{"id":189,"date":"2022-01-08T08:22:01","date_gmt":"2022-01-08T13:22:01","guid":{"rendered":"https:\/\/quicksand.tech\/?p=189"},"modified":"2022-01-08T08:23:21","modified_gmt":"2022-01-08T13:23:21","slug":"sans-holiday-hack-2021","status":"publish","type":"post","link":"https:\/\/quicksand.tech\/index.php\/2022\/01\/08\/sans-holiday-hack-2021\/","title":{"rendered":"SANS Holiday Hack 2021"},"content":{"rendered":"\n<p>This is now a SANS Holiday Hack blog.<\/p>\n\n\n\n<p>Just kidding! It almost feels that way though since it&#8217;s the one thing I can be reliably counted on to produce routinely.<\/p>\n\n\n\n<p>I liked last years decision to use Github to track my progress, so the full repo with my miscellaneous notes can be found here: <a href=\"https:\/\/github.com\/blakebourgeois\/HolidayHack2021\">https:\/\/github.com\/blakebourgeois\/HolidayHack2021<\/a> <\/p>\n\n\n\n<p>The formatted PDF writeup can be accessed directly <a href=\"https:\/\/github.com\/blakebourgeois\/HolidayHack2021\/raw\/main\/Blake%20Bourgeois%202021%20Holiday%20Hack%20Writeup.pdf\">here<\/a>.<\/p>\n\n\n\n<p>The original goal when I moved to Github was that I was doing the challenge across my main Windows PC and a Linux VM. It was easier to sync the Git repos than to use a solution like Google Drive. This year, it wasn&#8217;t a problem, because I was able to accomplish virtually everything through WSL2 on my primary PC. It really is a game changer and has been the tool I&#8217;ve needed to make daily use of Linux without relegating my Linux usage to a barely used\/inconvenient VM.<\/p>\n\n\n\n<p>On the whole, I would say that this year was relatively easy. Mostly, I think it has to do with personal growth&#8211;in the early months of 2021 I took SANS FOR508 and earned my GCFA with a really high score on the exam. At work, I became responsible for doing Linux system administration while we&#8217;re down a staff member. After doing multiple SANS courses, participating in the Holiday Hack each year, and constantly trying to get a passing familiarity with many things, I find that I was able to quickly understand most of the challenges, and if I didn&#8217;t know how to solve them outright, I had a solid enough foundation to not struggle.<\/p>\n\n\n\n<p>That is not to say that this year was easy&#8211;not by a long shot. I did spend a few days on the last handful of challenges, but I wouldn&#8217;t say that it was as difficult as manipulating the Blockchain and abusing PRNG like last year or (my favorite) the WannaCookie ransomware decryption. I suppose we will see at the close out ceremony this year if things really were easier, and there&#8217;s a higher rate of completion, or if it can be attributed to just getting better. <\/p>\n\n\n\n<p>One of the things that I really appreciate about Holiday Hack, and I can&#8217;t say this enough, is that it really exposes me to things and gives me a basic understanding that I otherwise wouldn&#8217;t have. I know it&#8217;s just another CTF and there are plenty out there, but I feel the premise and overarching goal keeps me motivated in a way that doing individual, disconnected hosts like HackTheBox doesn&#8217;t. Due to the variety of challenges they don&#8217;t hesitate to throw some real curveballs in. This year, I&#8217;m thankful for the Shellcode Primer and the FPGA exercise. I also really enjoyed the Kerberoasting challenge and was pretty much immediately able to take the tricks I learned to execute that challenge in a real environment to do some auditing that was historically much more difficult for me to execute in the past. <\/p>\n\n\n\n<p>My only hope is that I don&#8217;t have to hear about log4j again until it is used in a HHC2022 challenge.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is now a SANS Holiday Hack blog. Just kidding! It almost feels that way though since it&#8217;s the one thing I can be reliably counted on to produce routinely. I liked last years decision to use Github to track my progress, so the full repo with my miscellaneous notes can be found here: https:\/\/github.com\/blakebourgeois\/HolidayHack2021&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-189","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/posts\/189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/comments?post=189"}],"version-history":[{"count":2,"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/posts\/189\/revisions"}],"predecessor-version":[{"id":191,"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/posts\/189\/revisions\/191"}],"wp:attachment":[{"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/media?parent=189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/categories?post=189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/tags?post=189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}