← All Labs / #2

Assassin Kitty

APT29 on-premise to cloud lateral movement and exfiltration

Start Lab

Learn More

Prove your capabilities

Lab Overview

Learn how to detect and hunt for complex threats with this APT Emulation lab. This lab emulates APT 29 / Cozy Bear's hybrid on-prem to cloud lateral movement intrusion of a military robotics company.

Network Diagram of Assassin Kitty APT Emulation Lab

You'll be handling attacks including:

Golden SAML Attack

N-Day exploitation attempt

Entra ID backdoors

OAuth Abuse

Golden Ticket

Registry Timestomping

Entra Backdoors

Start Lab

First time?

How it Works

1 - Start the Emulation

After you sign up, you are provided a Windows VM prepped with the tools, snapshots and evidence you. You are also granted access to an ELK instance with pre-parsed logs to conduct the analysis.

2 - Score the Points

Each lab contains 40-60 questions, which are broken down by the stages of the incident response process. These will sharpen your skills in a practical environment. Hints are available if you get stuck.

3 - Level Up!

Once you've completed the lab, you'll receive a certificate to share your skills. Next up, there is more to learn - one XINTRA Labs subscription gives you access to all labs.

Learn from the best

Meet the Lab Authors

We’ve got you covered

Frequently Asked Questions

What’s the difference between XINTRA Labs and XINTRA Training?

XINTRA labs are designed for blue and red teamers with some previous experience to test their ability on how to detect / respond to emulated APT incidents emulating a real incident response engagement.

XINTRA trainings are designed for beginner through to advanced blue and red teamers who are interested in learning various topics like cloud security, IR and iOS exploitation.

How long does it take to complete the labs?

Each lab is an entire emulation of an incident in a “fake” corporate network. To solve the lab requires you to fully solve each incident and understand what has occurred. The questions are designed to guide you through the investigation with a series of hints.

There are generally 40-60 questions per lab. For an experienced incident responder, ONE lab may take around 30-40 hours to complete. For a beginner or a SOC analyst, it may take upwards of 60-70 hours per lab.

Do you provide solutions to labs and questions?

Solutions and guidance are only provided for corporate purchases / corporate customers. For non-corporate purchases, students can access hints on the platform (the usage of a hint will lead to a point deduction) and students will also have access to a Discord channel where they can post questions and collaborate with other students.

Can I publish my solutions to the labs in a blog post?

Absolutely! We encourage and welcome you to post your write-ups, please also tag us at @XintraOrg and @InverseCos so we can share your write-ups.

Do you offer student discounts?

If you are a student in high school or University, we offer 15% discount. Please send us an email at [email protected] with proof of your enrolment and we will issue you a discount.

How does the hint system work?

20% of the questionʼs total points are deducted for each hint used. For example, if the question is worth 10 points and you used a hint, you can only earn 8 points for that question.

Do I lose points for incorrect answers?

No, we do not deduct points for incorrect answers.

How often do new labs get published?

We will work on getting a new lab published every 2 months. Please check the timeline on the homepage and labs page to see the current trajectory. You can also stay in touch with us on our socials to hear news and updates - @XintraOrg.

How can I contribute or build a lab?

Lab contributors are currently invitation only. We are constantly looking for new collaborators – so if this is something you are interested in, please get in touch with us on Twitter or [email protected] and we will reach out if there is a right fit.

Where do I submit lab feedback or request platform changes?

There is a feedback box on the dashboard once you login. We take your feedback very seriously as we want to ensure you learn and enjoy the experience! If you have long-form feedback, please also feel free to email us at [email protected].

Have a question that isn’t answered here?
Email us or join our discord.