Intro
░█▀▀░█▀█░█▀█░█▀▀░░░█░█░█▀▄░▀█▀░█▀█░█▀▀░█░░░█▀▀░█▀▀░█▀█░█▀█░░
░▀▀█░█▀█░█░█░▀▀█░░░█▀▄░█▀▄░░█░░█░█░█░█░█░░░█▀▀░█░░░█░█░█░█░░
░▀▀▀░▀░▀░▀░▀░▀▀▀░░░▀░▀░▀░▀░▀▀▀░▀░▀░▀▀▀░▀▀▀░▀▀▀░▀▀▀░▀▀▀░▀░▀░░
░▀▀▄░▄▀▄░▀▀▄░▀▀▄░░░█░█░█▀▄░▀█▀░▀█▀░█▀▀░█░█░█▀█
░▄▀░░█/█░▄▀░░▄▀░░░░█▄█░█▀▄░░█░░░█░░█▀▀░█░█░█▀▀
░▀▀▀░░▀░░▀▀▀░▀▀▀░░░▀░▀░▀░▀░▀▀▀░░▀░░▀▀▀░▀▀▀░▀░░ By: 14mC4
Background
I decided this year after multiple years poking at SANS KringleCon here and there that this year I was going to commit to writing up a report to the challenges. It was definitely a heck of a daunting task. Overall, It was a fun experience and enjoyed it even though many days I banged my head on some of these challenges. I don't have any professional penetration testing experience but, a lot of various CTF experience. I was happy I picked this year since it was a lot of DevOps challenges which I was familiar with the technologies so breaking them was that more meaningful to me.
50-Page Limit
All Images in the web version of this walkthrough can be clicked to zoom/enhance. They have been limited in size to help limit the amount of pages. All character hints and quotes will be closed by default. You can click each image and they will enlarge.
Table of Contents:¶
| Objective | Difficulty | Objective | Difficulty |
|---|---|---|---|
| 1. KringleCon Orientation | 9. Open Boria Mine Door | ||
| 2. Wireshark Practice | 10. Glamtariel's Fountain | ||
| 3. Windows Event Logs | 11. AWS CLI Intro | ||
| 4. Suricata Regatta | 12. Trufflehog Search | ||
| 5. Clone with a Difference | 13. Exploitation via AWS | ||
| 6. Prison Escape | 14. Buy a Hat | ||
| 7. Jolly CICD | 15. Blockchain Divination | ||
| 8. Boria PCAP Mining | 16. Exploit a Smart Contract |