Latest Posts

• 💬 The Bear Necessities

  The Bear Necessities: a XINTRA Labs Walkthrough

  

  The Threat Actor in focus is APT29 a.k.a. Cozy Bear, an activity group often attributed to Russia’s Foreign Intelligence Service (SVR). On December 13, 2023, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) released an advisory describing APT29’s exploitation of CVE-2023-42793 in JetBrains TeamCity software which will set the stage for today’s emulated compromise.

  Writing this walkthrough helped me clarify my thought processes and identify areas to improve in my investigations. This walkthrough doesn’t just seek to find the flags. My vision was to use the questions as a narrative “skeleton” to navigate the lab and tell the story of TechTonik. The completed IR tracker for this lab and the Mitre ATT&CK navigator layer can be found at the end.

  Let’s go hunt ourselves a bear!