Skip to content

SANS Holiday Hack Challenge 2025 Write-Up

This is a write-up for the SANS Holiday Hack Challenge 2025. This is a yearly capture-the-flag event organized by the SANS training institute around the holiday period. It is free of charge and played in form of an online multiplayer rpg-like game including a world to walk around freely in where you can meet your peers, NPCs with dialogue, and a storyline, making it a unique CTF.

Note

This write-up is not complete. Some objectives from Act 3 are missing.

Main

Multiplayer world to roam around in, this year in 3D!

Challenge topics 2025

This year’s challenge covers the following topics, including grand challenges provided by Microsoft and Google: defanging IOCs, using SUDO, port discovery, forensic analysis, basic networking, firewall basics, Nmap basics, CURL basics, IDOR challenge, using POCs, Java deserialization, Quantum computing, reverse engineering, hacking SQLI, Linux and PrivEsc, and WebApp Pentesting.

Personal note

Write-up information

I have attempted to extract the maximum value of MKDocs Material during writing. You will see structured pages following a consistent design language. Some special features have been used for better readability and clarity:

Admonitions

These have been of great help to call-out side content without interrupting the document flow. You will see various types, with some being collapsed by default.

Note

Simple note highlighting some information.

Objective

Objectives will be shown in a question box.

Hint

Hints provided by the CTF will be shown in a tip box. They can include highlighted text to show what part of the hint triggers me as 'important'.

Conversation

Character conversations will be shown in a quote box. They can include highlighted text to show what part of the conversation triggers me as 'important'.

Answer

Final challenge answers will be given in an answer box.

AI usage

All usage of AI will be highlighted using a special call-out box with the aim to create a better understanding of how it has contributed to the result.

Answer structure

Code blocks

Code blocks
1
2
3
Where possible, code blocks will be used to clearly denote code, commands, or other challenge artifacts.
When there are lines that are of importance, they will be highlighted like this one.
When there is more to share, annotations will be used, like here. # (1)!
  1. They will contain more information.