2024 SANS Holiday Hack Challenge⚓︎
Hello and welcome to my 2024 SANS Holiday Hack Challenge: Snow-maggeddon write-up!
These challenges had a wide range of topics, including Ransomware Reverse Engineering, Hardware Hacking, Web App Hacking with MQTT and Video Feed Manipulation, Video Game Hacking, Threat Hunting with KQL, SIM/SEM Analysis, Mobile App Penetration Testing, OSINT via Drone Path Analysis, Web Exploration with cURL, and PowerShell for Cyber Defense!
Let's embark on our journey !
Table of Contents⚓︎
Solutions for each of the objectives can be found at links below. Alternatively, you can use the navigation links at the bottom of each page to move to the previous or next objective.
- Welcome
- Prologue (Released November 7 2024)
- Act 1 (Released November 11 2024)
- Act 2 (Released November 18 2024)
- Act 3 (Released December 2 2024)
- Conclusion
Objectives⚓︎
Talk to Jingle Ringford on Christmas Island and get your bearings at Geese Islands
Help Angel Candysalt connect the dots in a game of connections.
Assist Poinsettia McMittens with playing a game of Elf Minder 9000.
Team up with Bow Ninecandle to send web requests from the command line using Curl, learning how to interact directly with web servers and retrieve information like a pro!
In a swirl of shredded paper, lies the key. Can you unlock the shredder’s code and uncover Santa's lost secrets?
Ready your tools and sharpen your wits—only the cleverest can untangle the wires and unlock Santa’s hidden secrets!
Jingle all the wires and connect to Santa's Little Helper to reveal the merry secrets locked in his chest!
Santa’s gone missing, and the only way to track him is by accessing the Wish List in his chest—modify the access_cards database to gain entry!
Help find who has been left out of the naughty AND nice list this Christmas. Please speak with Eve Snowshoes for more information.
Help the elf defecting from Team Wombley get invaluable, top secret intel to Team Alabaster. Find Chimney Scissorsticks, who is hiding inside the DMZ.
Team Wombley is developing snow weapons in preparation for conflict, but they've been locked out by their own defenses. Help Piney with regaining access to the weapon operations terminal.
Wombley has recruited many elves to his side for the great snowball fight we are about to wage. Please help us defeat him by hitting him with more snowballs than he does to us.
Answer two sections for silver, all four sections for gold.
Learn and practice basic KQL queries to analyze data logs for North Pole operations.
Investigate a phishing attack targeting Wombley’s team, uncovering espionage activities.
Track and analyze the impacts of a ransomware attack initiated by Wombley’s faction.
Use logs to trace an unknown phishing attack targeting Alabaster’s faction.
Alabaster and Wombley have poisoned the Santa Vision feeds! Knock them out to restore everyone back to their regularly scheduled programming.
What username logs you into the SantaVision portal?
Once logged on, authenticate further without using Wombley's or Alabaster's accounts to see the northpolefeeds on the monitors. What username worked here?
Using the information available to you in the SantaVision platform, subscribe to the frostbitfeed MQTT topic. Are there any other feeds available? What is the code name for the elves' secret operation?
There are too many admins. Demote Wombley and Alabaster with a single MQTT message to correct the northpolefeeds feed. What type of contraption do you see Santa on?
Help the ElfSOC analysts track down a malicious attack against the North Pole domain.
Decrypt the Frostbit-encrypted Naughty-Nice list and submit the first and last name of the child at number 440 in the Naughty-Nice list.
Deactivate Frostbit Naughty-Nice List Publication
Wombley's ransomware server is threatening to publish the Naughty-Nice list. Find a way to deactivate the publication of the Naughty-Nice list by the ransomware server.