post

Tackling the “Gnome in your Home” over the Holidays

For several years SANS has published a holiday Capture The Flag (CTF). The event has technical challenges for infosec enthusiasts of all skill levels, and this year SANS has really outdone themselves.

Cleverly titled “Gnome In Your Home”, the scenario begins after thousands of toy gnomes are bought by loving parents across the world (1,653,325 to be specific). With the help of a pair of bright youngsters, you start uncovering an evil holiday conspiracy involving these “innocent” gnome toys. Challenges range greatly, from firmware analysis to exploiting discovered vulnerabilities.

While juggling all my family obligations of the season I was able to spend a little time hunting gnomes. Although I did not have time to break all 5 of the Super Gnomes, I had a blast learning new skills. I even beat the mini-game!

Victory

For those interested the full challenge is still posted here
https://holidayhackchallenge.com/
My notes for the challenge are posted below.