XINTRA

Enterprise Live is now available to purchase for all our customers 😍

Working on the upcoming @XintraOrg lab 🇷🇺 while shipping new features for the Mac timeline analysis tool. Using these simulated attack scenarios to stress-test the gear before it hits the field. Almost there... 😅 #dfir #Xintra

NEW LAB: NavalTech Defense Contractor ⚓ We emulated a North Korean (DPRK) cyber espionage campaign targeting a submarine contractor’s vessel-tracking systems. Based on CISA’s reporting on DPRK operations to advance military and nuclear programs. Contributors @django88_ @svch0st @XintraOrg Solve it here 👇 xintra.org

What separates Chinese cyber ops from Five Eyes? Three things that shifted my thinking about this topic: 1. Early cyber training (90s-2000s) happened on live targets. Not sandboxes, not simulations...actual foreign infrastructure. The "practice" was the operation. Operational errors caught during IR back then weren't failures of tradecraft... they were the cost of learning on production. 2. The private sector operates as APT infrastructure. Cybersecurity companies founded by former 2000s hackers (Topsec, i-SOON, Integrity Tech) were later publicly linked to state-directed operations. The line between "legitimate vendor" and "APT contractor" is deliberately blurred (by design). 3. Operators don't stay siloed in their APT group. They rotate across teams for decades, carrying often the exact same tools, tactics with them. What we label as "different APT groups" is often the same people with different hats. This makes attribution way messier than the tidy narrative we see in threat reports. Worth reading this epic report published by the Zurich Centre for Security Studies if this stuff keeps you up at night: ethz.ch/content/dam/et…

We've been a little quiet on our end but we have some huge things cooking for 2026 that we can't wait to share with you. We also have a new lab coming out in the next couple weeks 😏... But in the meantime, enjoy this feedback we got today.

This was a really fun one todo, spent ages getting the ivanti appliance exploit working, some really interesting paths in there to check out!

First blood for our new lab "Meow Islands" congrats tmechen! 😍

NEW LAB: APT40 Ivanti Exploitation APT40 (Chinese Hainan State Security Department) targets the Department of Trade and Finance of Meow Islands by exploiting a vulnerable Ivanti appliance. The investigation involves: 🔸Ivanti Connect Secure exploitation 🔸Appliance filesystem forensics 🔸Edge device to internal pivoting 🔸Sideloading through trusted antivirus binaries Enterprise "LIVE" customers receive full RDP access to all appliances and devices involved in the investigation. Contributors Adversarial Emulation @ZephrFish Incident Response @svch0st Solve it here xintra.org

The next decade of cyber conflict will decide how the world operates. If you want to work on technology that defines the future and makes real impact, come build it with us @XintraOrg xintra.org/jobs

@mikecybersec Amazing write up!!

Completed the Waifu University lab by @XintraOrg Write up here mikecybersec.notion.site/Waifu-Universi…

12 months ago I presented a 3 hour course on attacking and defending Microsoft IIS servers to a packed room at BSides Canberra, today the 30+ hour version went live on @XintraOrg !

This course is instructed by Adrian Justice @Zeroedtech, who has performed IR at Crowdstrike and at the Australian Cyber Security Centre (ACSC) for the government. He has extensive experience responding to APT compromises of government departments and critical infrastructure and is an expert at IIS related compromises. One piece of notable work in his career was his work in the infamous Copy-Paste compromises conducted by alleged Chinese APT groups cyber.gov.au/sites/default/…

New XINTRA course‼️ Advanced IIS Post Exploitation, Detection & Evasion Modern APT groups are actively weaponizing ToolShell and fileless IIS tradecraft to compromise Exchange, SharePoint, ASP workloads. If your detection and response capabilities lag exposure, this course bridges the gap with: - Memory dump analysis (Windbg) - Deserialisation exploits & detections - ViewState attacks - .NET Reflection - Deobfuscation techniques Syllabus and preview videos here👇 xintra.org/courses/9-adva… @XintraOrg

Some more feedback this week

You might notice things are looking a little different on XINTRA.org 👀 A new chapter is coming and we can’t wait to share it with you.

Some new feedback this week 🫶🏼

Sharing some more feedback from this week!

@svchostss_exe @davisrichardg Fantastic work!

There's pretty much never been a better time to start learning or get hands on blue team experience through labs. The availability and quality of labs being released today compared to 4 years ago is night and day. Training providers like Xintra are paving the way for the future!

@r3nzsec 🙏

Super fun working on this lab with the @XintraOrg gang!! Enjoy and let us know your feedback! #ScatteredSpider #MuddledLibra #UNC3944