Here is my write-up for The 2021 SANS Holiday Hack Challenge - KringleCon 4: Calling Birds for which I was awarded a Super Honorable Mention
This was my fourth time participating in the Holiday Hack Challenge and the second time I managed to complete all objectives.
CHALLENGES (exiftool, grep, logic gates, IPv6, Fail2ban, Yara Rules, ltrace & strace, javascript, client-side variables)
OBJECTIVE 1 - KringleCon Orientation
OBJECTIVE 2 - Where in the World is Caramel Santiago? (OSINT techniques)
OBJECTIVE 3 - Thaw Frost Tower's Entrance (iwconfig, crafting a POST request with JSON payload)
OBJECTIVE 4 - Slot Machine Investigation (intercepting and editing POST requests)
OBJECTIVE 5 - Strange USB Device (base64 decode)
OBJECTIVE 6 - Shellcode Primer (Shellcode)
OBJECTIVE 7 - Printer Exploitation (reverse engineering firmware file, modifying hash signatures, hash_extender)
OBJECTIVE 8 - Kerberoasting on an Open Fire (kerberoasting, hash cracking with mangle rules)
OBJECTIVE 9 - Splunk! (Splunk)
OBJECTIVE 10 - Now Hiring (SSRF)
OBJECTIVE 11 - Customer Complaint Analysis (WireShark)
OBJECTIVE 12 - Frost Tower Website Checkup (Web application pentesting, CSRF, Auth Bypass, SQLI)
OBJECTIVE 13 - FPGA Programming (FPGA Programming)