Welcome⚓︎
Introduction⚓︎
Hello there and welcome to my 2022 SANS Holiday Hack Challenge write-up. I've been creating these for a while now and feedback from the KringleCon community these past couple of years has shown me how much of a valuable resource they are. Obviously not as valuable as a totally legit Bored Sporc NFT, but valuable nonetheless!
So, for this fifth edition, my primary motivation is you. The first time participant, the cybersecurity enthousiast, the seasoned professional, and every type of player in between. May this write-up provide you with that final nudge to help solve that difficult challenge or be a learning guide as you dip your toes in the exciting world of cybersecurity! 
Unlike previous years, this time around there are only two main sections. There's this page, which contains the introduction, answers, the overall narrative, and final conclusion. And there's Objectives, where you'll find the individual challenge write-ups, organized by ring type, for which an answer had to be submitted. Hints are now more tightly integrated. You'll collect them as part of the normal story progression and by keeping an eye out for six hidden chests spread around the North Pole. Finally, no SANS Holiday Hack Challenge write-up is really complete without a list of Easter eggs found along the way, a little bit of cheating here and there, and the odd custom script or two. Enjoy!
50-page submission limit
Each year there's a huge number of write-ups that need to be reviewed by the Counter Hack team. To find a good middle ground between preventing information overload and creating a write-up that can stand on its own as a learning resource, some parts, like the navigation tip below, are collapsed by default. Skipping over these will not take away from understanding the overall solution, but feel free to expand them to get some additional information.
Navigation tip
Even with less than 50 pages, there's still quite a bit of information to read through. To make things a little easier, you can use P or , to go to the previous section, N or . to navigate to the next section, and S, F, or / to open up the search dialog.
TL;DR if you keep pressing N or . from this point forward, you'll hit all the content in the right order! 
Answers⚓︎
1. KringleCon Orientation -
Follow Jingle Ringford's instructions to create a KringleCoin wallet and open the gate.
2. Wireshark Practice -
Investigate the suspicious.pcap packet capture file and answer all the questions.
3. Windows Event Logs -
Investigate the powershell.evtx log file and answer all the questions.
4. Suricata Regatta -
Add the 4 requested Suricata rules to the suricata.rules file.
5. Clone with a Difference -
6. Prison Escape -
7. Jolly CI/CD -
8. Boria PCAP Mining -
Naughty IP: 18.222.86.32
Credential Mining: alice
404 FTW: /proc
IMDS, XXE, and Other Abbreviations: http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance
9. Open Boria Mine Door -
Find the correct keys to open all the locks.
10. Glamtariel's Fountain -
11. AWS CLI Intro -
Enter the correct AWS CLI commands in the AWS 101 terminal.
12. Trufflehog Search -
13. Exploitation via AWS CLI -
Enter the correct AWS CLI commands in the AWS 201 terminal.
14. Buy a Hat -
Buy a hat using the hat vending machine and KTM.
15. Blockchain Divination -
16. Exploit a Smart Contract -
Buy a Bored Sporc NFT by exploiting a flaw in the smart contract.
Conclusion⚓︎
Narrative
Five Rings for the Christmas king immersed in cold
Each Ring now missing from its zone
The first with bread kindly given, not sold
Another to find 'ere pipelines get owned
One beneath a fountain where water flowed
Into clouds Grinchum had the fourth thrown
The fifth on blockchains where shadows be bold
One hunt to seek them all, five quests to find them
One player to bring them all, and Santa Claus to bind them
Santa
Congratulations! You have foiled Grinchum's foul plan and recovered the Golden Rings!
And by the magic of the rings, Grinchum has been restored back to his true, merry self: Smilegol!
You see, all Flobbits are drawn to the Rings, but somehow, Smilegol was able to snatch them from my castle.
To anyone but me, their allure becomes irresistable the more Rings someone possesses.
That allure eventually tarnishes the holder's Holiday Spirit, which is about giving, not possesing.
That's exactly what happened to Smilegol; that selfishness morphed him into Grinchum.
But thanks to you, Grinchum is no more, and the holiday season is saved!
Ho ho ho, happy holidays!
Smilegol
I must give you my most thankful of thanks, and most sorry of sorries.
I'm not sure what happened, but I just couldn't resist the Rings' call.
But once you returned the Rings to Santa, I was no longer so spellbound.
I could think clearly again, so I shouted off that awful persona.
And that grouchy Grinchum was gone for good. Now, I can be me again, just in time for gift giving.
This is a lesson I won't soon forget, and I certainly won't forget you.
I wish you smooth sailing on wherever your next voyage takes you!
Timpy Toque
Thank you for saving Smilegol and protecting the Rings.
You will always be a friend of the Flobbits.
Eve Snowshoes
Hello there, super helper! I'm Eve Snowshoes.
The other elves and I are so glad you were able to help recover the rings!
The holidays wouldn't have been the same without your hard work.
If you'd like, you can order special swag that's only available to our victors!
Thank you!
Angel Candysalt
Greetings North Pole savior! I'm Angel Candysalt!
A euphemism? No, that's my name. Why are people still asking me that?
Anywho, thank you for everything you've done.
You'll go down in history!
Rose Mold
I'm Rose Mold. What planet are you from?
What am I doing here? I could ask the same of you!
Collecting web, cloud, elfen rings... What about onion rings? A Sebring?
n00bs...