SANS Holiday Hack Challenge

Learning to be a threat analyst

At the end of each year SANS hosts their renowned Holiday Hack Challenge competition which they describe as “the most festive and challenging event of the year!”. I decided to participate this year and I got a nifty badge to show for it.

This year the challenges covered all of these domains:

I particularly enjoyed the Hardware Hacking, Video Game Hacking, and Web Exploitation with cURL challenges, but the challenge that surprised me the most was The Great Elf Conflict, hosted by KC7, which required participants to utilize the Kusto Query Language (KQL) to investigate a simulated phishing attack. This challenge presented a unique opportunity for me to learn some new threat hunting skills, particularly within the realm of Security Information and Event Management (SIEM) analysis.

I grappled with complex scenarios, including identifying the source of the phishing campaign, the users that were targeted, who clicked the link, what the initial infection vector was, then subsequently tracing the attacker’s movements across the network, and uncovering their command and control infrastructure. Mastering advanced KQL syntax for data filtering, aggregation, and transformation proved crucial in navigating the vast dataset and extracting meaningful insights.

The most rewarding aspect of the challenge was undoubtedly the intellectual stimulation it provided. It pushed me to think critically, apply my knowledge in a dynamic environment, and develop a new skill set in cloud observability log traversal using KQL. To successfully navigate the challenge, I relied heavily on the Kusto Documentation, utilizing it to learn new commands, refine existing queries, and deepen my understanding of KQL’s capabilities.

My advice to anyone considering participating in future SANS Holiday Hack Challenges is simple: Give it a try! You might be surprised by how much you can accomplish. The challenge provides a valuable learning experience, regardless of the outcome. I was shocked to learn after the event that only 4.7% of users finished this challenge and that I was one of them.

A christmas elf with both thumbs up

Can't Fuck It Up Koji Fried Chicken
published Mon, Apr 10, 2017
Snyk Fetch The Flag 2025
published Fri, Feb 28, 2025