Talks
SANS Holiday Hack Challenge: Welcome/Orientation
Speaker(s): Ed Skoudis
In this presentation, Ed welcomes you to the 2021 SANS Holiday Hack Challenge, orienting you to the environment, the characters, the storyline, and the super useful KringleCon 4 snowflake badge. He gives tips for navigating Santa’s castle and its interface, as well as ways to chat with other participants and get hints. In 5 short minutes, Ed provides you all the information you need to get rolling in this year's super exciting Holiday Hack extravaganza!
Location: Track 1
Click here to watch this talk!
Automate Security Response by Creating Your Own "Naughty Lists"
Speaker(s): Andy Smith
Location: Track 2
Click here to watch this talk!
Notes
Fail2Ban - Uses logic/triggers to initiate bans when those are reached.
Reads log files for actions used to match logic/triggers.
RFC-3514 Compliant Pentesting: Being Good While You're Being Bad
Speaker(s): Tom Liston
Location: Track 2
Click here to watch this talk!
Notes
This was all about an April Fools joke that proposed setting an evil bit on packets… I really can't tell if this dude is serious about it or not, but changing packets on the fly with scapy/python is useful regardless I guess.
Disclosing Security Vulnerabilities to Open-Source Projects… Like a Boss
Speaker(s): Nancy Gariché
Location: Track 3
Click here to watch this talk!
FPGA Design for Embedded Systems
Speaker(s): Prof. Qwerty Petabyte
Location: Track 3
Click here to watch this talk!
Kubernetes Attack Demo: Hacking a Cheating Casino
Speaker(s): Jay Beale
Location: Track 4
Click here to watch this talk!
The Abominable Snowman's Threat Hunting Adventure
Speaker(s): Xena Olsen
Location: Track 4
Click here to watch this talk!
A CISO's Best Friend: The Pentester!!?!
Speaker(s): Sean Atkinson + Chris Elgee
Location: Track 5
Click here to watch this talk!
Demonstrating Active Directory Penetration Testing
Speaker(s): Chris Davis
Location: Track 5
Click here to watch this talk!
How to Build a Free Malware Lab in Under an Hour
Speaker(s): Mary Ellen Kennel
Location: Track 6
Click here to watch this talk!
Using Open-Source Tools to Track Elves
Speaker(s): Clay Moody
Location: Track 6
Click here to watch this talk!
Talks about techniques that apply to both Objective 2: Where In The World…. and the Exif Metadata (Document Challenge) Terminal Challenge.
Notes
Google Image search the image, since it tries to match "like" pictures to it, so you may be able to identify background buildings and stuff if it's unique/identifiable enough.
ExifTool can help you pull some metadata if that hasn't been scrubbed from the image.
Eliminating XSS in Angular Applications
Speaker(s): Google
Location: Track 7
Click here to watch this talk!
HIDden Ducky, Deconstructed Payload
Speaker(s): Kevin Tyers
Location: Track 7
Click here to watch this talk!
Notes
HID Attack uses a device to emulate user input to a target. Commonly USB, but doesn't have to be.
Even if company blocks USB storage, they probably don't block HID devices like keyboards etc.
Means anything you can do with a keyboard you can do with this type of attack.