The SANS Holiday Challenge is an high-skilled Ethical Hacking technical exercise sponsored by SANS Cybercon and organized by Counterhack team.
The 2013 edition is the tenth annual installment and the biggest and best ever organized by Ed Skoudis, Josh Wright, & Tom Hessman.
During Christmas Holidays me and Giacomo started to work to the Challenge reading the history and downloading the PCAP file provided by CounterHack team (You can find details and PCAP file on SANS Pen Testing web site). We spent several hours and nightly funny moments investigating the file, producing a detailed analysis of attacks and creating a report that we submit to CounterHack team for validation. We would like also to thank you Mr. GaraNews helped us with Bro and Snort analysis of the PCAP file during my stay in Germany!! 🙂
Today a blog post on SANS Pen Testing Web Site announce winners and “honorable mentions” of the Holiday Challenge 2013: our report has been referred to as “honorable mention” for the following reasons:
“Andrew and Giacomo had an excellent technical write-up with beautiful formatting, and even went the step further to ask “why” for each of the attacks (correctly citing that Mr. Potter wants to encourage the rapid growth of dental disease in Bedford Falls through manipulating drinking water fluoride levels). The team-of-two even went so far as to evaluate datestamp information in the “Firmware Update” phishing attack, identifying the 5-hour window between the upload of the ab-qfe.exe executable and the retrieval by Don Sawyer.”