Holiday Hack Challenge - 2023

Hands-on cybersecurity challenges created by SANS and sponsored by Google, Microsoft, and Amazon. Topics included: Cloud Security, Web Application Security, Threat Hunting, Log Analysis and more.

Below are each challenge that I completed and some of the primary tools/skills involved in each. Click on the title for more information about each challenge and what I did to solve it.

KQL Kraken Hunt

Tools/Skills: KQL, Incident Investigation, Log Analysis, Decoding Base64-Encoded Powershell Commands

Azure 101

Tools/Skills: Azure CLI, Azure Cloud Environment

Linux 101

Tools/Skills: Linux CLI - ls, pwd, cat, rm, cd, chmod, grep, find, history, ps aux, netstat, curl, kill

Linux PrivEsc

Tools/Skills: Linux CLI, Command Injection, Privilege Escalation

Hashcat

Tools/Skills: CLI, Hashcat, Hash Types

Phish Detection Agency

Tools/Skills: Identifying Phishing Emails, DMARC, DKIM-Signature

Reportinator

Tools/Skills: Burp Suite - proxy, intercept, logger, intruder, cluster bomb, payloads, HTTP traffic

Certificate SSHenanigans

Tools/Skills: Certificates, SSH, Azure Instance Metadata Service, Python, Burp Suite, Source Code

Snowball Fight

Tools/Skills: Browser's Developer Tools, HTML, JavaScript, Runtime Modifications

Elf Hunt

Tools/Skills: JSON Tokens, Browser's Developer Tools, HTML, JavaScript, Runtime Modifications, Burp Suite

Luggage Lock

Tools/Skills: Designing & documenting a repeatable solution to a problem; how to crack a luggage lock in the physical world

Faster Lock Combination

Tools/Skills: Documenting a repeatable solution to a problem; how to crack a rotary lock in the real world