Skip to content

Intro

░█▀▀░█▀█░█▀█░█▀▀░░░█░█░█▀▄░▀█▀░█▀█░█▀▀░█░░░█▀▀░█▀▀░█▀█░█▀█░░
░▀▀█░█▀█░█░█░▀▀█░░░█▀▄░█▀▄░░█░░█░█░█░█░█░░░█▀▀░█░░░█░█░█░█░░
░▀▀▀░▀░▀░▀░▀░▀▀▀░░░▀░▀░▀░▀░▀▀▀░▀░▀░▀▀▀░▀▀▀░▀▀▀░▀▀▀░▀▀▀░▀░▀░░
 ░▀▀▄░▄▀▄░▀▀▄░▀▀▄░░░█░█░█▀▄░▀█▀░▀█▀░█▀▀░█░█░█▀█              
 ░▄▀░░█/█░▄▀░░▄▀░░░░█▄█░█▀▄░░█░░░█░░█▀▀░█░█░█▀▀              
          ░▀▀▀░░▀░░▀▀▀░▀▀▀░░░▀░▀░▀░▀░▀▀▀░░▀░░▀▀▀░▀▀▀░▀░░    By: 14mC4          
Direct link: Challenge Link

Background

      I decided this year after multiple years poking at SANS KringleCon here and there that this year I was going to commit to writing up a report to the challenges. It was definitely a heck of a daunting task. Overall, It was a fun experience and enjoyed it even though many days I banged my head on some of these challenges. I don't have any professional penetration testing experience but, a lot of various CTF experience. I was happy I picked this year since it was a lot of DevOps challenges which I was familiar with the technologies so breaking them was that more meaningful to me.

50-Page Limit

All Images in the web version of this walkthrough can be clicked to zoom/enhance. They have been limited in size to help limit the amount of pages. All character hints and quotes will be closed by default. You can click each image and they will enlarge.

Table of Contents:

Objective Difficulty Objective Difficulty
1. KringleCon Orientation 9. Open Boria Mine Door
2. Wireshark Practice 10. Glamtariel's Fountain
3. Windows Event Logs 11. AWS CLI Intro
4. Suricata Regatta 12. Trufflehog Search
5. Clone with a Difference 13. Exploitation via AWS
6. Prison Escape 14. Buy a Hat
7. Jolly CICD 15. Blockchain Divination
8. Boria PCAP Mining 16. Exploit a Smart Contract