Learn More
Prove your capabilities
Lab Overview
Hone your incident response & forensic skills by responding to this emulated incident. Husky Corp is a hospitality chain running Microsoft Azure and Entra ID with some on-premise components. They've been targeted by the APT group Midnight Blizzard in an end-to-end compromise; from reconnaissance to exfiltration.
You'll be handling attacks including:
Pass the PRT (Token Based Attacks)Entra ID BackdoorsSkeleton Key AttackManaged Identity AbuseCloud Administrator Privilege EscalationFirst time?
How it Works
1 - Start the Emulation
After you sign up, you are provided a Windows VM prepped with the tools, snapshots and evidence you. You are also granted access to an ELK instance with pre-parsed logs to conduct the analysis.
2 - Score the Points
Each lab contains 40-60 questions, which are broken down by the stages of the incident response process. These will sharpen your skills in a practical environment. Hints are available if you get stuck.
3 - Level Up!
Once you've completed the lab, you'll receive a certificate to share your skills. Next up, there is more to learn - one XINTRA Labs subscription gives you access to all labs.
Learn from the best
Meet the Lab Authors
We’ve got you covered
Frequently Asked Questions
What’s the difference between XINTRA Labs and XINTRA Training?
How long does it take to complete the labs?
Do you provide solutions to labs and questions?
Can I publish my solutions to the labs in a blog post?
Do you offer student discounts?
How does the hint system work?
Do I lose points for incorrect answers?
How often do new labs get published?
How can I contribute or build a lab?
Where do I submit lab feedback or request platform changes?
Have a question that isn’t answered here?
Email us or join our discord.