The 2022 SANS Holiday Hack Challenge is officially open for play! This free challenge will help people around the world develop cybersecurity skills and get a chance to win prizes ranging from cybersecurity goodies to the grand prize of a SANS online training course.
Our cybersecurity elves narrowly saved the season last year, protecting Santa and the North Pole from danger. We all thought the holidays would be safe for years to come. But we have discovered that evil still lurks across the icy terrain, so we must call on our cybersecurity community, from people brand new to cyber all the way up to seasoned professionals, to join us in this exciting mission to save the holidays again!
What is SANS Holiday Hack Challenge?
The annual SANS Holiday Hack Challenge, featuring KringleCon, is a FREE series of super fun, high-quality, hands-on cybersecurity challenges for all skill levels. This unique experience includes real-world challenges and a quirky holiday-themed storyline where you’ll get to save the holiday season from a cyber attack. You can create your customized avatar and partner with teammates, friends, and players from around the globe in this one-of-a-kind shared virtual experience. Or, if you prefer to play solo, you can certainly do that too!
The SANS Holiday Hack Challenge includes a built-in virtual conference called KringleCon. This year, KringleCon 5: Golden Rings features fascinating talks from cybersecurity industry experts discussing the latest information security topics (some of which will help you solve the SANS Holiday Hack Challenge!). And, Santa will share a playlist of newly minted holiday songs to inspire your cyber security work.
What Challenges Should You Expect?
This year, the infamously precious 5 Golden Rings have been stolen, and Santa needs your help to recover them. Each ring represents a different quest to defeat cybersecurity obstacles to change the course of the future and defeat holiday treachery:
Web Ring (Web Application Vulnerabilities and Exploitation) - Identify XML External Entity (XXE) attack and leverage such vulnerabilities to gain access.
Elfen Ring (SecDevOps and Supply Chain Attacks) - Identify malicious packages and then attack CI/CD processes to escape a container.
Tolkien Ring (Network Security) - Analyze a PCAP to identify malware, and then analyze logs and create IDS rules to detect such attacks.
Burning Ring of Fire (Cryptocurrency, NFT, and Smart Contract Attacks) - Acquire and spend cryptocurrency, then analyze a smart contract and blockchain to undermine the cybervillain’s plot.
Smoke Ring (Cloud Security) - Analyze cloud configurations via the command line, identifying possible vulnerabilities and information leakage.
The game stays open year-round, but if you want to win prizes, you’ll need to submit an answer by January 6, 2023. You can find all the information you need to play, the original music, and KringleCon talks here.
In years past, we’ve had nearly 20,000 people join in the fun – from as young as five years old. The SANS Holiday Hack Challenge truly is our gift to everyone, young and old, novice and expert. So, don’t be intimidated, and just dive right in. Our Discord community is here to offer you support if you get stuck or want to talk anything through with other players.