SANS Holiday Hack Challenge 2025: Revenge of the Gnome(s)

The 2025 SANS Holiday Hack Challenge: Revenge of the Gnome(s) takes place over three acts in the Dosis neighborhood, where gnome dolls have come to life and are scurrying around furthering a plot by Frosty the Snowman to freeze the world so that it’s always winter and he never melts. I’ll work through 27 challenges ranging from beginner-friendly to expert-level, covering web exploitation, reverse engineering, cloud security, AI prompt injection, cryptography, and signal analysis to help stop Frosty and save the neighborhood. I’ll also write a hack the game itself, writing a TamperMonkey plugin to do NPC / terminal / door / item locations, teleportation, and allow walking through walls. I’ll find a bunch of hidden gnomes hanging out in a patch of snow and uncover how the game developers made the running gnomes, and a bunch of Easter Eggs as well.

Dosis Neighborhood

The 2025 Holiday Hack Challenge returns to the location of the 2015 challenge, the Dosis neighborhood. In 2015, Jess and Josh Dosis received a Gnome in Your Home doll (created by the ATNAS Corporation), which was really just a plot by Cindy Lou Who to ruin Christmas.There have been some changes over the last 10 years. Members of the CounterHack staff as well as the Geese from the 2023 challenge are scattered around the neighborhood and inside buildings with various terminals and challenges to attempt.

The map below shows Buildings, NPCs, Terminals / Challenges, and Items. Use the interactive map or the table of contents below to jump to specific challenges, or step forward with the link at the bottom of the page:

Ed's Office Ed Skoudis It's All About Defang City Hall Maurice Wilson Mail Detective Retro Emporium Mark DeVito Kevin McFarland Olivia Retro Recovery Going in Reverse Schrödinger's Scope Free Ski Modern
Scandinavian Thomas Bouve Gnome Tea Netwars Tom Hessman Chris Elgee Visual Firewall Snowcat RCE & Priv Esc Grand Hotel Charlie Goldner Torkel Opsahl Quantgnome Leap Snowblind Ambush Sasabune Josh Wright IDORable Bistro Sponsor Booths 24-Seven Janusz Jasinski Dosis Network Down Data Center Chris Davis Frosty Hack-a-Gnome Frosty's Snowglobe Train Station Receipt Lucas Eric
Pursley Patrick
Chapman Jason James Kyle Parrish Paul Beckett Evan Booth Yori Kvitchko Elder Gnome Jared Folkins Barry Grace Rogue
Gnome
IDP Owner Intro
to Nmap The Open Door Neighborhood Fire
Alarm System Santa's Gift-Tracking
Service Port Mystery On the Wire Visual Networking Spare Key Storage
Secrets

Table of Contents

0️⃣ Orientation

1️⃣ Act 1 Its All About Defang Neighborhood Watch Bypass Santa's Gift-Tracking Service Port Mystery Visual Networking Thinger Visual Firewall Thinger Intro to Nmap Blob Storage Challenge in the Neighborhood Spare Key The Open Door Owner

2️⃣ Act 2 Retro Recovery Mail Detective IDORable Bistro Dosis Network Down Rogue Gnome Identity Provider Quantgnome Leap Going in Reverse

3️⃣ Act 3 Gnome Tea Hack-a-Gnome Snowcat RCE & Priv Esc Schrödinger's Scope Find and Shutdown Frosty's Snowglobe Machine On the Wire Free Ski Snowblind Ambush

Appendices A: Really Hacking HolidayHack B: Snow Field C: Easter Eggs