This is now a SANS Holiday Hack blog.
Just kidding! It almost feels that way though since it’s the one thing I can be reliably counted on to produce routinely.
I liked last years decision to use Github to track my progress, so the full repo with my miscellaneous notes can be found here: https://github.com/blakebourgeois/HolidayHack2021
The formatted PDF writeup can be accessed directly here.
The original goal when I moved to Github was that I was doing the challenge across my main Windows PC and a Linux VM. It was easier to sync the Git repos than to use a solution like Google Drive. This year, it wasn’t a problem, because I was able to accomplish virtually everything through WSL2 on my primary PC. It really is a game changer and has been the tool I’ve needed to make daily use of Linux without relegating my Linux usage to a barely used/inconvenient VM.
On the whole, I would say that this year was relatively easy. Mostly, I think it has to do with personal growth–in the early months of 2021 I took SANS FOR508 and earned my GCFA with a really high score on the exam. At work, I became responsible for doing Linux system administration while we’re down a staff member. After doing multiple SANS courses, participating in the Holiday Hack each year, and constantly trying to get a passing familiarity with many things, I find that I was able to quickly understand most of the challenges, and if I didn’t know how to solve them outright, I had a solid enough foundation to not struggle.
That is not to say that this year was easy–not by a long shot. I did spend a few days on the last handful of challenges, but I wouldn’t say that it was as difficult as manipulating the Blockchain and abusing PRNG like last year or (my favorite) the WannaCookie ransomware decryption. I suppose we will see at the close out ceremony this year if things really were easier, and there’s a higher rate of completion, or if it can be attributed to just getting better.
One of the things that I really appreciate about Holiday Hack, and I can’t say this enough, is that it really exposes me to things and gives me a basic understanding that I otherwise wouldn’t have. I know it’s just another CTF and there are plenty out there, but I feel the premise and overarching goal keeps me motivated in a way that doing individual, disconnected hosts like HackTheBox doesn’t. Due to the variety of challenges they don’t hesitate to throw some real curveballs in. This year, I’m thankful for the Shellcode Primer and the FPGA exercise. I also really enjoyed the Kerberoasting challenge and was pretty much immediately able to take the tricks I learned to execute that challenge in a real environment to do some auditing that was historically much more difficult for me to execute in the past.
My only hope is that I don’t have to hear about log4j again until it is used in a HHC2022 challenge.