The Sans Holiday Hack is one of the events I most look forward to each year. This year’s event is based around KringleCon, an infosec conference organized by Santa as a response to the fact that there have been so many attempts to hack Christmas over the last few years. This conference even has a bunch of talks, some quite useful for completing the challenge, but others that as just interesting as on their own. To complete the Holiday Hack Challenge, I’m asked to enter this virtual conference, walk around, and solve a series of technical challenges. As usual, the challenges were interesting and set up in such a way that it was very beginner friendly, with lots of hints and talks to ensure that you learned something while solving. The designers also implemented several more defensive / forensic challenges this year, which was neat to see.
KringleCon takes place at Santa’s Castle. Once the gates opened, I walked over the bridge, and was greeted by Santa himself:
Welcome, my friends! Welcome to my castle! Would you come forward please?
Welcome. It’s nice to have you here! I’m so glad you could come. This is going to be such an exciting day!
I hope you enjoy it. I think you will.
Today is the start of KringleCon, our new conference for cyber security practitioners and hackers around the world.
KringleCon is designed to share tips and tricks to help leverage our skills to make the world a better, safer place.
Remember to look around, enjoy some talks by world-class speakers, and mingle with our other guests.
And, if you are interested in the background of this con, please check out Ed Skoudis’ talk called START HERE.
Delighted to meet you. Overjoyed! Enraptured! Entranced! Are we ready? Yes! In we go!
Oh, and as you enjoy the conference, click on your badge to see a series of objectives for you to conquer!
Clicking on my badge reveals 10 objectives:
The solution to each of these objectives, with each associated terminal challenge, are given on the pages that follow. Additionally, the appendix provides information beyond the scope of the objectives, but potentially still of interest.
Table of Contents
- 1) Orientation Challenge
- 2) Directory Browsing
- 3) de Bruijn Sequences
- 4) Data Repo Analysis
- 5) AD Privilege Discovery
- 6) Badge Manipulation
- 7) HR Incident Response
- 8) Network Traffic Forensics
- 9) Ransomware Recovery
- 10) Who Is Behind It All?
- Appendix A: Google Vent Maze
- Appendix B: KringleCon - The Story
- Appendix C: WannaCookie Dropper / PowerSploit
- Appendix D: WannaCookie Source
On walking into the castle, there are numerous characters, terminals, and puzzles to interact with. I’ve created this map tracking the various characters and challenges I’ll interact with throughout the challenge: