Take the SANS Institute’s Holiday Hacking Challenge: It’s a Hackerful Life

Linda Musthaler
By | December 23, 2013

Posted in: Network Security Trends

The long holiday season is here, and if you’re one of the lucky ones, you probably have a few days off from the grind you call work. When you’ve had enough of your kids’ over excitement and your relatives’ overstaying their welcome, why not steal away by yourself for a few hours and work on the SANS Institute’s 10th annual Holiday Hacking Challenge? It’s a great way to keep your mind sharp after too much eggnog and Aunt Sally’s famous fruitcake.

The free Holiday Hacking Challenge is a year-end tradition put on by the SANS Institute to help teach cyber security skills for defending computers and networks in a fun and entertaining way. The friendly competition tests and enhances the knowledge and skills of network and security professionals by having them analyze a packet capture file and explain the various attack attempts and the defensive maneuvers that were taken.

This year’s theme revolves around the classic holiday movie “It’s a Wonderful Life.” Ed Skoudis, Josh Wright and Tom Hessman at SANS Institute adapted the movie plot line to create “It’s a Hackerful Life.” In their scenario, a modern-day George Bailey is charged with protecting the critical infrastructure systems of the town of Bedford Falls. Attackers attempt to hack into traffic lights, train control systems and the town’s water supply but they are repelled by George’s defenses. Participants in the challenge must match wits with the attackers, analyzing their techniques in-depth to help George defend the city.

Skoudis says this is one of the most extensive scenarios his team has ever created. It took them about 150 hours to develop the whole scenario. He said that the entry bar is low enough to welcome novice participants, but there’s enough meat in the plot so that skilled practitioners will be challenged. Participants must provide detailed technical answers to four questions about the evidence found in the artifacts of the packet capture.

Each year about 500 to 600 people submit responses. Skoudis and his colleagues painstakingly read through every submission to declare a handful of winners and honorable mentions. Every submission is scored with an algorithm based on technical accuracy and level of detail of the analysis. The people with the highest cumulative scores will win the merit prizes, and there is one winner based on a random drawing of all submissions. This latter prize gives every submission a chance, even if the analysis isn’t quite complete.

The learning opportunity comes into play when you don’t already understand something you encounter in the packet capture file. You are expected to do your own research to understand the artifact well enough to explain it in your response. Given that this year’s scenario is based on a virtual city’s critical infrastructure, Skoudis says there will be some protocols that network professionals probably aren’t familiar with. It’s a chance to stretch your knowledge a bit and build some in-demand skills in a fun way.

Since this is the 10th year for the competition, some of the previous years’ challenges and answers are posted online. This gives you an opportunity to see how to respond to the questions, and simply to learn about the previous attacks and appropriate defenses. For a look at the 2012 Holiday Hacking Challenge and the winning and honorable mention responses, click here.

Details about the Holiday Hacking Challenge, which is now live, can be found here. You have until January 6, 2014 to send your results to HolidayChallenge@counterhackchallenges.com. Good luck!

You May Also Be Interested In: