{"id":78,"date":"2020-01-18T22:06:41","date_gmt":"2020-01-19T03:06:41","guid":{"rendered":"https:\/\/quicksand.tech\/?p=78"},"modified":"2020-01-18T22:08:46","modified_gmt":"2020-01-19T03:08:46","slug":"sans-holiday-hack-2019-write-up","status":"publish","type":"post","link":"https:\/\/quicksand.tech\/index.php\/2020\/01\/18\/sans-holiday-hack-2019-write-up\/","title":{"rendered":"SANS Holiday Hack 2019 Write Up"},"content":{"rendered":"\n<p>Today I saw on Twitter that the Kringlecon recap and awards ceremony is coming up fast, in mid-February this year. With this being the case, I figured I&#8217;d quickly put out a little post and put up my write-up. Gotta make my blog at least a little bit active, right? Haven&#8217;t totally forgotten about the blog&#8211;I still have some stuff I want to do and write with O365\/Azure, plus I finally got some equipment to do minor home-labbing, and I need to get back into messing with HackTheBox and maybe start doing some formal write ups of those. <\/p>\n\n\n\n<p>I noted last year that I expected 2018 to be easier, but still got tripped up in the end. I&#8217;m not sure whether, as I expected in 2018, that I&#8217;m just getting better, or if the challenges were easier this year. A lot of the challenges involved threat hunting and log analysis, which comprises a lot of what I do daily, so maybe that was the difference. <\/p>\n\n\n\n<p>When I say easier, that&#8217;s certainly still a relative statement to when I started in infosec and hadn&#8217;t any established practice with red or blue team skill sets. It still took about a week or so of spaced out efforts to crack the challenges.<\/p>\n\n\n\n<p>The reversing challenge was probably my favorite. It didn&#8217;t take as much time as the WannaCookie analysis (that I actually spent weeks playing with after finishing Kringlecon 2018) but it was still fun. I got to brush up on IDA skills which I&#8217;m pretty woeful at and I got to work with Ruby for the first time. I found the Ruby to be pretty intuitive, maybe just thanks to the wonderful examples and pointers we were given. I might have to spend some more time playing with the language.<\/p>\n\n\n\n<p>The X-Mas Cheer Laser was a runner-up for me. I felt pretty confident going into the challenge as I live in Powershell, yet, I don&#8217;t have any experience with Powershell on Linux and that introduced a number of struggles into how I would have normally gone about the process. <\/p>\n\n\n\n<p>The final challenge was fun and interesting, though I would say that compared to some of the other challenges I was a little frustrated with the way the data was fabricated. I went about the challenge first using a &#8220;real&#8221; threat hunting mindset, only to find out nearly every IP address was unique and the GET\/POST requests didn&#8217;t matter at all&#8230;and had to re-orient myself in terms of how I went about the challenge.<\/p>\n\n\n\n<p>I didn&#8217;t spend as much time on my write-up this year. I&#8217;m still happy with it, but I know that based on the quality of submissions, I don&#8217;t really feel I&#8217;ll have the energy or expertise to compete with write ups of the level that win and really blow you away. Without further ado&#8211;here it is. <\/p>\n\n\n\n<div class=\"wp-block-file\"><a href=\"https:\/\/quicksand.tech\/wp-content\/uploads\/2020\/01\/Blake-Bourgeois-HHC-2019-Writeup.pdf\">Blake Bourgeois &#8211; HHC 2019 Writeup<\/a><a href=\"https:\/\/quicksand.tech\/wp-content\/uploads\/2020\/01\/Blake-Bourgeois-HHC-2019-Writeup.pdf\" class=\"wp-block-file__button\" download>Download<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Today I saw on Twitter that the Kringlecon recap and awards ceremony is coming up fast, in mid-February this year. With this being the case, I figured I&#8217;d quickly put out a little post and put up my write-up. Gotta make my blog at least a little bit active, right? Haven&#8217;t totally forgotten about the&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[31,18,10,8,11,16],"class_list":["post-78","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-31","tag-ctf","tag-kringlecon","tag-sans","tag-sans-holiday-hack","tag-writeup"],"_links":{"self":[{"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/posts\/78","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/comments?post=78"}],"version-history":[{"count":3,"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/posts\/78\/revisions"}],"predecessor-version":[{"id":83,"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/posts\/78\/revisions\/83"}],"wp:attachment":[{"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/media?parent=78"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/categories?post=78"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quicksand.tech\/index.php\/wp-json\/wp\/v2\/tags?post=78"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}