Welcome to KringleCon 2

by Salaheldin

Cover


✨ Let's travel!

Go to the ticket shop and buy you exclusive pass ticket for the event at the North Pole Ticket

After arriving at the North Pole station, you will find Santa waiting for you there.

🎅 Santa Welcome You!

Welcome to the North Pole and KringleCon 2!
Last year, KringleCon hosted over 17,500 attendees and my castle got a little crowded. We moved the event to Elf University (Elf U for short), the North Pole’s largest venue.
Please feel free to explore, watch talks, and enjoy the con!

Me


🗺 Map

This a preview of a very high quality map for ELF University.

To zoom and check the details please download the full quality. click here:

Map


🏵 Objectives

Check the objectives in your badge, You will have the 6 objectives then unlock new objective by talking to the elves you find in the university:

Objective Type Location Tools
0/ Talk to Santa in the Quad Talk The Quad
1/ Find the Turtle Doves Explore The student union
2/ Unredact Threatening Document Explore The Quad
3/ Windows Log Analysis: Evaluate Attack Outcome Logs Analysis The event log data DeepBlueCLI
4/ Windows Log Analysis: Determine Attacker Technique Logs Analysis The normalized Sysmon logs EQL
5/ Windows Log Analysis: Determine Compromised System Logs Analysis Zeek logs RITA
6/ Spunk SOC Splnuk Server Splunk
7/ Get Access To The Steam Tunnels Multi Minty's dorm room Multi
8/ Bypassing the Frido Sleigh CAPTEHA Machine Learning fridosleigh Python
9/ Retrieve Scraps of Paper from Server SQL Injection Student Portal Sqlmap
10/ Recover Cleartext Document Reverse Engineering elfscrow app IDA
11/ Open the Sleigh Shop Door Web Dev Carte Web Dev
12/ Filter Out Poisoned Sources of Weather Data Logs Analysis SLEIGH ROUTE FINDER API jq

🎗Helping the elves Challenges

As we walk around, we can find various challenges, and as we talk to the elves standing near them, we get some hints.

Challenge Type Direct Url Elf Location
1 Escape Ed Ed editor Link Bushy Evergreen The train station
2 Linux Path Linux Link SugarPlum Mary The Hermey Hall
3 Xmas laser cheers Powershell Link Sparkle Redberry The Laboratory
4 Splunk - The training questions SOC - Splunk Link Professor Banas The Laboratory
5 Mongo Pilfer MongoDB Link Holly Evergreen Netwars Room
6 Nyanshell Linux Shell Link Alabaster Snowball The Speaker UNpreparedness Room
7 Frosty Keypad Keypad Link Tangle Coalbox The Quad
8 Holiday Hack trail Web Pentest Link Minty Candycane The Dorm
9 Get Access To The Steam Tunnels Key Bitting Link1 Link2 Krampus Minty's Room
10 Graylog Log Analysis Link Pepper Minstix The Dorm
11Smart Braces Iptables link Kent Tinseltooth Student Union
12 Zeek JSON Analysis Log Analysis Link Wunorse Openslae Sleigh Shop

📟 The Answers

1. Find the Turtle Doves?

At the fire in the student union

2. Unredact Threatening Document

DEMAND

3. Windows Log Analysis: Evaluate Attack Outcome

supatree

4. Windows Log Analysis: Determine Attacker Technique

ntdsutil

5. Windows Log Analysis: Determine Compromised System

192.168.134.130

6. Splunk

Kent you are so unfair. And we were going to make you the king of the Winter Carnival.

7. Get Access To The Steam Tunnels

Krampus Hollyfeld

8. Bypassing the Frido Sleigh CAPTEHA

8Ia8LiZEwvyZr2WO

9. Retrieve Scraps of Paper from Server

super sled-o-matic

10. Recover Cleartext Document

Machine Learning Sleigh Route Finder

11. Open the Sleigh Shop Door

The Tooth Fairy

12. Filter Out Poisoned Sources of Weather Data

0807198508261964


🏆 The END

end1

Go to the Bell Tower after last objective:

🎅 Santa!

You did it! Thank you! You uncovered the sinister plot to destroy the holiday season!

Through your diligent efforts, we’ve brought the Tooth Fairy to justice and saved the holidays!

Ho Ho Ho!

The more I laugh, the more I fill with glee.

And the more the glee,

The more I'm a merrier me!

Merry Christmas and Happy Holidays.

🧝🏻‍♂️ Krampus Hollyfeld

ongratulations on a job well done!

Oh, by the way, I won the Frido Sleigh contest.

I got 31.8% of the prizes, though I'll have to figure that out.

🧚🏻‍‍ The Tooth Fairy

You foiled my dastardly plan! I’m ruined!

And I would have gotten away with it too, if it weren't for you meddling kids!

Look in the corner you will find a letter

end3

Jack Frost!

end-jf


⚡️ Extra

Easter Eggs

  1. In Santa’s Naughty List: Holiday Themed Social Engineering talk by snow

    extra1

    We see a phone number 📞 605-313-4000 and if you call the number you hear Santa's Hotline!

    Also the website northpolelnc.com with l instead of i lead to Snow's twitter account.


Kringlcon twitter list

Here a list of Kringlecon team and speakers to follow on twitter:

https://twitter.com/i/lists/1216115053642100737?s=20


Speakers

  • John Strand, Keynote: A Hunting We Must Go
  • Katie Knowles, How to (Holiday) Hack It: Tips for Crushing CTFs & Pwning Pentests
  • Snow, Santa’s Naughty List: Holiday Themed Social Engineering
  • James Brodsky, Dashing Through the Logs
  • Ron Bowes, Reversing Crypto the Easy Way
  • Chris Elgee, Web Apps: A Trailhead
  • Chris Davis, Machine Learning Use Cases for Cybersecurity
  • Deviant Ollam, Optical Decoding of Keys
  • Dave Kennedy, Telling Stories from the North Pole
  • Mark Baggett, Logs? Where we're going we don't need logs.
  • Heather Mahalik, When Malware Goes Mobile, Quick Detection is Critical
  • John Hammond, 5 Steps to Build and Lead a Team of Holly Jolly Hackers
  • Lesley Carhart, Over 90,000: Ups and Downs of my InfoSec Twitter Journey

Talks videos

https://www.youtube.com/playlist?list=PLjLd1hNA7YVzyhhqBQaW-tF45xnS6oHAP


Credit

Credit

SANS Holiday Hack Challenge 2019 KringleCon 2: Turtle Doves

Direction

  • Ed Skoudis

Technical Lead

  • Joshua Wright

Narrative / Story

  • Ed Skoudis

World Builder Lead

  • Evan Booth

Programming

  • Evan Booth
  • Ron Bowes
  • Chris Davis
  • Chris Elgee
  • Matt Toussain
  • Joshua Wright

System Builds & Administration

  • Tom Hessman
  • Daniel Pendolino

Artwork

  • Evan Booth
  • Chris Davis
  • Chris Elgee
  • Kimberly Elliott
  • Brian Hostetler
  • Annie Royal
  • Ed Skoudis

Challenge Development

  • Jim Apger
  • Evan Booth
  • Ron Bowes
  • James Brodsky
  • Gary Burgett
  • Andy Cooper
  • Chris Davis
  • Chris Elgee
  • Tim Frazier
  • Dave Herrald
  • Ryan Kovar
  • Marcus Laferrera
  • Brett Leaver
  • Lily Lee
  • Devian Ollam
  • Daniel Pendolino
  • John Stoner
  • Matt Toussain
  • David Veuve
  • Robert Wagner
  • Joshua Wright

Soundtrack

  • Dual Core
  • Ninjula
  • Josh Skoudis

Website Design

  • Tom Hessman

Conference Scheduler and Speaker Wrangler

  • Chris Fleener

Testing and Feedback

  • Ron Bowes
  • Chris Elgee
  • Tom Hessman
  • Brian Hostetler
  • Ryan Huffer
  • Daniel Pendolino
  • Lynn Schifano
  • Ed Skoudis
  • Joshua Wright

KringleCon Speakers

  • Ed Skoudis - Host
  • John Strand - Keynote
  • Mark Baggett
  • Ron Bowes
  • James Brodsky
  • Lesley Carhart
  • Ian Coldwater
  • Chris Davis
  • Chris Elgee
  • John Hammond
  • Dave Kennedy
  • Katie Knowles
  • Heather Mahalik
  • Deviant Ollam
  • Sn0w

Marketing

  • Chris Fleener

Sponsored Hosting Services

  • Google

Special Thanks

  • The SANS Institute

© Copyright SANS Institute, 2019. All Rights Reserved.


Narrative

Narrative

Whose grounds these are, I think I know

His home is in the North Pole though

He will not mind me traipsing here

To watch his students learn and grow

Some other folk might stop and sneer

"Two turtle doves, this man did rear?"

I'll find the birds, come push or shove

Objectives given: I'll soon clear

Upon discov'ring each white dove,

The subject of much campus love,

I find the challenges are more

Than one can count on woolen glove.

Who wandered thus through closet door?

Ho ho, what's this? What strange boudoir!

Things here cannot be what they seem

That portal's more than clothing store.

Who enters contests by the ream

And lives in tunnels meant for steam?

This Krampus bloke seems rather strange

And yet I must now join his team...

Despite this fellow's funk and mange

My fate, I think, he's bound to change.

What is this contest all about?

His victory I shall arrange!

To arms, my friends! Do scream and shout!

Some villain targets Santa's route!

What scum - what filth would seek to end

Kris Kringle's journey while he's out?

Surprised, I am, but "shock" may tend

To overstate and condescend.

'Tis little more than plot reveal

That fairies often do extend

And yet, despite her jealous zeal,

My skills did win, my hacking heal!

No dental dealer can so keep

Our red-clad hero in ordeal!

This Christmas must now fall asleep,

But next year comes, and troubles creep.

And Jack Frost hasn't made a peep,

And Jack Frost hasn't made a peep...


Resources

Virtual Machines I used:

Recording terminal: