Learn More
Prove your capabilities
Lab Overview
Learn how to detect and hunt for complex threats with this APT Emulation lab. This lab emulates APT 29 / Cozy Bear's hybrid on-prem to cloud lateral movement intrusion of a military robotics company.
You'll be handling attacks including:
Golden SAML AttackN-Day exploitation attemptEntra ID backdoorsOAuth AbuseGolden TicketRegistry TimestompingEntra BackdoorsFirst time?
How it Works
1 - Start the Emulation
After you sign up, you are provided a Windows VM prepped with the tools, snapshots and evidence you. You are also granted access to an ELK instance with pre-parsed logs to conduct the analysis.
2 - Score the Points
Each lab contains 40-60 questions, which are broken down by the stages of the incident response process. These will sharpen your skills in a practical environment. Hints are available if you get stuck.
3 - Level Up!
Once you've completed the lab, you'll receive a certificate to share your skills. Next up, there is more to learn - one XINTRA Labs subscription gives you access to all labs.
We’ve got you covered
Frequently Asked Questions
What’s the difference between XINTRA Labs and XINTRA Training?
How long does it take to complete the labs?
Do you provide solutions to labs and questions?
Can I publish my solutions to the labs in a blog post?
Do you offer student discounts?
How does the hint system work?
Do I lose points for incorrect answers?
How often do new labs get published?
How can I contribute or build a lab?
Where do I submit lab feedback or request platform changes?
Have a question that isn’t answered here?
Email us or join our discord.