This is another blog post that is long overdue. The SANS Holiday Hack Challenge (HHC) 2020 started in mid-December and went until January 4, 2021. The coolest part about this CTF is that it is available to play all-year round! It's something I'm thankful for because I didn't spend as much time with this event as I would have liked. I was in full-time school, doing Try Hack Me's Advent of Cyber 2, and working on Immersive Labs Sunburst Compromise Lab. At some point this year, I'd like to go back and give the rest of the challenges a go. But in the meantime, this blog post will be about the fleeting experience I did have with it.
The sheer amount of effort put into this event is staggering once you stand back and take it all in. Hats off to Ed Skoudis and his team! The CTF was unlike any other I've participated in. I was used to the Jeopardy style events that are straightforward and bland (but fun). The HHC was a whole other beast! It played like a video game! There was an entire castle to explore and walk around in. It was overload for me because I've never experienced anything like it: there were avatars connected to real people who could talk/chat with each other live, there was custom "Christmas hack" music playing, there was animated snow falling from the heavens for goodness sake! My words can do it no justice. If you've never participated in any of the HHCs, do yourself a favor and head over to the official SANS Holiday Hack Challenge 2020 website, register, and have the time of your life!
I used the word "event" to describe this CTF because it actually was much more than that. For the third year in a row (I think), SANS has held the virtual cybersecurity conference KringleCon at the same time of the HHC. What made it easy to enjoy was they were all recorded and posted to their YouTube channel. If you took the time to watch the speakers, you may have been treated to hints that would in turn help you complete the in-game challenges (like the S3 bucket challenge). In addition to YouTube and the massive scope of the CTF itself, they had a Discord channel to go to for help/networking/info, a Twitter account, and even a HHC custom Christmas music playlist which turned out pretty damn dope! My favorite song was "Falling".
Like all other SANS CTFs, they had challenges for all skill levels. As I said before, I didn't spend as much time as I would have liked participating in the challenges. But what I did complete I benefited from: I learned how to use tmux which is a terminal multiplexer; command injection; a Terminal primer that taught me a lot; handling and extracting ASAR files; image forensics; and Amazon S3 Bucket vulnerability/exploit. I have a link to these write-ups below. They actually separated the challenges so that they had Terminal Challenges that provided foundational skills and knowledge, and then the main Objectives which were more involved.
Overall, this CTF is HIGHLY recommended. I actually made the following Tweet while participating in the challenge:
Keep your eyes peeled during the next Holiday Hack Challenge! And if you see me, say hey! If you don't know what I look like, I'll be wearing this:
Comments