Sans Holiday hack challenge 2019 - Kringlecon2

Kringlecon 2019 – SANS Holiday hack challenge

What better way to get into the festive mood then by taking part in an awesome online security conference – KringleCon 2019 from the SANS institute. For anyone new it’s a free online conference which includes youtube hosted presentations from security professionals on a variety of topics as well as a CTF game where you help Santa figure out who has stolen two turtle doves from elf university!


How to Join?

It’s a free conference, to join in the fun simply visit HolidayHackChallenge 2019 and click on Kringlecon2 at the top then register an account. If you just want to listen to the talks you can see them all on their YouTube channel : YouTube – Kringlecon2


CTF Challenges

The aim is to solve all the Objectives to help find where the missing turtle doves are. They are ranked in difficulty starting at 1 xmas tree to 4 xmas trees. If you are having trouble with an objective there are helpful elves throughout elf university who will give you a mini-puzzle to solve, these are easier than the objective and if you help an elf with his mini-puzzle they will give you a clue for the main objective.


A lot of the presentations given at Kringlecon also offer hints for the challenges by way of suggesting specific tools and techniques which may come in use for the objectives which works as an extra incentive to pay attention to them all.

If that fails and you are still stuck there is a chat room in the CTF game world full of people who are happy to give hints.


There are a treasure trove of talks at Kringlecon by some of the best security minded folk in their respective industries. Even if you don’t use the talks to help with the CTF objectives you will learn plenty just by listening to them all.

There will be more talks released as the event goes on but currently here they all are with a few brief notes about the topics discussed:

John Strand, keynote : A hunting we must go

  • The benefits of creating hunt teams whose only task is to identify malware beacons.
  • RITA – Real Intelligence Threat Analytics, a tool for identifying malware beacons in traffic.
  • Honeybadger – A tool to geo-locate an attacker who has exfiltrated your companies files, works using Googles gigantic wi-fi database instead of IP which can be spoofed.

Katie Knowles – How to (Holiday) hack it: tips for crushing CTFs & Pwning Pentests

  • Ways to look at a CTF problem once you get stuck, (has a cool screenshot at 6:07 of a problem spiral.)
  • Based on thinking about what new information you have come across since starting the puzzle and new ways of looking at the situation.

Snow – Santa’s naughty list: Holiday themed social engineering attacks

  • A look at social and physical attacks which are more likely to succeed during the Xmas holiday season.
  • Using the website Glassdoor to see what aspects of a company the staff are emotional about.
  • Statistics about e-mail response when using surname, firstname or both.
  • Some proactive tips for how to defend against these attacks.

James Brodsky – Dashing through the logs

  • An intro to searching through events in Splunk
  • An intro to Stoq (E-mail traffic analysis tool)
  • A massive hint that this may be useful for some of the Holiday hack challenge objectives

Ron Bowes – Reversing Crypto the easy way

  • How to hack crypto which has used bad key implementation.
  • Ways to identify which crypto is being used based on its output.
  • Great demonstration at the end which makes use of the techniques in the video.
  • One of the most technical presentations released so far.

Chris Elgee – web apps : a Trailhead

  • An introduction to analysing traffic between you and webapps
  • How to alter some values for items processed locally
  • Good starting point for someone completely new to security who hasn’t ever seen the source code of a webpage

Chris Davis – Machine learning use cases for cybersecurity

  • Discussion about how machine learning can be used in cybersecurity
  • How Machine learning can help with specific tasks for blue and red teams
  • A demonstration of setting up a machine learning program to spot the difference between apples and bananas
  • I’ve seen plenty of mentions that one of the holiday hack challenges can be solved using Machine learning so this one may be worth re-watching.

Deviant Ollam – Optical Decoding of Keys

  • A very scary presentation showing how to duplicate a physical key based on only a photograph of the key.
  • Step by step demonstration for how anyone can do it with the right tools

Dave Kennedy – Telling stories from the North Pole

  • How to prevent SOC staff from spotting your attacks.
  • SOC picks up thousands of potential attacks, how to make yours blend in with the other false positives.
  • Techniques such as altering the name of your variables/files so that if they are Googled the analyst should come across legit pages for their use.

Mark Baggett – Logs? where we’re going we don’t need logs

  • Guide to the built in logging features of Windows 10.
  • SRUM-DUMP – A tool for looking at the System Resource Utilisation Management Database.
  • ESE2CSV – Command line version of SRUM-DUMP.
  • What to do as a forensics investigator when the client has few or no logs.

Heather Mahalik – When Malware goes mobile, quick detection is critical

  • Talk about malware on mobile devices
  • Growing field so likely to be seeing more of this in the near future
  • Less protected than in-office devices
  • UFED physical analyser – forensics tool for digging into malware on mobile devices

John Hammond – 5 steps to build and lead a team of holly jolly hackers

  • Hints and tips for building a successful team of penetration testers and security researchers
  • Advice such as using practical lessons for most of the training, taking parts in CTFs, gamefy learning as much as possible.
  • Keep track of what staff have learned and share with other team members

Lesley Carhart – over 90,000: Ups and Downs of my infosec twitter journey

  • Advice on the use of social media for members of the cyber security community
  • Most of the advice applies to any user of cyber security who has a following consisting of more than just friends and family
  • Lesley has over 100,000 twitter followers so her talk is backed by lots of experience


Last year the soundtrack from the CTF was so popular that this years has been made available as a download available for download here:

Tunes to hack to!!!




git cat-file -p Fatal error : Not a valid object name

If you are trying to view the contents of git objects by accessing the name directly in its folder using: git cat-file -p
you’ll likely get the error “Fatal : not a valid object name”
which is annoying as you can see the file name appears exactly as shown
Screenshot from 2019-11-27 17-19-28

The reason for the error is that Git object names are paths to the file and not
the typical folder + file names you are used to.
In order to fix the issue you need to reference the full file name starting at the root object folder for Git to be able to find it.
In this example I would need to include the “1c” in the file name

Screenshot from 2019-11-27 17-33-53.png

Hints and Tips for PythonChallenge level 11

This is a page of hints for the level 11 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

Platos allegory of the cave tells us that we dont always see the correct picture.

Expand for hint 2

Are you able to extract odd/even parts of the image?

Expand for hint 3

The PIL library is useful for image manipulation.

Expand for hint 4

Try using the % operator to find remainders of numbers.

Expand for hint 5

Look hard at the 2 images you have at the end, the answer is there but very faint, you may miss it on a dark monitor.

Hints and Tips for PythonChallenge level 10

This is a page of hints for the level 10 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

The First challenge is figuring out what the next entries in the sequence are.

Expand for hint 2

Say the numbers out loud.

Expand for hint 3

Look and Say.

Expand for hint 4

Try the “groupby” function from the Itertools library to help group numbers together

Expand for hint 5

The answer is the length, not the actual number

Hints and Tips for PythonChallenge level 9

This is a page of hints for the level 9 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

Have you found the numbers in the source code for the page?

Expand for hint 2

Do the numbers have any sort of rough patterns?

Expand for hint 3

If the numbers come in pairs can you split them up using Python?

Expand for hint 4

Have a look into matplotlib.pyplot

Expand for hint 5

the two images go on top of each other, then start guessing related words.