XINTRA

Enterprise Live is now available to purchase for all our customers 😍

@ElementalX2 @HDFC_Bank @MDSecLabs @goldenjackel12 I just realised why they used @MDSecLabs - probably because they saw the MustangPanda simulation lab we did for @XintraOrg @inversecos - a APT with a sense of humour! 😂 @jamieantisocial mashtitle.com/2025/06/27/cou…

After more than a year in the making it is finally out and available here: xintra.org/courses/11-win… :) I will always do open source and publish papers but I've been working for a long time to create a course for people that want structured and in-depth content 1/

NEW XINTRA COURSE!!!🥳 Windows Kernel: Offensive, Defensive & Reverse Engineering by @Idov31 xintra.org/courses/11-win… Build an EDR and rootkits from scratch while mastering the Windows kernel. Over 70 videos and labs covering: > Build your own EDR (detection + prevention) > Rootkits & offensive tradecraft > Reversing Windows kernel & drivers > Kernel callbacks, ETW, minifilter and more There are preview videos too if you wanna see some snippets of the course content ;) This course is instructed by Ido Veltzman (@Idov31), a senior security researcher specializing in reverse engineering, operating system internals, vulnerability research, and exploit development. His work spans UEFI, hypervisors, kernel, and user mode, where he has developed advanced evasion, persistence, and injection techniques. @XintraOrg

@inversecos pitching @XintraOrg at the @DecibelVC tiger cage contest AUSSIE AUSSIE AUSSIE!!!

Working on the upcoming @XintraOrg lab 🇷🇺 while shipping new features for the Mac timeline analysis tool. Using these simulated attack scenarios to stress-test the gear before it hits the field. Almost there... 😅 #dfir #Xintra

NEW LAB: NavalTech Defense Contractor ⚓ We emulated a North Korean (DPRK) cyber espionage campaign targeting a submarine contractor’s vessel-tracking systems. Based on CISA’s reporting on DPRK operations to advance military and nuclear programs. Contributors @django88_ @svch0st @XintraOrg Solve it here 👇 xintra.org

What separates Chinese cyber ops from Five Eyes? Three things that shifted my thinking about this topic: 1. Early cyber training (90s-2000s) happened on live targets. Not sandboxes, not simulations...actual foreign infrastructure. The "practice" was the operation. Operational errors caught during IR back then weren't failures of tradecraft... they were the cost of learning on production. 2. The private sector operates as APT infrastructure. Cybersecurity companies founded by former 2000s hackers (Topsec, i-SOON, Integrity Tech) were later publicly linked to state-directed operations. The line between "legitimate vendor" and "APT contractor" is deliberately blurred (by design). 3. Operators don't stay siloed in their APT group. They rotate across teams for decades, carrying often the exact same tools, tactics with them. What we label as "different APT groups" is often the same people with different hats. This makes attribution way messier than the tidy narrative we see in threat reports. Worth reading this epic report published by the Zurich Centre for Security Studies if this stuff keeps you up at night: ethz.ch/content/dam/et…

We've been a little quiet on our end but we have some huge things cooking for 2026 that we can't wait to share with you. We also have a new lab coming out in the next couple weeks 😏... But in the meantime, enjoy this feedback we got today.

This was a really fun one todo, spent ages getting the ivanti appliance exploit working, some really interesting paths in there to check out!

First blood for our new lab "Meow Islands" congrats tmechen! 😍

NEW LAB: APT40 Ivanti Exploitation APT40 (Chinese Hainan State Security Department) targets the Department of Trade and Finance of Meow Islands by exploiting a vulnerable Ivanti appliance. The investigation involves: 🔸Ivanti Connect Secure exploitation 🔸Appliance filesystem forensics 🔸Edge device to internal pivoting 🔸Sideloading through trusted antivirus binaries Enterprise "LIVE" customers receive full RDP access to all appliances and devices involved in the investigation. Contributors Adversarial Emulation @ZephrFish Incident Response @svch0st Solve it here xintra.org

The next decade of cyber conflict will decide how the world operates. If you want to work on technology that defines the future and makes real impact, come build it with us @XintraOrg xintra.org/jobs

@mikecybersec Amazing write up!!

Completed the Waifu University lab by @XintraOrg Write up here mikecybersec.notion.site/Waifu-Universi…

12 months ago I presented a 3 hour course on attacking and defending Microsoft IIS servers to a packed room at BSides Canberra, today the 30+ hour version went live on @XintraOrg !

This course is instructed by Adrian Justice @Zeroedtech, who has performed IR at Crowdstrike and at the Australian Cyber Security Centre (ACSC) for the government. He has extensive experience responding to APT compromises of government departments and critical infrastructure and is an expert at IIS related compromises. One piece of notable work in his career was his work in the infamous Copy-Paste compromises conducted by alleged Chinese APT groups cyber.gov.au/sites/default/…

New XINTRA course‼️ Advanced IIS Post Exploitation, Detection & Evasion Modern APT groups are actively weaponizing ToolShell and fileless IIS tradecraft to compromise Exchange, SharePoint, ASP workloads. If your detection and response capabilities lag exposure, this course bridges the gap with: - Memory dump analysis (Windbg) - Deserialisation exploits & detections - ViewState attacks - .NET Reflection - Deobfuscation techniques Syllabus and preview videos here👇 xintra.org/courses/9-adva… @XintraOrg

Some more feedback this week

You might notice things are looking a little different on XINTRA.org 👀 A new chapter is coming and we can’t wait to share it with you.

Some new feedback this week 🫶🏼