A collection of my write-ups on Capture The Flag (CTF) events, hardware challenges and real life encounters. They explain how the goal was accomplished and try to teach you how to approach these kinds of challenges.
In Elf Stack SIEM, we help a North Pole elf investigate a cyberattack by the Wombley faction. In Silver, we analyze logs to uncover key insights like event counts and sources, using Python and pandas. Gold dives deeper, exploring phishing emails and reindeer-related domains to trace the attackers. By scripting smart queries, we piece together the attack chain, earning both medals and restoring order to the North Pole’s systems!
In Santa Vision, we assist Ribb Bonbowford in reclaiming the Santa Broadcast Network (SBN) from Wombley’s control. For the silver medal, we identify admin credentials hidden in the portal’s HTML, log in, and explore MQTT topics for valuable information. To earn gold, we uncover secrets in HTTP headers and retrieve additional user credentials to dig deeper into the northpolefeeds, ultimately restoring the holiday cheer and earning both medals!
In The Great Elf Conflict, we dive into the chaos of a cyberattack at the North Pole, unraveling clues left by Team Wombley. For silver, we use KQL to uncover critical data, exposing phishing schemes, compromised accounts, and malware infections. To earn gold, we decode advanced threats, track down malicious files, and find the ransomware with precision queries. By solving all four sections, we bring peace to the elves and secure the North Pole!
In Snowball Showdown, we help Alabaster Snowball defeat Wombley Cube. For silver, we enable single-player mode and tweak game variables for an easy win. For gold, we discover and trigger a hidden command, unleashing the “mother-of-all-snow-bombs” for a decisive victory!
In the PowerShell challenge, we help Piney Sappington unlock the snowball weaponry system. For silver, we solve tasks using PowerShell cmdlets like Get-Content and Invoke-WebRequest. For gold, we script a solution to generate token hashes, manage cookies, and iterate through data to bypass the standard path and secure the medal!
In Drone Path, we help Chimney Scissorsticks decode drone data to avert an elf conflict. For silver, we analyze a KML file, geolocate a hidden drone name, and plot CSV data to uncover a password. For gold, we exploit an SQL injection flaw to find clues on how to reveal the gold medal code, and decode some binary data. Along the way, we explore database schemas and crack passwords for deeper insights!
In Mobile Analysis, we assist Eve Snowshoes with debugging Santa’s Naughty-Nice List app. For silver, we analyze a decompiled APK file, uncovering a missing child’s name through a SQL query. For gold, we tackle an obfuscated AAB file, decrypt hidden database triggers, and identify another excluded name using AES encryption—securing both medals!
In Hardware Hacking Part 2, we help an elf grant access to card number 42. For silver, we find the passcode and use the slh command to grant access. For gold, we locate the SQLite database, modify the access value directly, and generate a valid HMAC signature using details from another table.
In the Hardware Hacking challenge, we help Jewel Loggins fix Santa’s Little Helper tool by connecting to a UART interface. For silver, we wire correctly, enable developer mode via DevTools, reconstruct shredded notes with Python, and input the right settings. For gold, we explore the game’s API and use a modified curl request to access a hidden endpoint, bypassing hardware to secure the gold medal!
In this challenge, we help Morcel Nougat recover a shredded document by decoding clues from a book and using an old-school telephone keypad. After enabling a hidden flashlight, we script a solution to bypass rate limits and crack the final code, solving both the Silver and Gold challenges!
In the Curling challenge, we join Bow Ninecandle to learn how to use the curl command for sending web requests. The silver tasks include sending basic requests, handling self-signed certificates, posting data, and more. Afterwards, we use our knowledge to solve extra tasks involving file paths and redirects, completing the challenge for the gold medal!
In Elf Minder, we guide an elf through twelve levels of maze-like puzzles. Silver is straightforward; solve the puzzles normally. For gold, we inspect the game’s code with DevTools and find hidden admin controls. By enabling them, we can clear obstacles and draw a path directly to the finish. Alternatively, we manipulate springs to bounce the elf straight to the end. Both methods secure the gold medal!
