XINTRA

Small XINTRA Labs review on my blog: https://lnkd.in/d7Syw4xM TL;DR - HackTheBox Pro Labs feeling but for Blue

The first thing I learned after reading this blog is that Cross-Tenant Synchronization is a feature in Entra ID that allows two organizations to synchronize users easily without any email approval or manual steps. Attackers are now abusing this feature to perform lateral movement from one tenant to another. The attack works like this: 1- The attacker creates or compromises Tenant A and creates a user there. They then configure outbound access from Tenant A, and perform the same settings in the victim's Tenant B but this time allowing inbound connections and adding Tenant A as a trusted organization. 2-The attacker then selects a user to provision into the victim's Tenant B. Once the provisioning is successful, that user can log into Tenant B and gain access to its resources. 3-If the attacker discovers that the victim's Tenant B is connected to additional tenants, they will attempt to repeat the process and move laterally into those as well. this blog by Lina L. from XINTRA and it was a really interesting read. It covers how attackers can abuse the Cross-Tenant Synchronization feature in Microsoft Entra ID to perform lateral movement between tenants and how to detect it. Definitely worth a look! heres the blog link :)))) https://lnkd.in/d8vAJ3DJ

Proud to share the completion of the Advanced APT Threat Hunting & Incident Response course from XINTRA. This course challenged me to think more deeply about how advanced threats operate and how to investigate them effectively. A special thanks to Lina L. for being a great instructor and for putting together such a practical and insightful course. With 129 lessons, 33 labs, and over 40 hours of content, it provided a solid hands-on learning experience and enhanced my perspective on threat hunting and incident response in real-world scenarios. I am always grateful for opportunities to learn, improve, and sharpen my skills in cybersecurity. #CyberSecurity #ThreatHunting #IncidentResponse #BlueTeam #SOC #APT #XINTRA

Just completed the ABProjektBlue incident response lab simulation of a modern ransomware intrusion from XINTRA. This lab provided a deep dive into a multi-stage attack conducted by Scattered Spider actors against a game development environment. The scenario walks through the full adversary lifecycle, from initial access to data exfiltration and extortion.This hands-on lab was a strong exercise in threat hunting, digital forensics, and incident response, allowing me to trace attacker TTPs across the full kill chain and understand how sophisticated campaigns operate in real-world environments. #CyberSecurity #IncidentResponse #ThreatHunting #DFIR #Ransomware #BlueTeam #SOC #CloudSecurity #Forensics

Great course from XINTRA, led by Lina L., focused on APT Threat Hunting and Incident Response. Engaging and hands-on labs covering core topics such as image analysis (NTFS), KQL queries, Windows events investigation, EZ Tools, Kape, registry analysis and network analysis up until the middle of the course. What stood out the most to me was from the middle of the course onwards which was highly focused on APT and not so often seen techniques. Highlights were handling timestomping, correlating multiple data for workarounds when the standard doesn't work, and diving into OAuth abuse, Azure compromise, Golden SAML and APT persistence techniques. Overall, a very valuable experience - well worth it, despite the price. #continuouslearning #threathunting #blueteam #incidentresponse