2018 SANS Holiday Hack Challenge – KringleCon

This Christmas I teamed up with my son and spent an enjoyable week at home completing the security challenge. After finally opening the piano-locked door to reveal the mastermind behind the whole KringleCon plan, we both felt that we had learnt a lot and accomplished something worthwhile. For my son, it was the first time that he was exposed to the Linux shell, IDS sensors and packet sniffers so it was interesting to observe his reaction to these things.

The piano-locked door

The Holiday Hack Challenge is an annual capture-the-flag security event that is organised by SANS. This year, the event was called KringleCon. The idea is to match wits with a Christmas holiday super villain by completing several progressively difficult challenges and unravel a surprising Christmas holiday story line.

Here is a short description from a recent email message:

This year, Santa is hosting KringleCon, a virtual conference at the North Pole, where you walk through Santa’s virtual castle and watch 22 top-notch recorded 12-18 minute talks with directly applicable technical skills. And, within your browser, you can also walk around Santa’s castle solving cyber defense, digital forensics and incident response, and pen test challenges as an entertaining and surprising holiday plot unfolds. You’ll get to match wits with a holiday super villain while listening to a custom album of holiday tunes. It’s fun for all ages, and it is SANS gift to the cyber security community. Over 15,000 people have played so far! Get it all for free at https://holidayhackchallenge.com.

KringleCon event invitation

Now it’s time for us to write a report about how we solved each of the 10 objectives and enter the contest for a chance to win a prize.

1 Comment

  1. Peter Lapornik (Post author)

    I just found out that we got a super honorable mention for this competition (https://www.holidayhackchallenge.com/2018/winners_answers.html ). I’m already looking forward to doing the next one!


Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.