This year's Holiday Hack Challenge was just as invigorating and challenging event as usual. Santa and the Elves decided that due to all the cyber shenanigans which have occurred over the years that holding a hacking conference would be a great way to keep everyone safe. The name of this conference is KringleCon and it involved an entire virtual world, complete with a virtual character who can move around and interact with CranberryPi terminals, as well as ventilation shafts, kiosks and door code panels (Figure 1). This challenge was tough as it required knowledge of a vast spectrum of knowledge in computer administration, web services, code cracking, and web servers. Additionally, skills in programming and debugging in languages such as JavaScript, PowerShell, Python, shell scripting, and data analysis. While I have decent amount of knowledge with many of these skills, I wasn't going to be able to complete the challenge in time to submit a report to the Counter Hack team by January 14, 2019 due to a later start than last year. So I recruited a good friend of mine whom I've worked with in the past, who is probably one of the most skilled computer experts and programmers I know. My friend and I worked over the last few days to finish the last four challenges/objectives to submit a report before the deadline. The result is approximately 81 pages (a few typos and errors but nothing serious) for our report describing how to finish the 2018 SANS Holiday Hack Challenge. Below is our report embedded for review. Overall, I found the competition very different from the 2017 version and as it was more of an open-world one the flow of the contest was a bit confusing until I spent a good chunk of time (about an hour) of really exploring and understanding the world, and how we could really navigate around and interact in any order a competitor chooses. This proved to be a really fantastic choice by the Counter Hack team, and upon completing the competition with a solid tying together, I'm pleased to say this was an even better experience than last year. I'm continuously humbled by the organization, skills, and efforts of Ed Skoudis and his team. As usual it was a fun experience and the team did a phenomenal job. I'd like to extend a personal acknowledgement to Jevan Gray for his ability to quickly understand and dissect code and assemble solutions. I doubt I could have accomplished this before the deadline without his knowledge and expertise. Thank you again Jevan!
0 Comments
|
AuthorI am a Doctoral Scholar at Colorado Technical University and a graduate of the Cyber Security Operations and Leadership program from the University of San Diego. I work in cybersecurity, and have accumulated twenty years in the IT industry. There are few IT roles I have not performed, which gives me great insights into making sense of all the IT confusion. Archives
February 2022
Categories
All
|