework lifecycle implementation - NIST AI RMF and ISO 42001, Data Lineage and Data Loss Protection in the AI world, Observability principles and Observability of deployed agents in an environment.
These collections are ideal for Engineers, Devolpers, Software Architects, Security Enginners, CISOs and Risk Officers.
Collections
Collection Name
Lab Count
AI Governance
3
AI Data Protection
3
Agentic Observability
3
AI Governance
Lab
Difficulty
Format
AI Governance: AI Lifecycles and Determining ROI
2
theory
AI Governance: AI Frameworks - NIST AI RMF and ISO/IEC 42001
2
theory
AI Governance: Demonstrate Your Knowledge
3
theory
AI Data Protection
Lab
Difficulty
Format
AI Data Protection: Data Lineage
2
theory
AI Data Protection: Data Loss Prevention (DLP)
2
theory
AI Data Protection: Demonstrate Your Knowledge
3
theory
Agentic Observability
Lab
Difficulty
Format
Agentic Observability: AI Observability Principles
3
practical
Agentic Observability: Observability Analysis
5
practical
Agentic Observability: Demonstrate Your Knowledge
3
theory
AI for Defenders
Elasticsearch: AI for defenders collection covers the end-to-end deployment and operational use of Elastic's AI Assistant capabilities within Kibana. The collection takes learners from initial setup (LLM connectors, tools, agents) through effective operational use, to a capstone exercise demonstrating competence in building and leveraging AI-powered security workflows.
Lab
Difficulty
Format
Elasticsearch AI: Investigating a Clickfix intrustion
5
practical
Elasticsearch AI: Chat, Agents and Tools
5
practical
Elasticsearch AI: Demonstrate Your Skills
5
practical
AI Red Teaming Collection
This collection introduces you to the unique challenges of attacking AI-integrated systems, contrasting traditional security testing with adversarial machine learning and setting the stage for the MITRE ATLAS framework.
Collections
Collection Name
Lab Count
AI Red Teaming Foundations
1
AI Red Teaming: Reconnaissance
3
Agentic Observability
3
AI Red Teaming: AI Model Access
3
AI Red Teaming: Initial Access
3
AI Red Teaming: Persistence
3
Foundation
Lab
Difficulty
Format
AI Red Teaming Foundations: Introduction to AI Red Teaming
2
Theory Lab
AI Red Teaming: Reconnaissance
Lab
Difficulty
Format
AI Red Teaming: Reconnaissance – Web Applications
5
practical
AI Red Teaming: Reconnaissance – Open Repositories
5
practical
AI Red Teaming: Reconnaissance – Demonstrate Your Skills
6
practical
Agentic Observability
Lab
Difficulty
Format
Agentic Observability: AI Observability Principles
3
practical
Agentic Observability: Observability Analysis
5
practical
Agentic Observability: Demonstrate Your Knowledge
3
practical
AI Red Teaming: AI Model Access
Lab
Difficulty
Format
AI Red Teaming: AI Model Access – Inference API
3
practical
AI Red Teaming: AI Model Access – Demonstrate Your Skills
5
practical
AI Red Teaming: AI Model Access – Model Fingerprinting
3
practical
AI Red Teaming: Initial Access
Lab
Difficulty
Format
AI Red Teaming: Initial Access – Demonstrate Your Skills
7
practical
AI Red Teaming: Initial Access – Prompt Infiltration
5
practical
AI Red Teaming: Initial Access – Supply Chain Attacks
6
practical
AI Red Teaming: Persistence
Lab
Difficulty
Format
AI Red Teaming: Persistence – Agent Tool Poisoning
5
practical
AI Red Teaming: Persistence – Memory Poisoning
5
practical
AI Red Teaming: Persistence – Demonstrate Your Skills
6
practical
AI Blue Teaming Collection
As Artificial Intelligence (AI) becomes deeply integrated into the enterprise, it introduces a new class of security threats. This lab introduces the fundamental skills required to detect, investigate, and contain incidents involving AI. This lab introduces the fundamental skills required to detect, investigate, and contain incidents involving Large Language Models (LLMs) and AI-driven applications. It looks at frameworks such as MITRE ATLAS and NVIDIA Kill chain, as well as the Regulatory Requirements Driving AI Security.
Collections
Collection Name
Lab Count
AI Blue Teaming Foundations
2
AI Blue Teaming: Reconnaissance
3
Foundation
Lab
Difficulty
Format
Introduction to AI Blue Teaming (Part 1)
2
theory
Introduction to AI Blue Teaming (Part 2)
2
theory
AI Blue Teaming: Reconnaissance
Lab
Difficulty
Format
AI Blue Teaming: Reconnaissance – Introduction
3
practical
AI Blue Teaming: Reconnaissance – Detection
5
practical
AI Blue Teaming: Reconnaissance – Demonstrate Your Skills
6
practical
Cloud Fundamentals
On the Immersive Labs cybersecurity training platform, the Cloud Fundamentals category builds core cloud knowledge and practical security skills through hands-on labs mapped to real-world frameworks and operating models. Learners progress from foundational concepts—service models (SaaS, PaaS, IaaS), virtualization, Infrastructure as Code, identity federation with SAML, secrets management, and security automation—in the Cloud Fundamentals collection, to structured assurance using Cloud Security Alliance Cloud Controls Matrix v4.0 and other standards. The NCSC – Cloud Security Guidance collection translates the UK NCSC’s cloud security principles into practice, enabling learners to assess and implement controls for data in transit, asset protection and resilience, user separation, governance, operational and personnel security, secure development and supply chain, identity and authentication, external interface protection, secure administration, auditability, and safe service use.
Complementing this, the NIST – Guidelines on Security and Privacy in Public Cloud Computing (800-144) collection strengthens decision-making around governance, compliance, trust, architecture, IAM, software isolation, data protection, availability, and incident response. The DevSecOps collection walks through the full software lifecycle—plan, code, build, test, release, deploy, operate, and monitor—to embed security into pipelines and cloud-native delivery. Finally, Zero Trust in the Cloud equips learners to apply identity-centric access, endpoint hardening, and network micro-segmentation patterns across cloud environments. This category is ideal for security analysts, cloud engineers and architects, DevOps/Platform teams, and risk and compliance professionals moving workloads to the cloud. Graduates will be equipped to evaluate providers against recognized frameworks, architect and operate secure cloud services, implement zero trust and robust IAM, automate controls and compliance, and respond effectively to cloud security incidents.
Collections
Collection Name
Lab Count
NCSC - Cloud Security Guidance
15
Cloud Fundamentals
12
NIST – Guidelines on Security and Privacy in Public Cloud Computing (800-144)
10
DevSecOps
9
Zero Trust in the Cloud
4
NCSC - Cloud Security Guidance
Lab
Difficulty
Format
NCSC Cloud Security: Introduction
1
theory
NCSC Cloud Security: Data in Transit
2
theory
NCSC Cloud Security: Asset Protection and Resilience
NIST – Guidelines on Security and Privacy in Public Cloud Computing (800-144)
Lab
Difficulty
Format
NIST 800-144: Guidelines on Security and Privacy in Public Cloud Computing
1
theory
NIST 800-144 Cloud Security: Governance
1
theory
NIST 800-144 Cloud Security: Compliance
1
theory
NIST 800-144 Cloud Security: Trust
1
theory
NIST 800-144 Cloud Security: Architecture
1
theory
NIST 800-144 Cloud Security: Identity and Access Management
2
theory
NIST 800-144 Cloud Security: Software Isolation
2
theory
NIST 800-144 Cloud Security: Data Protection
1
theory
NIST 800-144 Cloud Security: Availability
1
theory
NIST 800-144 Cloud Security: Incident Response
1
theory
DevSecOps
Lab
Difficulty
Format
DevSecOps: Introduction
1
theory
DevSecOps: Plan
2
theory
DevSecOps: Code
2
theory
DevSecOps: Build
2
theory
DevSecOps: Test
2
theory
DevSecOps: Release
2
theory
DevSecOps: Deploy
2
theory
DevSecOps: Operate
2
theory
DevSecOps: Monitor
2
theory
Zero Trust in the Cloud
Lab
Difficulty
Format
Zero Trust in the Cloud: Introduction
1
theory
Zero Trust in the Cloud: Identity and Access Management
1
theory
Zero Trust in the Cloud: Endpoint Security
1
theory
Zero Trust in the Cloud: Networking
1
theory
Infrastructure Hacking
Infrastructure Hacking on the Immersive Labs cybersecurity training platform covers the end-to-end skills required to assess, exploit, and defend modern enterprise infrastructure. Learners progress from core reconnaissance, enumeration, and protocol abuse through privilege escalation, lateral movement, persistence, and post-exploitation, with mappings to adversary behavior via the MITRE ATT&CK collection. Alongside network and operating system tradecraft, the category extends into Active Directory, Kerberos, databases, embedded and automotive systems, and practical tool usage that mirrors real-world operations.
Hands-on collections anchor these skills. The CVEs (Infrastructure Hacking) and CVEs (Privilege Escalation) collections immerse learners in reproducing and mitigating high-impact vulnerabilities such as Log4j, PrintNightmare, ProxyLogon, F5 BIG-IP flaws, and PwnKit—often with paired offensive and defensive labs to reinforce both perspectives. Infrastructure Pen Testing and the Infrastructure Hacking collections build practical tradecraft—network enumeration, SNMP, Java RMI, pivoting, Kerberoasting, Responder, and DNS hijacking—while Introduction to Metasploit and Post Exploitation With Metasploit develop proficiency with modules, payloads, Meterpreter, and pivoting. Privilege Escalation: Windows and Privilege Escalation: Linux focus on identifying misconfigurations and exploiting SUID bits, cron jobs, weak services, and DLL hijacking. Windows Exploitation and Persistence deepen capability in evasion and long-term access, and Credential Access covers password spraying, dumping, and cracking with tools like Mimikatz and John the Ripper. For enterprise identity attacks, Kerberos and Introduction to Active Directory Attacks teach ticket theft, delegation abuse, and BloodHound analysis. Offensive PowerShell and PoshC2 build scripted tradecraft and command-and-control operations; Discovery accelerates enumeration; Databases introduces SQL, MongoDB, and osquery; and IoT & Embedded Devices plus CANBus extend expertise beyond traditional IT. The Tuoni 101 and 102 series adds real-world operator workflows such as listeners, payloads, redirectors, and lateral movement, with an Assessment: Infrastructure Security to validate readiness.
This category is designed for penetration testers, red teamers, SOC analysts, incident responders, and system administrators seeking practical, repeatable skills. Graduates will be equipped to emulate adversaries using ATT&CK, identify and exploit weaknesses, prioritize and remediate CVEs, harden Windows and Linux estates, operate C2 frameworks responsibly, and communicate findings that measurably improve infrastructure security.
Incident Response: Persistence via Accessibility Features
5
practical
Persistence: Windows Services
6
practical
Post Exploitation With Metasploit
Lab
Difficulty
Format
Post Exploitation With Metasploit: Database Configuration
4
practical
Post Exploitation With Metasploit: Working With Workspaces
4
practical
Post Exploitation With Metasploit: Choosing Payloads and Listeners
4
practical
Post Exploitation With Metasploit: Linux Post-Exploitation
4
practical
Post Exploitation With Metasploit: Windows
6
practical
Post Exploitation With Metasploit: Active Directory
6
practical
Post Exploitation With Metasploit: Execute Assembly
6
practical
Post Exploitation With Metasploit: Pivoting
6
practical
Post Exploitation With Metasploit: Demonstrate Your Skills
6
practical
Privilege Escalation: Linux
Lab
Difficulty
Format
Privilege Escalation: Linux – Introduction
4
practical
Privilege Escalation: Linux – Identifying Privilege Escalation Vulnerabilities
4
practical
Privilege Escalation: Linux – Automated Enumeration
5
practical
Privilege Escalation: Linux – SUID and SGID Binaries
5
practical
Privilege Escalation: Linux – Service Permissions
5
practical
Privilege Escalation: Linux – Mountable File Shares
5
practical
Privilege Escalation: Linux – The PATH Variable
5
practical
Privilege Escalation: Linux – Scheduled Jobs
5
practical
Privilege Escalation: Linux – Demonstrate Your Skills
6
practical
Privilege Escalation: Windows
Lab
Difficulty
Format
Privilege Escalation: Windows – Introduction
4
practical
Privilege Escalation: Windows – Identifying Privilege Escalation Vulnerabilities
5
practical
Privilege Escalation: Windows – Automated Enumeration
5
practical
Privilege Escalation: Windows – Finding Passwords
5
practical
Privilege Escalation: Windows – Weak Service Permissions
5
practical
Privilege Escalation: Windows – Unquoted Service Paths
5
practical
Privilege Escalation: Windows – Windows Registry
5
practical
Privilege Escalation: Windows – DLL Hijacking
5
practical
Privilege Escalation: Windows – Demonstrate Your Skills
6
practical
Introduction to Active Directory Attacks
Lab
Difficulty
Format
Introduction to Active Directory Attacks: Overview
3
theory
Introduction to Active Directory Attacks: Local Passwords
4
practical
Introduction to Active Directory Attacks: Domain Passwords
4
practical
Introduction to Active Directory Attacks: Pass-the-Hash
4
practical
Introduction to Active Directory Attacks: Lateral Movement
5
practical
Introduction to Active Directory Attacks: Basic Hunting with BloodHound
6
practical
Introduction to Active Directory Attacks: Foreign Groups
7
practical
Introduction to Active Directory Attacks: Demonstrate Your Skills
7
practical
Offensive PowerShell
Lab
Difficulty
Format
Offensive PowerShell: What is Offensive PowerShell?
3
theory
Offensive PowerShell: Basic Commands
5
practical
Offensive PowerShell: Defense Evasion
5
practical
Offensive PowerShell: AMSI Bypass
5
practical
Offensive PowerShell: Privilege Escalation with PowerUp
6
practical
Offensive PowerShell: Tools and Frameworks
5
practical
Offensive PowerShell: Empire
6
practical
Offensive PowerShell: Demonstrate Your Skills
5
practical
Hack Your First Computer
Lab
Difficulty
Format
Hack Your First PC: Ozone Energy
5
practical
Hack Your First PC: Kali Linux
5
practical
Hack Your First PC: Scanning for Targets
5
practical
Hack Your First PC: Brute Force
5
practical
Hack Your First PC: Gaining Access
5
practical
Hack Your First PC: Privilege Escalation
5
practical
Hack Your First PC: Demonstrate Your Skills
6
practical
Tuoni 102
Lab
Difficulty
Format
Tuoni 102: Redirectors
4
practical
Tuoni 102: Domain Enumeration and Reconnaissance
4
practical
Tuoni 102: Script-Based Reconnaissance and Tools
5
practical
Tuoni 102: Credential Extraction Techniques
5
practical
Tuoni 102: Kerberoasting
5
practical
Tuoni 102: Lateral Movement
6
practical
Tuoni 102: Demonstrate Your Skills
7
practical
Discovery
Lab
Difficulty
Format
Discovery: SMTP User Enumeration
5
practical
Discovery: Windows System Enumeration
5
practical
Discovery: Active Directory Enumeration
6
practical
Discovery: Enumeration Scripts – Introduction
5
practical
Discovery: Enumeration Scripts – Networks and Software
5
practical
Discovery: Browser Bookmarks
4
practical
PoshC2
Lab
Difficulty
Format
PoshC2: Introduction to Command and Control Frameworks
3
theory
PoshC2: An Introduction to PoshC2
5
practical
PoshC2: Enumerating the System
6
practical
PoshC2: Obtaining NTLM hashes
7
practical
PoshC2: Privilege Escalation
7
practical
PoshC2: Demonstrate Your Skills
8
practical
Databases
Lab
Difficulty
Format
MongoDB: An Introduction
4
practical
SQL: An Introduction
4
practical
SQLite3: An Introduction
4
practical
Introduction to osquery
4
practical
Encrypted mongoDB
5
practical
Introduction to Penetration Testing
Lab
Difficulty
Format
Introduction to Penetration Testing: Infrastructure
3
theory
Introduction to Penetration Testing: Mobile Applications
3
theory
Introduction to Penetration Testing: Web Applications
3
theory
Introduction to Penetration Testing: The Basics
2
theory
Introduction to Penetration Testing: Demonstrate Your Knowledge
3
theory
Tuoni 101
Lab
Difficulty
Format
Tuoni 101: What is Tuoni?
2
theory
Tuoni 101: Listeners
4
practical
Tuoni 101: Payloads
4
practical
Tuoni 101: Post Exploitation
5
practical
Tuoni 101: Demonstrate Your Skills
6
practical
Assessment: Infrastructure Security
Lab
Difficulty
Format
Assessment: Infrastructure Security Testing
1
practical
Threat Actors
On the Immersive Labs cybersecurity training platform, the Threat Actors category immerses learners in the tactics, techniques, and procedures of nation‑state and criminal groups and shows how to detect, investigate, and respond to their campaigns across IT and OT environments. Through hands-on labs featuring actors such as Salt Typhoon, Volt Typhoon, Lazarus, Scattered Spider, Wizard Spider, Sandworm, FIN7, APT34, APT35, APT43, and DarkSide/Akira, the flagship Threat Actors collection develops practical skills in log and network forensics, malware triage, YARA and Sigma rule creation, campaign analysis, and mapping behaviors to MITRE ATT&CK. Learners practice analyzing Windows event logs, PCAPs, and ransomware tradecraft, hunt for IOCs, and follow attacker workflows from initial access and persistence through lateral movement, collection, and exfiltration.
Focused collections deepen capability in specific ecosystems and toolsets. APT29: Threat Hunting with Splunk and APT29: Threat Hunting with Elasticsearch guide you end to end—from initial compromise to persistence execution—while building effective hunt queries and analyzing artifacts like LNK files, image steganography, and credential theft activity. DFIR - Wizard Spider walks through compromise assessment, ransomware analysis, network traversal, and custom Sigma detections, and FIN7: Threat Hunting with Splunk emphasizes generating IOCs and identifying data loss. The Hafnium series covers China Chopper, ProxyLogon exploitation, DearCry ransomware, and targeted YARA scanning, while Nobelium explores stages such as EnvyScout, BoomBox, NativeZone, VaporRage, and supporting network analysis. For industrial defenders, OT: Threat Actors examines groups like Sandworm Team and KAMACITE to understand threats to critical infrastructure and how to detect and contain them.
This category is designed for SOC analysts, incident responders, threat hunters, CTI practitioners, and security engineers who need realistic, adversary-focused practice. By completing these collections, learners will be able to profile threat actors, translate TTPs into hunts and detections in SIEMs like Splunk and Elasticsearch, perform DFIR triage and malware analysis, and proactively harden enterprise and OT environments against real-world campaigns.
Collections
Collection Name
Lab Count
Threat Actors
38
APT29: Threat Hunting with Elasticsearch
11
APT29: Threat Hunting with Splunk
11
DFIR - Wizard Spider
10
FIN7: Threat Hunting with Splunk
10
Hafnium
6
Nobelium
5
OT: Threat Actors
5
Threat Actors
Lab
Difficulty
Format
Threat Actors: Salt Typhoon
4
practical
Threat Actors: Peach Sandstorm
4
practical
Threat Actors: Wizard Spider
4
practical
Threat Actors: Onyx Sleet
4
practical
Threat Actors: LightBasin
4
practical
Threat Actors: Earth Krahang
4
practical
Threat Actors: Volt Typhoon
4
practical
Threat Actors: Water Sigbin
4
practical
Threat Actors: Lazarus
4
practical
Threat Actors: Storm-0978
4
practical
Threat Actors: Scattered Spider
4
practical
DarkSide: Overview
3
theory
Ransomware: Darkside
6
practical
Hafnium: Event Log Analysis
5
practical
Hafnium: Detection of IoCs
4
practical
Hafnium: Yara Scanning
4
practical
Hafnium: ProxyLogon (Offensive)
6
practical
Iranian Threat Groups
2
theory
North Korean Indictment: Gaining a Foothold
6
practical
North Korean Indictment: Event Log Analysis
5
practical
FIN7 Threat Hunting with Splunk: What is FIN7?
3
theory
APT34: HighShell PCAP
5
practical
APT34: Glimpse
5
practical
APT34: PoisonFrog
5
practical
Tools Leak — Who is APT34?
3
theory
LAPSUS$
1
theory
Threat Actors: APT43
4
practical
APT43: Malware Analysis
6
practical
Threat Actors: APT35
4
practical
Threat Actors: Mint Sandstorm – Campaign Analysis
6
practical
Threat Actors: APT29
4
practical
Threat Actors: FIN7
4
practical
Threat Actors: OilRig
4
practical
Threat Actors: Sandworm Team
4
practical
Threat Actors: Salt Typhoon – SNAPPYBEE Campaign Analysis
6
practical
Threat Actors: Akira
4
practical
Ransomware Groups: DragonForce
4
practical
Sandworm Campaign: ZEROLOT Wiper
5
practical
APT29: Threat Hunting with Elasticsearch
Lab
Difficulty
Format
APT29 Threat Hunting with Elasticsearch: Initial Compromise
5
practical
APT29 Threat Hunting with Elasticsearch: Rapid Collection and Exfiltration
5
practical
APT29 Threat Hunting with Elasticsearch: Deploy Stealth Toolkit
5
practical
APT29 Threat Hunting with Elasticsearch: Clean-up and Reconnaissance
5
practical
APT29 Threat Hunting with Elasticsearch: LNK File Analysis
7
practical
APT29 Threat Hunting with Elasticsearch: Credential Access
5
practical
APT29 Threat Hunting with Elasticsearch: Additional Collection and Exfiltration
5
practical
APT29 Threat Hunting with Elasticsearch: Expand Access Laterally
5
practical
APT29 Threat Hunting with Elasticsearch: Image Steganography
7
practical
APT29 Threat Hunting with Elasticsearch: Persistence Execution
5
practical
APT29 Threat Hunting with Elasticsearch: Demonstrate Your Skills
7
practical
APT29: Threat Hunting with Splunk
Lab
Difficulty
Format
APT29 Threat Hunting with Splunk: Initial Compromise
5
practical
APT29 Threat Hunting with Splunk: Rapid Collection and Exfiltration
5
practical
APT29 Threat Hunting with Splunk: Deploy Stealth Toolkit
5
practical
APT29 Threat Hunting with Splunk: Clean-up & Reconnaissance
5
practical
APT29 Threat Hunting with Splunk: Establish Persistence
5
practical
APT29 Threat Hunting with Splunk: Credential Access
5
practical
APT29 Threat Hunting with Splunk: Additional Collection & Exfiltration
5
practical
APT29 Threat Hunting with Splunk: Expand Access Laterally
5
practical
APT29 Threat Hunting with Splunk: Lateral Clean-up, Collection and Exfiltration
5
practical
APT29 Threat Hunting with Splunk: Persistence Execution
5
practical
APT29 Threat Hunting with Splunk: Demonstrate Your Skills
7
practical
DFIR - Wizard Spider
Lab
Difficulty
Format
Wizard Spider DFIR: What is Wizard Spider?
3
theory
Wizard Spider DFIR: Ransomware Analysis
5
practical
Wizard Spider DFIR: Risk Identification
5
practical
Wizard Spider DFIR: Compromise Assessment
5
practical
Wizard Spider DFIR: Network Traversal
5
practical
Wizard Spider DFIR: Enumeration
5
practical
Wizard Spider DFIR: Initial Access
5
practical
Wizard Spider DFIR: Dropper Analysis
6
practical
Wizard Spider DFIR: Sigma
5
practical
Wizard Spider DFIR: Demonstrate Your Skills
6
practical
FIN7: Threat Hunting with Splunk
Lab
Difficulty
Format
FIN7 Threat Hunting with Splunk: What is FIN7?
3
theory
FIN7 Threat Hunting with Splunk: Initial Access
5
practical
FIN7 Threat Hunting with Splunk: Execution Logs
5
practical
FIN7 Threat Hunting with Splunk: Execution Analysis
7
practical
FIN7 Threat Hunting with Splunk: Credential Access & Discovery Logs
5
practical
FIN7 Threat Hunting with Splunk: Persistence and Exfiltrating Logs
5
practical
FIN7 Threat Hunting with Splunk: Persistence and Exfiltration Analysis
5
practical
FIN7 Threat Hunting with Splunk: Data Loss Identification
7
practical
FIN7 Threat Hunting with Splunk: Generating IOCs
5
practical
FIN7 Threat Hunting with Splunk: Demonstrate Your Skills
6
practical
Hafnium
Lab
Difficulty
Format
Hafnium: China Chopper
5
practical
Hafnium: Detection of IoCs
4
practical
Hafnium: Event Log Analysis
5
practical
Hafnium: DearCry Ransomware
4
practical
Hafnium: Yara Scanning
4
practical
Hafnium: ProxyLogon (Offensive)
6
practical
Nobelium
Lab
Difficulty
Format
Nobelium: Introduction
3
theory
Nobelium: EnvyScout
5
practical
Nobelium: BoomBox
5
practical
Nobelium: NativeZone and VaporRage
6
practical
Nobelium: Network Analysis
4
practical
OT: Threat Actors
Lab
Difficulty
Format
OT Threat Actors: BAUXITE
4
practical
OT Threat Actors: CyberAv3ngers
4
practical
OT Threat Actors: GRAPHITE
4
practical
OT Threat Actors: Sandworm Team
4
practical
OT Threat Actors: KAMACITE
4
practical
Cloud Tooling
The Cloud Tooling category on the Immersive Labs cybersecurity training platform builds practical, hands-on skills for securing the services, tooling, and automation that underpin modern cloud environments. Learners progress from foundational hardening of web platforms in Apache, NGINX, and Apache Tomcat through to identity, secrets, and policy controls with OAuth and OpenID Connect and Secrets Management with HashiCorp Vault. They deepen cloud-native security competence with Container Hardening – Docker, including image scanning with Trivy and Dockle, and advance their infrastructure-as-code assurance through Secure Terraform collections for AWS, Azure, and Google Cloud Platform, covering encryption, network controls, and service-specific hardening. Network boundary and inspection skills are developed with Fortinet’s Next-Generation Firewall and Palo Alto Network’s Next-Generation Firewall, while AWS Community – Security Tooling introduces reconnaissance and assessment with awspx and compliance checking with Prowler.
Across these collections, learners practice real configuration hardening, least-privilege access, and secure defaults: disabling risky methods and modules, enforcing logging and access controls, running services as non-root, implementing Vault policies and dynamic secrets with PKI, standing up OIDC with Keycloak and Kubernetes RBAC, tightening container images, and codifying cloud controls in Terraform for repeatable, auditable deployments. This category is designed for cloud and security engineers, DevOps/SRE, system administrators, and architects who need to build and maintain resilient, compliant cloud platforms. Graduates will be equipped to design, deploy, and operate secure cloud tooling end to end—reducing attack surface, automating guardrails, and validating posture across web services, identity, containers, firewalls, and multi-cloud infrastructure.
Collections
Collection Name
Lab Count
Apache
12
Secrets Management with HashiCorp Vault
10
Apache Tomcat
7
OAuth and OpenID Connect
6
Container Hardening – Docker
5
Fortinet's Next-Generation Firewall
5
NGINX
5
Palo Alto Network's Next-Generation Firewall
5
Secure Terraform - AWS
5
Secure Terraform - Azure
4
Secure Terraform - Google Cloud Platform
4
AWS Community – Security Tooling
3
Apache
Lab
Difficulty
Format
Apache: Non-Root User
3
practical
Apache: Server Details
3
practical
Apache: Directory Listing
3
practical
Apache: Disable HTTP Trace Method
3
practical
Apache: Enable Logging
3
practical
Apache: Restricting Access Using Require
3
practical
Apache: Disable Unnecessary Modules
3
practical
Apache: Restricting Access with Allow and Deny
3
practical
Secure Ops: Apache – Symbolic Links
3
practical
Apache: Permissions on ServerRoot Directory
4
practical
Apache: Disable SSI and CGI Execution
4
practical
Apache: Demonstrate Your Skills
5
practical
Secrets Management with HashiCorp Vault
Lab
Difficulty
Format
HashiCorp Vault: Introduction
3
practical
HashiCorp Vault: Setup
4
practical
HashiCorp Vault: Authentication
4
practical
HashiCorp Vault: Secrets Engines
4
practical
HashiCorp Vault: Dynamic Secrets with AWS
5
practical
HashiCorp Vault: Public Key Infrastructure
5
practical
HashiCorp Vault: Vault Agent
4
practical
HashiCorp Vault: Policy
4
practical
HashiCorp Vault: Auditing
4
practical
HashiCorp Vault: Demonstrate
6
practical
Apache Tomcat
Lab
Difficulty
Format
Tomcat: User Management – Theory
3
theory
Tomcat: User Management – Practical
4
practical
Tomcat: Running as Root
4
practical
Tomcat: CIS Hardening 1
4
practical
Tomcat: CIS Hardening 2
4
practical
Tomcat: Outdated Version
4
practical
Tomcat: Demonstrate Your Skills
5
practical
OAuth and OpenID Connect
Lab
Difficulty
Format
Introduction to OAuth 2.0: Data Flows and the Authorization Protocol
2
theory
Introduction to OAuth 2.0: Invoking a Flow
4
theory
Introduction to OpenID Connect (OIDC)
3
theory
Keycloak: Introduction
4
practical
Keycloak: OAuth Proxy
5
practical
Kubernetes RBAC: OpenID Connect with Keycloak
5
practical
Container Hardening – Docker
Lab
Difficulty
Format
Container Hardening: Introduction to Containerization
2
theory
Container Hardening: Docker
3
theory
Container Hardening: Scanning with Trivy – Introduction
4
practical
Container Hardening: Scanning with Trivy – Using the Tools
4
practical
Container Hardening: Scanning with Dockle
4
practical
Fortinet's Next-Generation Firewall
Lab
Difficulty
Format
Fortinet's Next-Generation Firewall: Intro to Fortigate
3
theory
Fortinet's Next-Generation Firewall: Setting Up FortiGate
5
practical
Fortinet's Next-Generation Firewall: Internet Egress and TLS Inspection in FortiGate
Palo Alto Network's Next-Generation Firewall: Demonstrate Your Skills
6
practical
Secure Terraform - AWS
Lab
Difficulty
Format
Secure Terraform: What is Terraform?
2
theory
Secure Terraform for AWS: S3 & VPC Hardening
5
practical
Secure Terraform for AWS: EBS Encryption & KMS
5
practical
Secure Terraform for AWS: RDS & Aurora Security
5
practical
Secure Terraform for AWS: EC2 Hardening & Security Groups
5
practical
Secure Terraform - Azure
Lab
Difficulty
Format
Secure Terraform: What is Terraform?
2
theory
Secure Terraform for Azure: Storage Account Security
5
practical
Secure Terraform for Azure: Network Security Groups & DDoS
5
practical
Secure Terraform for Azure: Azure SQL Database Security
6
practical
Secure Terraform - Google Cloud Platform
Lab
Difficulty
Format
Secure Terraform: What is Terraform?
2
theory
Secure Terraform with GCP: Storage & Network Hardening
5
practical
Secure Terraform with GCP: KMS & Persistent Disk Encryption
5
practical
Secure Terraform with GCP: Identity & Instance Hardening
6
practical
AWS Community – Security Tooling
Lab
Difficulty
Format
AWS Community Security Tooling: awspx – Introduction
5
practical
AWS Community Security Tooling: awspx – Challenge
5
practical
AWS Community Security Tooling: Prowler
4
practical
Digital Forensics
The Digital Forensics category on the Immersive Labs cybersecurity training platform develops practical, end-to-end DFIR skills for acquiring, preserving, analyzing, and reporting on digital evidence across endpoints, disks, memory, applications, and networks. Learners progress from foundational concepts to advanced artifact interpretation and memory analysis through hands-on, scenario-driven labs that reflect real investigative workflows.
Across the collections, you’ll build a strong foundation with Introduction to Digital Forensics, then master repeatable investigative methodology in Digital Forensics Process, including acquisition methods, integrity verification, interpretation, anti-forensics detection, and reporting. The Digital Forensics collection broadens platform and artifact coverage with labs on file systems, Windows and Ubuntu image analysis, BitLocker, Chrome and Firefox artifacts, file carving, Magic Bytes, timestomping, DDE, analyzeMFT, NSRL, and LSASS driver analysis. Windows Forensics Artifacts focuses on high-value traces such as Amcache, AppCompatCache, Prefetch, Event Logs, UserAssist, ShellBags, Recycle Bin, MFT, and LNK files. Tool-specific mastery is developed in Autopsy, where you’ll create cases, analyze web, email, mobile, media, and timelines, and generate reports; in Eric Zimmerman's Tools, where you’ll quickly triage and parse registries, event logs, MFT, ShellBags, and compatibility caches with utilities like EvtxECmd, RECmd, MFTECmd, SBECmd, LECmd, RBCmd, PECmd, AppCompatCacheParser, and AmcacheParser; and in Volatility, where you’ll conduct memory forensics across Windows, Linux, and macOS, covering processes, DLLs, kernel objects, networking, registry, and file systems. The Distributed Denial of Service (DDoS) Analysis collection extends investigations into network events, teaching how to identify and dissect Ping of Death, SYN flood, and UDP flood attacks and produce defensible findings.
This category is designed for SOC analysts, incident responders, threat hunters, digital forensics practitioners, and motivated newcomers seeking practical DFIR proficiency. Graduates will be equipped to conduct defensible investigations: acquire and validate evidence, recover and correlate artifacts, detect anti-forensics, perform memory and network attack analysis, construct timelines, and deliver clear, actionable reports.
Collections
Collection Name
Lab Count
Digital Forensics
17
Autopsy
11
Eric Zimmerman's Tools
11
Volatility
10
Windows Forensics Artifacts
10
Digital Forensics Process
9
Introduction to Digital Forensics
6
Distributed Denial of Service (DDoS) Analysis
5
Digital Forensics
Lab
Difficulty
Format
Digital Forensics Process: Collection – Evidence Acquisition and Protection
3
theory
Digital Forensics: File Systems
6
practical
Digital Forensics: Bulk Extractor
5
practical
Digital Forensics: Google Chrome Artifacts
4
practical
Digital Forensics: Mozilla Firefox Artifacts
4
practical
Digital Forensics: File Carving
5
practical
Digital Forensics: Windows Image Analysis
6
practical
Digital Forensics: Ubuntu Image Analysis
7
practical
Digital Forensics: BitLocker Encrypted Drive
7
practical
Digital Forensics: MagicBytes
5
practical
Digital Forensics: Timestomping
6
practical
Digital Forensics: DDE Analysis
5
practical
Digital Forensics: Using analyzeMFT
5
practical
Digital Forensics: National Software Reference Library (NSRL)
4
practical
Digital Forensics: LSASS Driver
6
practical
Digital Forensics: Using file
4
practical
Digital Forensics: Windows Artifacts
7
practical
Autopsy
Lab
Difficulty
Format
Autopsy: Getting Started
4
practical
Autopsy: Cases and Data
4
practical
Autopsy: Tags, Comments, and Reports
4
practical
Autopsy: Files and Volumes
4
practical
Autopsy: Web and Browsers
4
practical
Autopsy: Email and Messages
5
practical
Autopsy: Applications and Mobile
5
practical
Autopsy: Media and Audio-Visual Data
5
practical
Autopsy: Timeline
5
practical
Autopsy: Case Report
4
practical
Autopsy: Demonstrate Your Skills
6
practical
Eric Zimmerman's Tools
Lab
Difficulty
Format
Eric Zimmerman's Tools: Introduction
3
theory
Eric Zimmerman's Tools: EvtxECmd and Timeline Explorer
4
practical
Eric Zimmerman's Tools: RECmd and Registry Explorer
4
practical
Eric Zimmerman's Tools: MFTECmd and MFTExplorer
4
practical
Eric Zimmerman's Tools: SBECmd and ShellBags Explorer
4
practical
Eric Zimmerman's Tools: LECmd
4
practical
Eric Zimmerman's Tools: RBCmd
4
practical
Eric Zimmerman's Tools: PECmd
4
practical
Eric Zimmerman's Tools: AppCompatCacheParser
4
practical
Eric Zimmerman's Tools: AmcacheParser
4
practical
Eric Zimmerman's Tools: Demonstrate Your Skills
6
practical
Volatility
Lab
Difficulty
Format
Volatility: What is the Volatility Framework?
2
theory
Volatility Memory Analysis: Getting Started
4
practical
Volatility Memory Analysis: Processes and DLLs
4
practical
Volatility Memory Analysis: Process Memory
4
practical
Volatility Memory Analysis: Kernel Memory and Objects
4
practical
Volatility Memory Analysis: Networking
4
practical
Volatility Memory Analysis: Registry
4
practical
Volatility Memory Analysis: File Systems
4
practical
Volatility Memory Analysis: Linux/Mac
4
practical
Volatility Memory Analysis: Demonstrate
5
practical
Windows Forensics Artifacts
Lab
Difficulty
Format
Windows Forensics Artifacts: Amcache
3
theory
Windows Forensics Artifacts: AppCompatCache
3
theory
Windows Forensics Artifacts: Prefetch Files
3
theory
Windows Forensics Artifacts: Event Logs
3
theory
Windows Forensics Artifacts: UserAssist
3
theory
Windows Forensics Artifacts: ShellBags
3
theory
Windows Forensics Artifacts: Recycle Bin
3
theory
Windows Forensics Artifacts: Master File Table
3
theory
Windows Forensics Artifacts: Link Files (LNK)
2
theory
Windows Forensics Artifacts: Demonstrate Your Skills
4
theory
Digital Forensics Process
Lab
Difficulty
Format
Digital Forensics Process: Introduction
2
theory
Digital Forensics Process: Collection – Evidence Acquisition and Protection
3
theory
Digital Forensics Process: Collection – Types of Acquisition
3
theory
Digital Forensics Process: Collection – Ensure Integrity
2
theory
Digital Forensics Process: Interpretation – Identify and Extract
3
theory
Digital Forensics Process: Interpretation – Analyzing Findings
3
theory
Digital Forensics Process: Anti-Forensics Techniques
3
theory
Digital Forensics Process: Reporting
2
theory
Digital Forensics Process: Demonstrate Your Skills
3
theory
Introduction to Digital Forensics
Lab
Difficulty
Format
What is Digital Forensics?
2
theory
Digital Evidence
2
theory
Digital Forensics Processes and Techniques
3
theory
Digital Forensics Tools
2
theory
Digital Forensics Process: Reporting
2
theory
Introduction to Digital Forensics: Demonstrate Your Skills
4
theory
Distributed Denial of Service (DDoS) Analysis
Lab
Difficulty
Format
DDOS Analysis: What are DDoS Attacks?
2
theory
DDOS Analysis: Ping of Death
4
practical
DDOS Analysis: SYN Flood
4
practical
DDOS Analysis: UDP Flood
4
practical
DDOS Analysis: Demonstrate Your Skills
5
practical
Awareness
On the Immersive Labs cybersecurity training platform, the Awareness category builds practical, organization-wide cyber hygiene by helping learners recognize threats, make safer decisions, and follow secure practices at work and at home. Collections like Staying Safe Online develop day-to-day habits for avoiding phishing, creating strong passwords, using multi-factor authentication, browsing safely, and defending against malware and ransomware, while Cyber Safety lays the groundwork with key terminology, privacy concepts, physical security, remote working guidance, and incident response basics. Cyber 101 expands context with the cyber kill chain, attacker profiles and motives, and essentials such as rogue USB devices and cookies, and the Authentication and Browsing Securely collections reinforce strong sign-in practices and safer web habits through focused, application-oriented labs. The Social Engineering collection trains learners to spot common manipulation techniques and apply simple defensive steps.
Specialized collections round out core awareness. AI for Business equips staff to understand the benefits and risks of AI and to apply responsible-use guidelines; Data Handling and Data Privacy cover data fundamentals, access and processing controls, and regulatory expectations. Device Security and Physical Security address protecting laptops and mobile devices, preventing loss or tampering, and securing workspaces on the move, while Digital Footprint helps individuals manage their online presence. Security Reporting and Responsiveness ensures learners know how to report concerns and respond appropriately to potential incidents. Designed for all employees, contractors, and managers—especially new joiners and non-technical roles—this category equips people to reduce risk, protect personal and corporate data, comply with policy, use AI responsibly, and report and respond to security issues promptly.
Collections
Collection Name
Lab Count
Staying Safe Online
17
Cyber Safety
15
Cyber 101
12
Authentication
5
Browsing Securely
5
Social Engineering
5
AI for Business
4
Data Handling
4
Device Security
4
Digital Footprint
4
Physical Security
4
Security Reporting and Responsiveness
4
Data Privacy
3
Staying Safe Online
Lab
Difficulty
Format
Staying Safe Online: Why Information Security is Everyone's Business
1
theory
Staying Safe Online: Consequences and Impacts of Cyberattacks
1
theory
Staying Safe Online: Phishing Emails
1
practical
Staying Safe Online: Covid-19 Cybercriminals
1
practical
Staying Safe Online: Safer Browsing
1
theory
Staying Safe Online: Passwords
1
theory
Staying Safe Online: Multi-Factor Authentication
1
practical
Staying Safe Online: Antivirus Software
1
theory
Staying Safe Online: Malware
1
theory
Staying Safe Online: Identifying Ransomware
1
practical
Staying Safe Online: Firewalls and VPNs
1
theory
Staying Safe Online: Identity Theft
1
theory
Staying Safe Online: Backups
1
theory
Staying Safe Online: Updates and Patches
1
theory
Staying Safe Online: Accidental and Malicious Data Leaks
1
theory
Staying Safe Online: Mobile Security Tips
1
theory
Staying Safe Online: Phishing Emails (US)
2
practical
Cyber Safety
Lab
Difficulty
Format
What Is Information Security?
1
theory
Information Security: Starting at the Beginning
1
theory
The Importance of Information Security and Cybersecurity
1
theory
Information Security and Cybersecurity Terminology
1
theory
Privacy
1
theory
Shoulder Surfing
1
theory
Social Engineering
1
theory
Disposal of Device Information
1
theory
Physical Security
1
theory
Privileged Access
1
theory
Security On The Go
1
theory
Guidance on Remote Working
1
theory
Incident Response in the Workplace
1
theory
History of Information Security
1
theory
Personal Devices in the Workplace
1
theory
Cyber 101
Lab
Difficulty
Format
Cyber 101: Information Security
1
theory
Cyber 101: Security Champions
1
theory
Cyber 101: Cyber Kill Chain
1
theory
Cyber 101: Who Are The Hackers?
1
theory
Cyber 101: Why Hackers Hack
1
theory
Cyber 101: Virtual Card Numbers
1
theory
Cyber 101: Geolocation
1
theory
Cyber 101: Fake News
1
theory
Cyber 101: Keylogging
1
theory
Cyber 101: Darknets
1
theory
Cyber 101: Rogue USB Devices
1
practical
Cyber 101: Cookies
2
theory
Authentication
Lab
Difficulty
Format
Authentication: What is Authentication?
1
theory
Authentication: Why Are Passwords Important?
1
theory
Authentication: Creating Secure Passwords
1
theory
Authentication: Adding an Extra Layer of Security
1
theory
Authentication: Demonstrate Your Knowledge
1
theory
Browsing Securely
Lab
Difficulty
Format
Browsing Securely: What is Secure Browsing?
1
theory
Browsing Securely: Case Studies
1
theory
Browsing Securely: Browsers
1
theory
Browsing Securely: Cookies and Pop-Ups
1
theory
Browsing Securely: Demonstrate Your Knowledge
1
theory
Social Engineering
Lab
Difficulty
Format
Social Engineering: What is Social Engineering?
1
theory
Social Engineering: Techniques
1
theory
Social Engineering: How Is It Used?
1
theory
Social Engineering: Protecting Yourself
1
theory
Social Engineering: Demonstrate Your Skills
1
theory
AI for Business
Lab
Difficulty
Format
AI for Business: What is AI?
1
theory
AI for Business: The Benefits of AI
1
theory
AI for Business: The Risks of AI
1
theory
AI for Business: Using AI at Work
1
theory
Data Handling
Lab
Difficulty
Format
Data Handling: Data Fundamentals
1
theory
Data Handling: Gathering, Storing, and Processing Data
1
theory
Data Handling: Data Privacy and Access
1
theory
Data Handling: Demonstrate Your Knowledge
1
theory
Device Security
Lab
Difficulty
Format
Device Security: What is Device Security?
1
theory
Device Security: Increasing Your Protection
1
theory
Device Security: Case Studies
1
theory
Device Security: Demonstrate Your Knowledge
1
theory
Digital Footprint
Lab
Difficulty
Format
Digital Footprint: What is a Digital Footprint?
1
theory
Digital Footprint: Case Studies
1
theory
Digital Footprint: Protecting Yourself
1
theory
Digital Footprint: Demonstrate Your Knowledge
1
theory
Physical Security
Lab
Difficulty
Format
Physical Security: Introduction to Physical Security
1
theory
Physical Security: Physical Security in Your Workplace
1
theory
Physical Security: Physical Security When Working Remotely
1
theory
Physical Security: Demonstrate Your Knowledge
1
theory
Security Reporting and Responsiveness
Lab
Difficulty
Format
Security Reporting and Responsiveness: Reporting Incidents and Concerns
1
theory
Security Reporting and Responsiveness: Case Studies
1
theory
Security Reporting and Responsiveness: Responding Appropriately
1
theory
Security Reporting and Responsiveness: Demonstrate Your Knowledge
1
theory
Data Privacy
Lab
Difficulty
Format
Data Privacy: Key Concepts
1
theory
Data Privacy: Data Privacy Regulations
2
theory
Data Privacy: What About You?
2
theory
Kubernetes
On the Immersive Labs cybersecurity training platform, the Kubernetes category develops practical skills for building, securing, monitoring, and testing cloud‑native workloads. Learners begin with Kubernetes – Fundamentals to master orchestration essentials—pods and services, multi‑container patterns, volumes and secrets, workload resources, namespaces, network policies, and shell access—so they can confidently deploy and troubleshoot applications across a cluster.
Security depth follows with Kubernetes – Pod Security, where you apply Role Based Access Control, craft effective Network Policies, use immutable file systems, understand Pod Security Policies and resource controls, harden images, and protect secrets. The CISA and NSA Kubernetes Hardening Guidance collection translates authoritative recommendations into hands‑on practice across pod security, network separation and hardening, authentication and authorization, audit logging and collection, and continuous monitoring and threat detection. For operational visibility, Kubernetes – Logging covers native logging, cluster auditing, seccomp auditing, and log forwarding to strengthen incident response and compliance. To round out defender knowledge with attacker perspective, Kubernetes – Offensive Security uses labs such as Kube‑hunter, Attacking the Kubelet API, and Not So Secret to surface common misconfigurations and demonstrate how to detect and remediate them.
This category is ideal for DevOps and platform engineers, SREs, cloud security practitioners, SOC analysts, and red/purple teamers. After completing these collections, learners will be equipped to design and operate resilient clusters, enforce least privilege, align with NSA/CISA hardening guidance, instrument robust logging and auditing, proactively identify weaknesses, and respond effectively to Kubernetes‑focused threats.
Kubernetes: Attacking The Kubelet API – Introduction
5
practical
Kubernetes: Attacking The Kubelet API – Compromising the Server
5
practical
Kubernetes: Vulnerable Web Application
8
practical
Kubernetes: Not So Secret
6
practical
Cyber Threat Intelligence
On the Immersive Labs cybersecurity training platform, the Cyber Threat Intelligence category turns the latest threat intelligence feeds, vulnerability research, and security blogs into hands-on labs that teach you how to collect, analyze, and operationalize intelligence. Across this category you’ll explore core CTI concepts and lifecycles, models and methodologies, threat actors and attribution, intelligence sources, and practical techniques for decomposition and visualization. You’ll also build applied skills working with indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs)—from identifying and extracting them to maintaining and using them to inform detection and response.
The CTI First Principles collection gives learners a structured foundation through seven labs, covering what CTI is, how the lifecycle works, which models and methodologies to apply, how to reason about threat actors and attribution, where to source intelligence, and how to decompose and visualize findings—culminating in an opportunity to demonstrate your knowledge. The IoCs and TTPs collection adds five practical labs focused on distinguishing IoCs from TTPs, extracting and identifying them from real-world artifacts, managing indicators over time, and proving your skills by operationalizing them in workflows. This category is ideal for SOC analysts, incident responders, threat intelligence practitioners, and security leaders seeking to make intelligence actionable; graduates will be equipped to translate raw reporting into prioritized insights, enhance detections and investigations, and communicate threat impact to stakeholders.
Collections
Collection Name
Lab Count
CTI First Principles
7
IoCs and TTPs
5
Hunting The Tools: Cobalt Strike
3
CTI First Principles
Lab
Difficulty
Format
CTI First Principles: What is Cyber Threat Intelligence?
1
theory
CTI First Principles: Lifecycles
2
practical
CTI First Principles: Models and Methodologies
3
practical
CTI First Principles: Threat Actors and Attribution
4
practical
CTI First Principles: Threat Intelligence Sources
3
practical
CTI First Principles: Decomposition and Visualization
3
practical
CTI First Principles: Demonstrate Your Knowledge
4
practical
IoCs and TTPs
Lab
Difficulty
Format
IoCs and TTPs: What are IoCs?
2
practical
IoCs and TTPs: What are TTPs?
3
theory
IoCs and TTPs: Extracting and Identifying
3
practical
IoCs and TTPs: Management
3
practical
IoCs and TTPs: Demonstrate Your Skills
4
practical
Hunting The Tools: Cobalt Strike
Lab
Difficulty
Format
Hunting the Tools: Cobalt Strike – Beacon Analysis
6
practical
Hunting the Tools: Cobalt Strike – Traffic Analysis
5
practical
Hunting the Tools: Cobalt Strike – Log Analysis
6
practical
Cyber Fundamentals
The Cyber Fundamentals category on the Immersive Labs cybersecurity training platform builds a practical foundation across networks, operating systems, cryptography, scripting, secure design, and responsible cyber practice. Learners develop core technical fluency through Networking and Introduction to Networking, progressing from the Internet and OSI model to DNS, DHCP, ports and protocols, DoS primers, and intrusion detection. Platform and administration skills are strengthened in Linux Command Line, Windows Basics, Windows Concepts, Active Directory Basics, and PowerShell Basics, where users practice file permissions, process and service management, registry and scheduled tasks, group policies, authentication (NTLM vs Kerberos), and secure administration via SSH, SCP, and remoting. Secure Fundamentals consolidates essential principles such as authentication, authorization, least privilege, patching, and the CIA triad, while Interactive Regular Expressions and Encoding sharpen data parsing and representation skills crucial for analysis and tooling.
Cryptographic literacy is advanced through Introduction to Cryptography and Modern Encryption, covering symmetric/asymmetric methods, RSA, ECC, PKI, hashing, digital signatures, and practical exercises such as WEP/WPA wordlist cracking, rainbow tables, and steganography, with Historic Encryption providing valuable context. Introduction to Python Scripting builds automation for networking, reconnaissance, IDS basics, web scraping, and log analysis, while Human Factors in Cybersecurity and Ethics & Laws address usability, behavior change, security culture, and legal boundaries. Introduction to Penetration Test Programs guides learners through planning, supplier selection, engagement management, and reporting; Introduction to Digital Forensics introduces evidence handling and reporting; and AI Fundamentals, AI Foundations, and Quantum Computing Fundamentals explore emerging technologies, threats, and their security implications. Designed for newcomers, security champions, and IT professionals seeking to solidify or refresh baseline skills, this category equips learners to communicate effectively about cyber risk, harden and administer systems, analyze network behavior, automate routine tasks, and contribute responsibly to security operations and improvement programs.
Collections
Collection Name
Lab Count
Networking
22
Linux Command Line
17
Modern Encryption
14
Cyber 101
12
Introduction to Cryptography
12
PowerShell Basics
12
Introduction to Penetration Test Programs
11
Historic Encryption
10
TypeForge: Typing Speed Challenge
10
Windows Concepts
10
Active Directory Basics
9
AI Fundamentals
9
Interactive Regular Expressions
9
Encoding
8
Quantum Computing Fundamentals
8
Secure Fundamentals
8
Windows Basics
8
AI Foundations
7
Introduction to Networking
7
Introduction to Python Scripting
7
Ethics & Laws
6
Human Factors in Cybersecurity
6
Introduction to Digital Forensics
6
Assessment: Cybersecurity
1
Networking
Lab
Difficulty
Format
The Internet
2
theory
OSI Model
3
theory
Ports
3
theory
Transport Protocols
3
theory
Internet Protocol V4
4
practical
Protocols: HTTP
5
practical
Protocols: HTTP – Status Codes
4
practical
Protocols: DHCPv4
5
practical
Protocols: DHCPv6
5
practical
Protocols: DNS
5
practical
Protocols: FTP
4
practical
Protocols: LDAP
4
practical
Protocols: SMTP
5
practical
Protocols: ARP
4
practical
Protocols: Modbus
6
practical
DoS Primer: Volumetric
3
theory
DoS Primer: Vulnerabilities
3
theory
DoS Primer: Resource Exhaustion
3
theory
DoS Primer: Tools
4
practical
Intrusion Detection Systems
2
theory
Networking: Demonstrate Your Knowledge
4
theory
Networking: Demonstrate Your Skills
4
practical
Linux Command Line
Lab
Difficulty
Format
Linux CLI: Introduction to the Linux Command Line Interface
3
theory
Linux CLI: Getting Started with the Terminal
4
practical
Linux CLI: Moving Around
4
practical
Linux CLI: Changing Things
4
practical
Linux CLI: File Permissions
4
practical
Linux CLI: Editing Files
4
practical
Linux CLI: Using wc
5
practical
Linux CLI: Manipulating Text
5
practical
Linux CLI: Stream Redirection
4
practical
Linux CLI: Using Sudo
4
practical
Linux CLI: Using SSH and SCP
4
practical
Linux CLI: Using Find
5
practical
Linux CLI: Searching and Sorting
4
practical
Linux CLI: Using Screen
4
practical
Linux CLI: Generating File Hashes
4
practical
Linux CLI: Combining Commands
5
practical
Linux CLI: Demonstrate Your Skills
4
practical
Modern Encryption
Lab
Difficulty
Format
Introduction to Encryption
4
practical
Symmetric vs Asymmetric Key Encryption
4
practical
Modern Encryption: RSA
3
theory
Elliptic Curve Cryptography
4
theory
PKI (Public Key Infrastructure)
3
theory
PKI (Public Key Infrastructure) Practical
5
practical
Introduction to Hashing
4
practical
Modern Encryption: SHA-1 Hashes
3
theory
Modern Encryption: MD5 Hashing
3
theory
Rainbow Tables
3
theory
Steganography
5
practical
Wired Equivalent Privacy (WEP) Cracking
5
practical
WPA Wordlist Crack
4
practical
Modern Encryption: Demonstrate Your Skills
6
practical
Cyber 101
Lab
Difficulty
Format
Cyber 101: Information Security
1
theory
Cyber 101: Security Champions
1
theory
Cyber 101: Cyber Kill Chain
1
theory
Cyber 101: Who Are The Hackers?
1
theory
Cyber 101: Why Hackers Hack
1
theory
Cyber 101: Virtual Card Numbers
1
theory
Cyber 101: Geolocation
1
theory
Cyber 101: Fake News
1
theory
Cyber 101: Keylogging
1
theory
Cyber 101: Darknets
1
theory
Cyber 101: Rogue USB Devices
1
practical
Cyber 101: Cookies
2
theory
Introduction to Cryptography
Lab
Difficulty
Format
Introduction to Cryptography: What is Cryptography?
3
theory
Introduction to Cryptography: Symmetric Key Encryption
3
theory
Introduction to Cryptography: Asymmetric Encryption
3
theory
Introduction to Cryptography: Stream Ciphers
3
theory
Introduction to Cryptography: One-Time Pad
3
theory
Introduction to Cryptography: Message Integrity
3
theory
Introduction to Cryptography: Public and Private Key Management
3
theory
Introduction to Cryptography: Public Key Infrastructure
3
theory
Introduction to Cryptography: Block Ciphers
3
theory
Introduction to Cryptography: Digital Signatures
3
theory
Introduction to Cryptography: Hashing
2
theory
Introduction to Cryptography: Demonstrate Your Knowledge
3
theory
PowerShell Basics
Lab
Difficulty
Format
PowerShell Basics: What is PowerShell?
3
theory
PowerShell Basics: Cmdlets
4
practical
PowerShell Basics: Variables
4
practical
PowerShell Basics: Operators and Expressions
4
practical
PowerShell Basics: Files and Folders
4
practical
PowerShell Basics: Processes and Services
4
practical
PowerShell Basics: Functions and Modules
4
practical
PowerShell Basics: ISE and Scripting
4
practical
PowerShell Basics: Error Handling
4
practical
PowerShell Basics: Event Logs
4
practical
PowerShell Basics: Remoting
5
practical
PowerShell Basics: Demonstrate Your Skills
5
practical
Introduction to Penetration Test Programs
Lab
Difficulty
Format
Introduction to Penetration Test Programs: What is Pen Testing?
2
theory
Introduction to Penetration Test Programs: Cybersecurity Frameworks
2
theory
Introduction to Penetration Test Programs: Defining your Testing Program
2
theory
Introduction to Penetration Test Programs: Choosing a Supplier
2
theory
Introduction to Penetration Test Programs: Testing Management
2
theory
Introduction to Penetration Test Programs: Pre-Engagement Activities
2
theory
Introduction to Penetration Test Programs: Engagement Activities
2
theory
Introduction to Penetration Test Programs: Penetration Test Reports
2
theory
Introduction to Penetration Test Programs: Post-Engagement Activities
2
theory
Introduction to Penetration Test Programs: Improving your Program
2
theory
Introduction to Penetration Test Programs: Demonstrate Your Knowledge
3
theory
Historic Encryption
Lab
Difficulty
Format
The History of Encryption
3
theory
Encryption Tools: CyberChef
3
practical
Encryption Tools: CyberChef — Recipes
3
practical
Steganography
5
practical
Caesar Ciphers
3
practical
Vigenère Ciphers
3
practical
The Enigma Machine
5
practical
The Bombe Machine
5
practical
The Typex Machine
5
practical
Historic Encryption: Demonstrate Your Skills
5
practical
TypeForge: Typing Speed Challenge
Lab
Difficulty
Format
TypeForge: Words (Novice)
2
practical
TypeForge: Facts (Novice)
2
practical
TypeForge: Code (Novice)
2
practical
TypeForge: Words (Intermediate)
3
practical
TypeForge: Facts (Intermediate)
3
practical
TypeForge: Code (Intermediate)
3
practical
TypeForge: Words (Advanced)
4
practical
TypeForge: Facts (Advanced)
4
practical
TypeForge: Code (Advanced)
4
practical
TypeForge: Demonstrate Your Skills
5
practical
Windows Concepts
Lab
Difficulty
Format
Windows Concepts: New Technology File System (NTFS)
4
practical
Windows Concepts: Environment Variables
5
practical
Windows Concepts: Security Policies
5
practical
Windows Concepts: Windows Registry
4
practical
Windows Concepts: Scheduled Tasks
4
practical
Windows Concepts: Alternate Data Streams
5
practical
Windows Concepts: Volume Shadow Copy Service
5
practical
Windows Concepts: Background Intelligent Transfer Service (BITS)
4
practical
Windows Concepts: CertUtil
4
practical
Windows Concepts: Demonstrate Your Skills
5
practical
Active Directory Basics
Lab
Difficulty
Format
Active Directory Basics: What is Active Directory?
3
theory
Active Directory Basics: Console
4
practical
Active Directory Basics: Objects
4
practical
Active Directory Basics: Adding a Machine
4
practical
Active Directory Basics: NTLM vs Kerberos
3
theory
Active Directory Basics: Group Policy Management
4
practical
Active Directory Basics: Replication
3
theory
Active Directory Basics: Managing Workstations
4
practical
Active Directory Basics: Demonstrate Your Skills
6
practical
AI Fundamentals
Lab
Difficulty
Format
AI: Introduction to AI
2
theory
AI: Data Ethics and Responsible Use
2
theory
AI: Emerging Threats
2
theory
AI: TensorFlow for Machine Learning
3
practical
AI: Image Classification
3
practical
AI: Generative AI Models
2
practical
AI: Prompt Injection Attacks
5
practical
AI: Artificial Intelligence for Incident Responders
2
practical
AI: Demonstrate Your Skills
4
practical
Interactive Regular Expressions
Lab
Difficulty
Format
Interactive RegEx: An Introduction to RegEx
1
theory
Interactive RegEx: The RegEx Interface
2
practical
Interactive RegEx: Simple Matching
3
practical
Interactive RegEx: Character Sets
3
practical
Interactive RegEx: Logical Metacharacters
4
practical
Interactive RegEx: Quantifiers
5
practical
Interactive RegEx: Groups
5
practical
Interactive RegEx: Flags
4
practical
Interactive RegEx: Demonstrate
5
practical
Encoding
Lab
Difficulty
Format
Encoding: What is Encoding?
3
theory
Encoding: Binary
3
practical
Encoding: Hexadecimal
3
practical
Encoding: ASCII
3
practical
Encoding: Base64
3
practical
Encoding: Unicode
3
practical
Encoding: Punycode
4
practical
Encoding: Demonstrate Your Skills
5
practical
Quantum Computing Fundamentals
Lab
Difficulty
Format
Quantum Computing Fundamentals: What is Quantum Computing?
Creating Quantum Circuits: Random Number Generator
5
practical
Secure Fundamentals
Lab
Difficulty
Format
Secure Fundamentals: Defense In Depth
1
theory
Secure Fundamentals: Authentication
1
theory
Secure Fundamentals: Authorization
1
theory
Secure Fundamentals: Principle of Least Privilege
1
theory
Secure Fundamentals: Security Patching
1
theory
Secure Fundamentals: Attribution and Accountability
2
theory
Secure Fundamentals: The CIA Triad
2
theory
Secure Data Handling
3
theory
Windows Basics
Lab
Difficulty
Format
Windows Basics: Command Prompt
3
practical
Windows Basics: Users and Groups
4
practical
Windows Basics: Registry
4
practical
Windows Basics: Managing Processes
4
practical
Windows Basics: Services
4
practical
Windows Basics: SMB and RDP
4
practical
Windows Basics: Scheduled Tasks
4
practical
Windows Basics: Demonstrate Your Skills
7
practical
AI Foundations
Lab
Difficulty
Format
AI Foundations: Artificial Intelligence
1
theory
AI Foundations: Core Components
1
theory
AI Foundations: Large Language Models (LLMs)
1
theory
AI Foundations: Retrieval Augmented Generation (RAG)
2
practical
AI Foundations: Model Context Protocol (MCP)
2
practical
AI Foundations: Agentic AI
2
practical
AI Foundations: Demonstrate Your Knowledge
1
theory
Introduction to Networking
Lab
Difficulty
Format
Introduction to Networking: What is a Network?
3
theory
Introduction to Networking: Types of Networks
2
theory
Introduction to Networking: Network Hardware
3
theory
Introduction to Networking: Network Topologies
3
theory
Introduction to Networking: IP Addresses
3
theory
Introduction to Networking: Domain Name System
3
theory
Introduction to Networking: Demonstrate Your Knowledge
3
theory
Introduction to Python Scripting
Lab
Difficulty
Format
Introduction to Python Scripting: Setting up the Environment
4
practical
Introduction to Python Scripting: Network Basics with Python
5
practical
Introduction to Python Scripting: Network Reconnaissance with Python
5
practical
Introduction to Python Scripting: Building an IDS with Python
6
practical
Introduction to Python Scripting: Web Scraping
4
practical
Introduction to Python Scripting: Log Analysis and Anomaly Detection with Python
6
practical
Introduction to Python Scripting: Demonstrate Your Skills
6
practical
Ethics & Laws
Lab
Difficulty
Format
Ethics & Laws: Bugbusters
3
practical
Ethics & Laws: Police Raid
3
practical
Ethics & Laws: Ethical and Unethical Hacking
3
theory
Ethics & Laws: Burglary and Hacking
3
theory
Ethics & Laws: UK Cyber Law
3
theory
Ethics & Laws: US Federal Cyber Law
1
theory
Human Factors in Cybersecurity
Lab
Difficulty
Format
Human Factors in Cybersecurity: People Are The Strongest Link
2
theory
Human Factors in Cybersecurity: How People Make Security Mistakes
2
theory
Human Factors in Cybersecurity: Usable Security
2
theory
Human Factors in Cybersecurity: Security Awareness and Behavior Change
2
theory
Human Factors in Cybersecurity: Security Culture
2
theory
Human Factors in Cybersecurity: Demonstrate Your Understanding
3
theory
Introduction to Digital Forensics
Lab
Difficulty
Format
What is Digital Forensics?
2
theory
Digital Evidence
2
theory
Digital Forensics Processes and Techniques
3
theory
Digital Forensics Tools
2
theory
Digital Forensics Process: Reporting
2
theory
Introduction to Digital Forensics: Demonstrate Your Skills
4
theory
Assessment: Cybersecurity
Lab
Difficulty
Format
Assessment: Cybersecurity
1
practical
Business Continuity
This Collection category is a comprehensive workstream designed to operationalize Business Continuity Management (BCM) beyond simple paper-based compliance. This initiative translates technical disaster recovery and operational resilience into a structured management framework, ensuring the organization can absorb shocks and maintain critical functions during a crisis.
Collections
Collection Name
Lab Count
Business Continuity: Exercising, Testing, and Assurance
7
Business Continuity Olan Development
7
Business Continuity: Recovery & Returning to Normal Operations
7
Business Continuity Strategy
7
Business Continuity: Exercising, Testing, and Assurance
Lab
Difficulty
Format
Business Continuity Exercising: Why it Matters
1
theory
Business Continuity Exercising: Types of Tests and Exercising
1
theory
Business Continuity Exercising: Designing Effective Scenarios
1
theory
Business Continuity Exercising: Tabletop Exercises
1
theory
Business Continuity Exercising: Running Live Exercises and Tests
1
theory
Business Continuity Exercising: Measuring Success
1
theory
Business Continuity Exercising: Embedding Exercising
1
theory
Business Continuity Plan Development
Lab
Difficulty
Format
Business Continuity Planning: What is a Business Continuity Plan?
1
theory
Business Continuity Planning: Core Components
1
theory
Business Continuity Planning: Usability Under Pressure
1
theory
Business Continuity Planning: Role-Based and Tiered Plans
1
theory
Business Continuity Planning: Templates and Playbooks
1
theory
Business Continuity Planning: Integration With Other Plans
1
theory
Business Continuity Planning: Keeping Plans Alive
1
theory
Business Continuity Recovery and Return
Lab
Difficulty
Format
Business Continuity Recovery and Return: Post-Incident Review
1
theory
Business Continuity Recovery and Return: The Human Side of Recovery
1
theory
Business Continuity Recovery and Return: Recovery Governance and Assurance
1
theory
Business Continuity Recovery and Return: Communications During Recovery
1
theory
Business Continuity Recovery and Return: Managing Backlogs and Operational Debt
1
theory
Business Continuity Recovery and Return: Transitioning Out of Continuity Mode
1
theory
Business Continuity Strategy
Lab
Difficulty
Format
Business Continuity Strategy: What is a Continuity Strategy
1
theory
Business Continuity Strategy: Alternate Sites and Remote Working
1
theory
Business Continuity Strategy: Manual Workarounds and Degraded Modes
1
theory
Business Continuity Strategy: Cross-Training, Redeployment, and Staffing
1
theory
Business Continuity Strategy: Technology and Data Resilience
1
theory
Business Continuity Strategy: Supplier and Third-Party Strategies
1
theory
Business Continuity Strategy: Layering Strategies
1
theory
Governance, Risk, and Compliance
A comprehensive Governance, Risk, and Compliance (GRC) library, aligned with current regulatory standards.
Collections
Collection Name
Lab Count
MITRE ATLAS
10
NIST AI Risk Management Framework (RMF)
10
ISO 42001 - Artificial Intelligence Management System (AIMS)
6
SOC Reporting
6
SOX Cyber and IT Controls
7
NIS2 Directive
7
DORA (Digital Operational Resilience Act)
7
CCPA Foundations
6
Risk
5
PCI DSS
5
Healthcare Compliance
6
ISO 22381 - Security and Resilience for Identification Systems
5
MITRE ATLAS
Lab
Difficulty
Format
MITRE ATLAS: AI Attack Staging
1
theory
MITRE ATLAS: Building a Defensive Roadmap
1
theory
MITRE ATLAS: Defense Evasion
1
theory
MITRE ATLAS: Discovery and Lateral Movement
1
theory
MITRE ATLAS: Execution and Persistence
1
theory
MITRE ATLAS: Exfiltration
1
theory
MITRE ATLAS: Initial Access
1
theory
MITRE ATLAS: Navigating the Matrix
1
theory
MITRE ATLAS: Reconnaissance
1
theory
MITRE ATLAS: Resource Development
1
theory
NIST AI Risk Management Framework
Lab
Difficulty
Format
NIST AI RMF: Overview and Structure
1
theory
NIST AI RMF: Govern Function – Organizational Context
1
theory
NIST AI RMF: Govern Function – Risk Management Strategy
1
theory
NIST AI RMF: Integrating AI RMF With Existing Programs
1
theory
NIST AI RMF: Manage Function – Risk Monitoring
1
theory
NIST AI RMF: Manage Function – Risk Treatment
1
theory
NIST AI RMF: Map Function – Context Establishment
1
theory
NIST AI RMF: Map Function – Risk Categorization
1
theory
NIST AI RMF: Measure Function – Impact Assessments
1
theory
NIST AI RMF: Measure Function – Risk Analysis
1
theory
ISO 42001 - Artificial Intelligence Management System (AIMS)
Lab
Difficulty
Format
ISO 42001: Context, Leadership, and AI Policy
1
theory
ISO 42001: Performance, Improvement, and Certification
1
theory
ISO 42001: Planning and AI Impact Assessments
1
theory
ISO 42001: The AI Management System
1
theory
ISO 42001: The AI System Lifecycle and Data Governance
1
theory
ISO 42001: Transparency, Human Oversight, and Third-Party Risk
1
theory
SOC Reporting
Lab
Difficulty
Format
SOC Reporting: Introduction to SOC Reporting
1
theory
SOC Reporting: Navigating the Audit Process
1
theory
SOC Reporting: Reading a Report and Navigating Audits
1
theory
SOC Reporting: Report Variations – Type 1 vs Type 2
1
theory
SOC Reporting: The Foundation – AICPA and COSO
1
theory
SOC Reporting: Trust Services Criteria
1
theory
SOX Cyber and IT Controls Badge
Lab
Difficulty
Format
SOX Cyber and IT Controls: Access Management – The Principle of Least Privilege
1
theory
SOX Cyber and IT Controls: Audit Readiness – Logging and Monitoring
1
theory
SOX Cyber and IT Controls: Change Management – Protecting Production
1
theory
SOX Cyber and IT Controls: Control Frameworks – COSO and COBIT
1
theory
SOX Cyber and IT Controls: Financial Integrity and IT
1
theory
SOX Cyber and IT Controls: IT Operations – Backup and Recovery
1
theory
SOX Cyber and IT Controls: Third-Party Risk and the Supply Chain
1
theory
NIS2 Directive
Lab
Difficulty
Format
NIS2 Directive: Introduction and Evolution
1
theory
NIS2 Directive: Scope and Sector Applicability
1
theory
NIS2 Directive: Corporate Accountability and Sanctions
1
theory
NIS2 Directive: Implementation and National Supervision
1
theory
NIS2 Directive: Security Risk-Management Measures
1
theory
NIS2 Directive: Supply Chain Security
1
theory
NIS2 Directive: Incident Reporting and Timelines
1
theory
DORA
Lab
Difficulty
Format
DORA: Introduction to Digital Operational Resilience
1
theory
DORA: ICT Risk Management Frameworks
1
theory
DORA: Information Sharing and Intelligence
1
theory
DORA: Third-Party Risk Management
1
theory
DORA: Incident Reporting and Classification
1
theory
DORA: Oversight and Compliance
1
theory
DORA: Digital Operational Resilience Testing
1
theory
California Consumer Privacy Act (CCPA) Foundations
Lab
Difficulty
Format
CCPA Foundations: Introduction and Scope
1
theory
CCPA Foundations: Business Obligations
1
theory
CCPA Foundations: Consumer Rights
1
theory
CCPA Foundations: Service Providers and Contractors
Comments
0 comments
Please sign in to leave a comment.