Olivia
Online
XINTRA
@XintraOrg
Simulating tomorrow’s threats
Joined October 2022
1 Following
5.3K Followers
285 Posts
Pinned Tweet
Enterprise Live is now available to purchase for all our customers 😍
Introducing XINTRA Enterprise Live!!!!
Real-world threat simulation with live infrastructure.
Our team took nearly 8 months to build it, and it's finally here :)
We designed it for SOC/IR teams, with the power to collect evidence, deploy your own tools, and assign tasks... along with:
🔹 Fully private infrastructure per customer
🔹 RDP into compromised systems
🔹 Sentinel + ADX integration
🔹 Deploy your own EDR/XDR
🔹 Velociraptor for forensic collection
🔹 Assign hosts to analysts
🔹 Insights hub for team performance
Enquires → [email protected]
https://t.co/d85AQVBxOK
You’re no longer confined to solving challenges inside a locked-down VM 😉.
With full internet access across all hosts, you can download evidence, upload files, and deploy any tool directly into the environment
@XintraOrg
@ElementalX2 @HDFC_Bank @MDSecLabs @goldenjackel12 I just realised why they used @MDSecLabs - probably because they saw the MustangPanda simulation lab we did for @XintraOrg @inversecos - a APT with a sense of humour! 😂 @jamieantisocial https://t.co/Y94hncVxpJ
After more than a year in the making it is finally out and available here: https://t.co/pN4XluF2vf :)
I will always do open source and publish papers but I've been working for a long time to create a course for people that want structured and in-depth content 1/
NEW XINTRA COURSE!!!🥳
Windows Kernel: Offensive, Defensive & Reverse Engineering by @Idov31
https://t.co/3qiJyib7ro
Build an EDR and rootkits from scratch while mastering the Windows kernel.
Over 70 videos and labs covering:
> Build your own EDR (detection + prevention)
> Rootkits & offensive tradecraft
> Reversing Windows kernel & drivers
> Kernel callbacks, ETW, minifilter and more
There are preview videos too if you wanna see some snippets of the course content ;)
This course is instructed by Ido Veltzman (@Idov31), a senior security researcher specializing in reverse engineering, operating system internals, vulnerability research, and exploit development.
His work spans UEFI, hypervisors, kernel, and user mode, where he has developed advanced evasion, persistence, and injection techniques.
@XintraOrg
Who to follow
ACE Responder
@ACEResponder
Practice threat hunting & detection engineering in a real SIEM with real attacks. Join us and become the best.
inversecos
@inversecos
founder @xintraorg 🌎
Michael Koczwara
@MichalKoczwara
Threat Researcher/Founder @Intel_Ops_io
Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon)
https://t.co/VQWaze6gaF
Working on the upcoming @XintraOrg lab 🇷🇺 while shipping new features for the Mac timeline analysis tool.
Using these simulated attack scenarios to stress-test the gear before it hits the field. Almost there... 😅
#dfir #Xintra
NEW LAB: NavalTech Defense Contractor ⚓
We emulated a North Korean (DPRK) cyber espionage campaign targeting a submarine contractor’s vessel-tracking systems.
Based on CISA’s reporting on DPRK operations to advance military and nuclear programs.
Contributors
@django88_ @svch0st @XintraOrg
Solve it here 👇
https://t.co/3yo41LBhOh
What separates Chinese cyber ops from Five Eyes?
Three things that shifted my thinking about this topic:
1. Early cyber training (90s-2000s) happened on live targets.
Not sandboxes, not simulations...actual foreign infrastructure. The "practice" was the operation. Operational errors caught during IR back then weren't failures of tradecraft... they were the cost of learning on production.
2. The private sector operates as APT infrastructure.
Cybersecurity companies founded by former 2000s hackers (Topsec, i-SOON, Integrity Tech) were later publicly linked to state-directed operations. The line between "legitimate vendor" and "APT contractor" is deliberately blurred (by design).
3. Operators don't stay siloed in their APT group.
They rotate across teams for decades, carrying often the exact same tools, tactics with them. What we label as "different APT groups" is often the same people with different hats.
This makes attribution way messier than the tidy narrative we see in threat reports.
Worth reading this epic report published by the Zurich Centre for Security Studies if this stuff keeps you up at night:
https://t.co/aGgMyPniWF
We've been a little quiet on our end but we have some huge things cooking for 2026 that we can't wait to share with you.
We also have a new lab coming out in the next couple weeks 😏...
But in the meantime, enjoy this feedback we got today.
This was a really fun one todo, spent ages getting the ivanti appliance exploit working, some really interesting paths in there to check out!
First blood for our new lab "Meow Islands" congrats tmechen! 😍
NEW LAB: APT40 Ivanti Exploitation
APT40 (Chinese Hainan State Security Department) targets the Department of Trade and Finance of Meow Islands by exploiting a vulnerable Ivanti appliance.
The investigation involves:
🔸Ivanti Connect Secure exploitation
🔸Appliance filesystem forensics
🔸Edge device to internal pivoting
🔸Sideloading through trusted antivirus binaries
Enterprise "LIVE" customers receive full RDP access to all appliances and devices involved in the investigation.
Contributors
Adversarial Emulation @ZephrFish
Incident Response @svch0st
Solve it here https://t.co/3yo41LBhOh
NEW LAB: APT40 Ivanti Exploitation
APT40 (Chinese Hainan State Security Department) targets the Department of Trade and Finance of Meow Islands by exploiting a vulnerable Ivanti appliance.
The investigation involves:
🔸Ivanti Connect Secure exploitation
🔸Appliance filesystem forensics
🔸Edge device to internal pivoting
🔸Sideloading through trusted antivirus binaries
Enterprise "LIVE" customers receive full RDP access to all appliances and devices involved in the investigation.
Contributors
Adversarial Emulation @ZephrFish
Incident Response @svch0st
Solve it here https://t.co/3yo41LBhOh
The next decade of cyber conflict will decide how the world operates.
If you want to work on technology that defines the future and makes real impact, come build it with us @XintraOrg
https://t.co/brNz8prVkJ
@mikecybersec Amazing write up!!
12 months ago I presented a 3 hour course on attacking and defending Microsoft IIS servers to a packed room at BSides Canberra, today the 30+ hour version went live on @XintraOrg !
This course is instructed by Adrian Justice @Zeroedtech, who has performed IR at Crowdstrike and at the Australian Cyber Security Centre (ACSC) for the government.
He has extensive experience responding to APT compromises of government departments and critical infrastructure and is an expert at IIS related compromises.
One piece of notable work in his career was his work in the infamous Copy-Paste compromises conducted by alleged Chinese APT groups
https://t.co/LCEkoki9xg
New XINTRA course‼️
Advanced IIS Post Exploitation, Detection & Evasion
Modern APT groups are actively weaponizing ToolShell and fileless IIS tradecraft to compromise Exchange, SharePoint, ASP workloads.
If your detection and response capabilities lag exposure, this course bridges the gap with:
- Memory dump analysis (Windbg)
- Deserialisation exploits & detections
- ViewState attacks
- .NET Reflection
- Deobfuscation techniques
Syllabus and preview videos here👇
https://t.co/U4TjRX7DXy
@XintraOrg
Some more feedback this week
You might notice things are looking a little different on https://t.co/1CYnOqDqHB 👀
A new chapter is coming and we can’t wait to share it with you.
Some new feedback this week 🫶🏼
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers