This year I completed the SANS Holiday Hack Challenge. I’ll admit that it took a lot more time and looking through the Discord than it likely took for some of the more seasoned veterans, but I did make it through all of the objectives in time to submit a write-up. I’ve posted all of my notes here as a guide so that anyone who gets stuck trying out the challenge for themselves doesn’t have to spend hours running down dead ends like I did.
Despite the fact that my wall might have a few more head-shaped dents in it than before, I really did enjoy the challenge and perservering through the obstacles I faced was very rewarding. A huge thank you goes out to SANS and the entire team for putting on this event every year and making it free for the entire community!
Note: I did skip a few of the terminal challenges in spots where I felt comfortable attempting the associated objective without the extra hints, so there are a few missing from the list below. That said, they’re not critical for completing the objectives, so anyone following along should be able to complete the challenge anyways.
- Objective 1: KringleCon Orientation
- Objective 2: Where in the World is Caramel Santaigo?
- Objective 3: Thaw Frost Tower’s Entrance
- Objective 4: Slot Machine Investigation
- Objective 5: Strange USB Device
- Objective 6: Shellcode Primer
- Objective 7: Printer Exploitation
- Objective 8: Kerberoasting on an Open Fire
- Objective 9: Splunk!
- Objective 10: Now Hiring!
- Objective 11: Customer Complaint Analysis
- Objective 12: Frost Tower Website Checkup
- Objective 13: FPGA Programming