SANS Holiday Hack Challenge 2022
Between December 6, 2022 and January 6, 2023, the SANS Institute hosted the SANS Holiday Hack Challenge & KringleCon 2022, open to anyone to participate for free. Similar to previous years, the challenges were structured around a holiday themed story where Santa’s five rings of power had been stolen by Grinchum, whilst the KringleCon virtual conference talks were viewable online.
The challenges covered a range of skill levels from beginner to advanced and were spread across the following information security topics
- forensics/incident response (Tolkien Ring)
- web application security (Web Ring)
- cloud security (Cloud Ring)
- devops (Elfen Ring)
- blockchain (Burning Ring of Fire)
In contrast to most other CTF (Capture the Flag) competitions, entering the contest for a chance to win a prize in the SANS Holiday Hack Challenge requires submission of a report, no more than 50 pages in length, describing how each challenge was solved. The best technical, creative, and overall reports each win substantial SANS training subscriptions, whilst seven randomly drawn reports compete for a smaller prize of a Holiday Hack T-Shirt. Whilst I was not one of the prize winners - the best submissions are deeply thorough and impressive - I did enjoy participating for the very first time and to my surprise, also earning an entry in the list of Honorable Mentions for 2022.
My submitted report can be viewed in the original PDF format or in an HTML version, which are both generated from the same source markdown, courtesy of the wonderful Pandoc universal document converter: