The 2020 SANS Holiday Hack Challenge was less of a challenge to figure out who did it, and more picking apart how Jack Frost managed to hack Santa’s processes. This all takes place at the third annual Kringle Con, where the worlds leading security practitioners show up for talks and challenges. Hosted at back at a currently-being-renovated North Pole, this years conference included 13 talks from leaders in information security, as well as 12 terminals / in-game puzzles and 12 objectives to solve. In solving all of these, the Jack Frost’s plot was foiled. As usual, the challenges were interesting and set up in such a way that it was very beginner friendly, with lots of hints and talks to ensure that you learned something while solving.
Table of Contents
Solutions for each of the 11 objectives and their associated terminal challenges can be found at the links below, or using the links at the bottom of each page to move to the previous or next.
- 1) Uncover Santa's Gift List
- 2) Investigate S3 Bucket
- 3) Point-of-Sale Password Recovery
- 4) Operate the Santavator
- 5) Open HID Lock
- 6) Splunk Challenge
- 7) Solve the Sleigh's CAN-D-BUS Problem
- 8) Broken Tag Generator
- 9) ARP Shenanigans
- 10) Defeat Fingerprint Sensor
- 11) Naughty/Nice List with Blockchain Investigation
The game picks up just off the New Jersey Turnpike at Santa’s gondola, where Jingle Ringford offer a ride to the North Pole:
Jingle also tells me about the Kringle Con badge and unlocks the first objective. On heading into the gondola I’m dropped at the North Pole, where Santa greets me:
Hello and welcome to the North Pole!
We’re super excited about this year’s KringleCon 3: French Hens.
My elves have been working all year to upgrade the castle.
It was a HUGE construction project, and we’ve nearly completed it.
Please pardon the remaining construction dust around the castle and enjoy yourselves!
Looking at my badge, the first five challenges are available:
The completed badge contains 12 objectives:
The solution to each of these objectives, with each associated terminal challenge, are given on the pages that follow.