ADVANCEDIncident Response & Threat Hunting Training APT Emulation Labs iOS Exploitation Training APT Emulation Labs Incident Response & Threat Hunting Training 

Learn More


APT Emulation Labs

Emulated APT-level incidents in a lab environment waiting for you to solve. Designed to push your incident response abilities to the limit.

150+Hours Of Content

120+Lab Questions

Learn more

There’s always more to come

April '24


May '24

Husky Lab

July '24

Russian SVR Lab

August '24

Crash Dump Labs

September '24

Lazarus Lab

November '24


Most Recent Testimonials


We’ve got you covered

Frequently Asked Questions

What’s the difference between XINTRA Labs and XINTRA Training?

XINTRA labs are designed for blue and red teamers with some previous experience to test their ability on how to detect / respond to emulated APT incidents emulating a real incident response engagement.

XINTRA trainings are designed for beginner through to advanced blue and red teamers who are interested in learning various topics like cloud security, IR and iOS exploitation.

How long does it take to complete the labs?

Each lab is an entire emulation of an incident in a “fake” corporate network. To solve the lab requires you to fully solve each incident and understand what has occurred. The questions are designed to guide you through the investigation with a series of hints.

There are generally 40-60 questions per lab. For an experienced incident responder, ONE lab may take around 30-40 hours to complete. For a beginner or a SOC analyst, it may take upwards of 60-70 hours per lab.

Do you provide solutions to labs and questions?

Solutions and guidance are only provided for corporate purchases / corporate customers. For non-corporate purchases, students can access hints on the platform (the usage of a hint will lead to a point deduction) and students will also have access to a Discord channel where they can post questions and collaborate with other students.

Can I publish my solutions to the labs in a blog post?

Absolutely! We encourage and welcome you to post your write-ups, please also tag us at @XintraOrg and @InverseCos so we can share your write-ups.

Do you offer student discounts?

If you are a student in high school or University, we offer 15% discount. Please send us an email at [email protected] with proof of your enrolment and we will issue you a discount.

How does the hint system work?

20% of the questionʼs total points are deducted for each hint used. For example, if the question is worth 10 points and you used a hint, you can only earn 8 points for that question.

Do I lose points for incorrect answers?

No, we do not deduct points for incorrect answers.

How often do new labs get published?

We will work on getting a new lab published every 2 months. Please check the timeline on the homepage and labs page to see the current trajectory. You can also stay in touch with us on our socials to hear news and updates - @XintraOrg.

How can I contribute or build a lab?

Lab contributors are currently invitation only. We are constantly looking for new collaborators – so if this is something you are interested in, please get in touch with us on Twitter or [email protected] and we will reach out if there is a right fit.

Where do I submit lab feedback or request platform changes?

There is a feedback box on the dashboard once you login. We take your feedback very seriously as we want to ensure you learn and enjoy the experience! If you have long-form feedback, please also feel free to email us at [email protected].

Have a question that isn’t answered here?
Email us or join our discord.


Lina Lau
Founder of XINTRA

Black Hat Trainer | SANS Advisory Board


Lina is the Founder of XINTRA, a platform offering advanced premium cybersecurity trainings and labs. Formerly, the APJ-South Principal IR Consultant at Secureworks and the AAPAC Incident Response lead for Accenture ANZ. She has worked multiple international cases covering sectors such as national defence, banking, energy, and manufacturing. Lina is also a Black Hat trainer, SANS advisory board member and has presented at several international conferences. She currently holds/held the following certifications: GXPN, GASF, GREM, GCFA and OSCP.

Portrait of Lina