SANS Kringlecon 2022 Introduction

-

What Challenges Should You Expect?

 

This year, the infamously precious 5 Golden Rings have been stolen, and Santa needs your help to recover them. Each ring represents a different quest to defeat cybersecurity obstacles to change the course of the future and defeat holiday treachery:

 

1. Tolkien Ring (Network Security) - Analyse a PCAP to identify malware, and then analyse logs and create IDS rules to detect such attacks.

2. Elfen Ring (SecDevOps and Supply Chain Attacks) – Identify malicious packages and then attack CI/CD processes to escape a container.

3. Web Ring (Web Application Vulnerabilities and Exploitation) - Identify XML External Entity (XXE) attack and leverage such vulnerabilities to gain access.

4. Cloud Ring (Cloud Security) - Analyse cloud configurations via the command line, identifying possible vulnerabilities and information leakage.

5. Burning Ring of Fire (Cryptocurrency, NFT, and Smart Contract Attacks) - Acquire and spend cryptocurrency, then analyse a smart contract and blockchain to undermine the cyber villain’s plot.

Also with Hidden chests all around the game sprinkling elven hints & references

 

CTF Portal: https://2022.kringlecon.com/

 

More Information can be obtained from the following Links

·      Ed’s intro video - YouTube

·      SANS Challenge Details - Link

·      SANS Official Support Channel: discord invite

following are the links to each challenge walkthrough

Tolkien Ring 

Wireshark Practice

Windows Event logs

Suricata Regatta


Elf Ring

Clone with a difference

Prison escape

Jolly CI/CD


Web Ring

Boria PCAP Mining

Open Boria Mine door

Glamtariels fountain


Cloud Ring

aws-cli-intro

Trufflehog search

Exploitation via aws cli


NFT

buy-a-hat

Blockchain Divination

Exploit a smart contract

 

Kringlecoin Orientation

Upon Successful sign up with your account to Kringlecon, Beginning of the game our avatar stands right next to the Jingle Ringford waiting to talk and a KTM machine with logo indicating create a wallet

We get introduced to five ring badges on our avatar and then left hand side navigation pane. Next, we are asked to click on the KTM machine to create a wallet, greeting us with the following msg and give us a Kringlecoin wallet address and key to access & authorise transaction from the wallet


After which we are asked to click on a new terminal icon popped up next to Jingle Ringford, where we are presented with “Enter the answer here” prompt teaching us to use the terminal windows for future challenges.



Once you have typed “answer” on the above panel the we receive out intial kringlecoins and the gate next to Jingle Ringford unlocks. A new narrative gets unlocked as we progress and we are being asked to talk to Santa



After speaking to Santa he briefs us on his situation of how he lost his five magical rings and unlocks access to first few challenges in the quest to retrieve the five rings (Tolkien Ring, Elfen Ring, Web Ring, Cloud Ring and Burning Ring of Fire)


And there begins your quest to save Santa !, 


Comments

Post a Comment

Popular posts from this blog

Tolkien Ring - Wireshark Practice walkthrough

-
Image
By now we should be ready to start out first challenge as part of the Tolkien Ring, which is in relation to Wireshark Difficulty Rating: 1/5 Hints Just have to follow thorough the questions asked in terminal, by analysing the suspicious.pcap file in Wireshark   Solutions 1. What kinds of objects can be exported in the pcap file ?  HTTP Open up suspicious.pcap file in Wireshark, using the export objects option available in Wireshark. Now we can export different types of objects depending on what’s been captured in this pcap. When you choose to export HTTP objects you get to see 3 files, while the export options will be empty.   2. Name of the biggest file you can export ?  app.php (808kB) Within Wireshark in the object export tab for HTTP, you get to see 3 files, among which the biggest file by size 808kb is app.php     3. Packet number where app.php starts ?   687 In the object export tab within Wireshark, first column indicated the starting packet number of the conversation for tha
Read more

Elfen Ring - Prison Escape Walkthrough

-
Image
Prison Escape Challenge Difficulty 3/5 Clone a code repository. Get hints for this challenge from Bow Ninecandle in the Elfen Ring. After completing the Clone with a difference challenge , Getting back on the boat and progressing further through the game, we meet Tinsel Upatree with a terminal named “Prison Escape”, once we click on the terminal we are presented with the following screen that details the challenge and Based on the question, we need to find a hex string that contains the flag that needs to be submitted Seems like we need to find a way to privilege escalate or escape from the limited sandbox to be able to complete the challenge. given we can get linpeas transferred to this system, we will have to manually perform initial enumeration. Based on the above screenshot, Seems like some sort of docker container and now ill have to narrow down the enumeration to docker container escape .  Using the following docker container escape reference cheatsheet, while attempting enumerat
Read more