Welcome⚓︎

Home Page

Introduction⚓︎

The SANS Holiday Hack Challenge 2025 dropped participants into a winter town taken over by gnomes. The gnomes were breaking things across city hall, the hotel, the park, and the retro shop. The challenge covers multi-domain CTF on a total of 27 objectives and five difficulty tiers.

I worked on 21 objective covering a wide range of discipline: hunting leaked SAS (Shared Access Signature) tokenand misconfigured Azure Storage accounts, exploiting IDOR (Insecure Direct Object Reference) vulnerabilities, cracking IMAP configurations, reverse engineering binaries, and performing RCE with privilege escalation.

Story⚓︎

ACT I

The Counter Hack crew is in the Neighborhood festively preparing for the holidays when they are suddenly overrun by lively Gnomes in Your Home! There must have been some magic in those Gnomes, because, due to some unseen spark, some haunting hocus pocus, they have come to life and are now scurrying around the Neighborhood.

ACT II

The Gnomes’ nefarious plot seems to involve stealing refrigerator parts. But why?

ACT III

The Gnomes want to transform the neighborhood so that it’s frozen solid year-round, an environmental disaster. But who is the mastermind behind the Gnomes’ wickedness?

Map⚓︎

Map of Area

Navigation tip

Even with less than 50 pages, there's still quite a bit of information to read through. To make things a little easier, you can use P or , to go to the previous section, N or . to navigate to the next section, and S, F, or / to open up the search dialog.

TL;DR if you keep pressing N or . from this point forward, you'll hit all the content in the right order!

Answers⚓︎

Act I⚓︎

1. Its All About Defang -