This year I completed the SANS Holiday Hack Challenge. I’ll admit that it took a lot more time and looking through the Discord than it likely took for some o...
2021 SANS Holiday Hack Challenge Posts
In this one we learn what the heck an FPGA is and how to program one.
In this one, we do some more web app pen testing, but this time we get the source code from the start!
Objective A human has accessed the Jack Frost Tower network with a non-compliant host. Which three trolls complained about the human? Enter the troll name...
This will be some more web app pen testing, this time on a job portal.
In this challenge, we’re learning some threat hunting skills by trying to find security events in logs.
This time, we’re going to be attacking Active Directory.
We’re building some more penetration testing skills in this challenge.
In this challenge, we learn how to write shellcode, a very close-to-the-processor programming language.
In this challenge, we do some light reverse-engineering on a USB Rubber Ducky.
In this challenge, we’re going to do a bit of web app pen testing on a virtual slot machine site.
In this task, we’re asked to help thaw the door to frost tower using the thermostat.
In this challenge we use some Open-Source Intelligence (OSINT) skills to follow the tracks of one of the elves around the world.
This is the very start of the 2021 SANS Holiday Hack Challenge.
In this challenge we have to write some python code to get an elf to move past obstacles and to a gate.
This one is more of a game than a challenge. You just have to complete one Intermediate stage on the “Potpourri” setting.
In this challenge, we’re asked to get the candy striper working, but we have to use IPv6 to do it.
In this challenge, we learn about the Instance Metadata Service (IMDS), which is used by many cloud providers. This challenge is mostly on-rails with you jus...
This is a guitar hero-like minigame, but for holiday music. It’s supposed to be two-player, but there’s a way to enable single-player by messing with some cl...
In this challenge, we’re using fail2ban to automatically add bad actors to the ‘naughty list’
In this task, we have to search through a giant file that was created using nmap -oG.
In this challenge, we’re asked to fix the logic of an elevator by moving around some logic gates.
In this challenge, we use exiftool to check to see who last modified a file.