My KringleCon 2020 Holiday Hack Writeup

Curtis Brazzell
2 min readJan 12, 2021
I really put pressure on myself this year to try and live up to my own “R is for Red Team” Cybersecurity ABCs advice... :)

Well, its that time of year again and somehow between the crazy Q4 consulting work as a Principal Security Consultant, a new baby on the way, the holidays, and time with my family, I was able to squeak out another annual HHC by SANS. Like always, the team at Counter Hack blew me away with the creativity of the story and the challenges. I don’t know how they continue to outdo themselves year after year! This time they had Blockchain, Proxmark, mini-games, Splunk, Redis, Hash collisions, CAN-bus vehicle hacking, REGEX, JavaScript, AppSec, and encryption, to name a few.

If you haven’t already, consider playing! They keep them up year-after-year and are still fun to play after the deadline to submit a report. I’m always amazed by how great of a job the team does at putting together each challenge in a way that isn’t too difficult of a learning curve for people new to the field, but how there’s always something to learn for more experienced individuals in the industry. The way to go about completing an objective is never the obvious path that I expect going in, which is one of the things I love about this Capture-the-Flag (CTF).

I got a little carried away this year with merch.. My wife asks if we’ll have coffee mugs, hoodies, stickers, and shirts every year. “Uh, yeah it’s KringleCon!”

If you’re interested, you can see my 2018 and 2019 reports which follow a similar format. I always try to write my reports in a fun, unique way that reads like what my customers at Pondurance would expect from a red team assessment. I was lucky enough to get a Super Honorable Mention both times before and I’m hopeful I can pull another one off this year. I barely scraped by though with completing every possible main and side-challenge like I had in previous years and only by the skin of my teeth! I can’t wait to read others’ reports since there is usually more than one way to complete each challenge!

Full slide link here for mobile users

Thanks again, SANS, and thank you for reading! I hope you got something out of my report and had a good laugh at the lengths I went to accomplish some of these challenges when I’m sure there were more efficient approaches! :) Until next year!

--

--

Curtis Brazzell

Passionate geek for Information/Cyber Security! I’m always learning and am happy to contribute anything I can share with the community. Follow me @ Twitter!