KringleCon V: Golden Rings (2022)

2022 SANS Holiday Hack - Kringlecon: Five Golden Rings

This is my fifth (!) holiday hack, and as always it was a heap of fun. It seemed a bit easier this year (hopefully because I'm getting better, rather than just because it was easier), so I decided to give the "creative writeup" a go, rather than continuing my trend of simple technical ones. I was unprepared for how much harder it is!

The Writeup

Note The writeup contains spoilers. If you missed doing the hack over December / January, and are now feeling stuck and want hints, feel free to message me: Zysygy on Discord or vw2cdyml AT duck DOT com.

Note two:The DuckDuckGo extension blocks my fake ads, for some reason. So if you don't see two images on the first page, you might want to use incognito mode.

You can either start at intro and then used the folded up corner at the page's bottom right to navigate through them (and the folded down corner on the page's top left if you want to navigate back), or visit them in this order:

There are links and popups for more technical detail, where I couldn't fit it into the newspaper-style format.

I apologise for my horrific and not-accessible CSS; it turns out that making a old-fashioned newspaper layout isn't super easy, and I didn't have the time or energy to spend doing things properly.

Thanks

I'm always awed by what the SANS team manage to create and that they release it for free every year. So a huge thanks to everyone involved, and to the sponsors!

I also loved the talks this year; I'd never thought about how NaN could be an issue while sorting, or even heard of a Merkle tree. I'm very impressed by Rajvi Khanjan Shroff (and a bit jealous - I wish I'd known about it when I was in highschool!). And Jared Folkins' talk seems to have answered the question about whether YouTube has become intelligent: A screenshot of Jason's talk (Instead of saying Elf was a last minute "fill in", it's said "villain". Clearly it knows.)

And thanks to everyone who participates on Discord - it's way more fun when people are around to give hints, and I learn a lot when other people want hints.

Ideas for future SHHs

Not necessarily good ideas, mind you.
  • Formal verification - I've been learning a bit about seL4 and formal proofs of correctness. They're super hard, but not something that most people come across, so could possibly make for an interesting challenge.
  • AI Prompt attacks - this seems to be all the rage now, so I assume it'll probably be a challenge one year, and think it could be cool.
  • Unicode attacks - SecurityNow was talking about the uses for zero-width whitespace and how it could potentially be used maliciously. And there were the attacks on GitHub through backwards-writing code characters recently, so they could be fun to look at.
  • Mobile - I don't think there have been any mobile-based attacks in any of the SHHs that I've done (although I might be forgetting). That seems a bit strange to me.
  • Assembly - I always love the assembly challenges since I want to learn it but always get distracted. The previous ones have always been great, so more would always be awesome!
  • Southern Hemisphere - I would like to formally invite Santa to the Southern Hemisphere. I can promise his castle won't get snowed under down here, and it is quite lovely having Christmas on the beach...

Questions

These are the questions I still have that I hope will be answered by some other writeup and/or at the KringleCon closing ceremony

  • Is Dridex legitimate? VirusTotal recognised it and opening it up in Ghidra didn't show anything interesting so...?
  • Is there a way to get the files from AWS (pollution.jpg, etc)? We don't have access rights to just get objects and I couldn't just put a policy that granted that, so I assume not.
  • What does the lambda function do? I just get a "quota exceeded" message :(
  • Am I missing something with the hat - it seems like there must be someway to exploit it...
  • How many creative entries do you get?

Firsts

  • This is my first year without Splunk. I can't say I miss it, since I ended up using Splunk a lot at work. But it is a shame since KringleCon was the sole reason I was really excited to use Splunk when I joined a company that used it. So incase anyone from Splunk is reading - sponsoring SHH is definitely a good way to make tech folk think fondly of you!
  • This was also my first year with no hardware-related challenges. I missed them!
  • This was so close to being my first year not needing hints. :shakes fist angrily at Glamtariel!: 😂

Credit

  • Huge thanks to SANS - most of the images, a lot of the content and all of the inspiration are (obviously) from them.
  • Thanks also to freepik for the "faded newspaper" background aesthetic: Image by kjpargeter on Freepik
  • and to https://embed.im/snow/ for the snow effect
Location: F75V+77 Dunganville, West Coast, New Zealand

Comments

Post a Comment

Popular posts from this blog

Kringle Con / Frost Fest 2021

Image
I've decided to try to create a more thorough write-up of KringleCon / Frost Fest this year, but I also don't want to make this unreadably long. So if you're just after the answers, ignore all of the hidden text below and jump ahead to whatever you want to read. If you're after a bit more depth, in addition to the answers, I've documented: the missteps I took trying to figure it out, even all those that lead no where. Mostly because I forget how tough I find stuff and then feel bad whenever I struggle, or I read other people's write-ups and feel intimidated by how easy everything seems to be for them. the wider picture: what the challenge teaches us and how it relates to the real world. This will also contain links to additional sources that may be helpful but don't really fit in the challenge. I think this might be helpful for people outside cybersecurity or for when I half-remember something and want to reference it later. ...
Read more