Skip to content

Quick Answers

Question 1

What phrase is revealed when you answer all of the KringleCon Holiday Hack History questions?

Answer

Happy Trails

Question 2

Who submitted (First Last) the rejected talk titled Data Loss for Rainbow Teams: A Path in the Darkness?

Answer

John McClane

Question 3

The KringleCon Speaker Unpreparedness room is a place for frantic speakers to furiously complete their presentations. The room is protected by a door passcode. Upon entering the correct passcode, what message is presented to the speaker?

Answer

Welcome unprepared speaker!

Question 4

Retrieve the encrypted ZIP file from the North Pole Git repository. What is the password to open this file?

Answer

Yippee-ki-yay

Question 5

Using the data set contained in this SANS Slingshot Linux image, find a reliable path from a Kerberoastable user to the Domain Admins group. What’s the user’s logon name (in username@domain.tld format)?

Answer

LDUBEJ00320@AD.KRINGLECASTLE.COM

Question 6

Bypass the authentication mechanism associated with the room near Pepper Minstix. A sample employee badge is available. What is the access control number revealed by the door authentication panel?

Answer

19880715

Question 7

Santa uses an Elf Resources website to look for talented information security professionals. Gain access to the website and fetch the document C:\candidate_evaluation.docx. Which terrorist organization is secretly supported by the job applicant whose name begins with "K"?

Answer

Fancy Beaver

Question 8

Santa has introduced a web-based packet capture and analysis tool to support the elves and their information security work. Using the system, access and decrypt HTTP/2 network activity. What is the name of the song described in the document sent from Holly Evergreen to Alabaster Snowball?

Answer

mary had a little lamb

Question 9

Alabaster Snowball is in dire need of your help. Santa's file server has been hit with malware. Help Alabaster Snowball deal with the malware on Santa's server by completing several tasks. ...create a rule that will catch all new infections. What is the success message displayed by the Snort terminal?

Answer

alert udp any any -> any any ( msg:"Malware"; content:"77616E6E61636F6F6B69652E6D696E2E707331"; sid:00001; rev:1; )

Question 10

After completing the prior question, Alabaster gives you a document he suspects downloads the malware. What is the domain name the malware in the document downloads from?

Answer

erohetfanu.com

Question 11

Analyze the full malware source code to find a kill-switch and activate it at the North Pole's domain registrar HoHoHo Daddy. What is the full sentence text that appears on the domain registration success message (bottom sentence)?

Answer

Successfully registered yippeekiyaa.aaay!

Question 12

After activating the kill-switch domain in the last question, Alabaster gives you a zip file with a memory dump and encrypted password database. Use these files to decrypt Alabaster's password database. What is the password entered in the database for the Vault entry?

Answer

ED#ED#EED#EF#G#F#G#ABA#BA#B

Question 13

Use what you have learned from previous challenges to open the door to Santa's vault. What message do you get when you unlock the door?

Answer

You have unlocked Santa's vault!

Question 14

Who was the mastermind behind the whole KringleCon plan?

Answer

santa