XINTRA Logo

← All Labs / #4

Husky Corp

Midnight Blizzard's end-to-end cloud compromise of a hospitality chain

Learn More

Prove your capabilities

Lab Overview

Hone your incident response & forensic skills by responding to this emulated incident. Husky Corp is a hospitality chain running Microsoft Azure and Entra ID with some on-premise components. They've been targeted by the APT group Midnight Blizzard in an end-to-end compromise; from reconnaissance to exfiltration.

Network Diagram of Husky Corp APT Emulation Lab

You'll be handling attacks including:

Pass the PRT (Token Based Attacks)

Entra ID Backdoors

Skeleton Key Attack

Managed Identity Abuse

Cloud Administrator Privilege Escalation

First time?

How it Works

1 - Start the Emulation

After you sign up, you are provided a Windows VM prepped with the tools, snapshots and evidence you. You are also granted access to an ELK instance with pre-parsed logs to conduct the analysis.

2 - Score the Points

Each lab contains 40-60 questions, which are broken down by the stages of the incident response process. These will sharpen your skills in a practical environment. Hints are available if you get stuck.

3 - Level Up!

Once you've completed the lab, you'll receive a certificate to share your skills. Next up, there is more to learn - one XINTRA Labs subscription gives you access to all labs.

We’ve got you covered

Frequently Asked Questions

What’s the difference between XINTRA Labs and XINTRA Training?

XINTRA labs are designed for blue and red teamers with some previous experience to test their ability on how to detect / respond to emulated APT incidents emulating a real incident response engagement.

How long does it take to complete the labs?

Each lab is an entire emulation of an incident in a “fake” corporate network. To solve the lab requires you to fully solve each incident and understand what has occurred. The questions are designed to guide you through the investigation with a series of hints.

There are generally 40-60 questions per lab. For an experienced incident responder, ONE lab may take around 30-40 hours to complete. For a beginner or a SOC analyst, it may take upwards of 60-70 hours per lab.

Do you provide solutions to labs and questions?

Solutions and guidance are only provided for corporate purchases / corporate customers. For non-corporate purchases, students can access hints on the platform (the usage of a hint will lead to a point deduction) and students will also have access to a Discord channel where they can post questions and collaborate with other students.

Can I publish my solutions to the labs in a blog post?

Absolutely! We encourage and welcome you to post your write-ups, please also tag us at @XintraOrg and [@InverseCos](https://x.com/InverseCos] so we can share your write-ups.

Do you offer student discounts?

If you are a student in high school or University, we offer 15% discount for our labs platform only. Please send us an email at [email protected] with proof of your enrolment and we will issue you a discount.

How does the hint system work?

20% of the questionʼs total points are deducted for each hint used. For example, if the question is worth 10 points and you used a hint, you can only earn 8 points for that question.

Do I lose points for incorrect answers?

No, we do not deduct points for incorrect answers.

How often do new labs get published?

We will work on getting a new lab published every 2 months. Please check the timeline on the homepage and labs page to see the current trajectory. You can also stay in touch with us on our socials to hear news and updates - @XintraOrg.

How can I contribute or build a lab?

Lab contributors are currently invitation only. We are constantly looking for new collaborators – so if this is something you are interested in, please get in touch with us on X/Twitter or [email protected] and we will reach out if there is a right fit.

Where do I submit lab feedback or request platform changes?

There is a feedback box on the dashboard once you login. We take your feedback very seriously as we want to ensure you learn and enjoy the experience! If you have long-form feedback, please also feel free to email us at [email protected].

Have a question that isn’t answered here?
Email us or join our discord.