My KringleCon 2020 Holiday Hack Writeup
Well, its that time of year again and somehow between the crazy Q4 consulting work as a Principal Security Consultant, a new baby on the way, the holidays, and time with my family, I was able to squeak out another annual HHC by SANS. Like always, the team at Counter Hack blew me away with the creativity of the story and the challenges. I don’t know how they continue to outdo themselves year after year! This time they had Blockchain, Proxmark, mini-games, Splunk, Redis, Hash collisions, CAN-bus vehicle hacking, REGEX, JavaScript, AppSec, and encryption, to name a few.
If you haven’t already, consider playing! They keep them up year-after-year and are still fun to play after the deadline to submit a report. I’m always amazed by how great of a job the team does at putting together each challenge in a way that isn’t too difficult of a learning curve for people new to the field, but how there’s always something to learn for more experienced individuals in the industry. The way to go about completing an objective is never the obvious path that I expect going in, which is one of the things I love about this Capture-the-Flag (CTF).
If you’re interested, you can see my 2018 and 2019 reports which follow a similar format. I always try to write my reports in a fun, unique way that reads like what my customers at Pondurance would expect from a red team assessment. I was lucky enough to get a Super Honorable Mention both times before and I’m hopeful I can pull another one off this year. I barely scraped by though with completing every possible main and side-challenge like I had in previous years and only by the skin of my teeth! I can’t wait to read others’ reports since there is usually more than one way to complete each challenge!
Full slide link here for mobile users
Thanks again, SANS, and thank you for reading! I hope you got something out of my report and had a good laugh at the lengths I went to accomplish some of these challenges when I’m sure there were more efficient approaches! :) Until next year!