Over at the excellent ethicalhacker.net site, the results of the Santa Claus is Hacking to Town Skillz Challenge have been posted:
These challenges are a lot of fun, and educational as well. Ed Skoudis puts a lot of effort into writing and judging them. There’s a whole archive of previous challenges available here, and I highly recommend at least reading through, if not working through, some of the previous challenges.
This time around, I managed to get an honorable mention for my entry! I’m very happy with this. I was unable to test the Windows-centric parts of my solution before I had to submit it and move on to real work, so that part wasn’t %100, but I did have a really solid way of getting netcat onto the web server via the command-injection-vulnerable script, and some nice netcat pivoting.
Oh, and apparently I’m a security stud! :
We had entries from notable security studs like Wesley McGrew, Raul Siles, Ryan Linn, Mark Baggett, Zoher Anis, Paul Tartar, and others.
I might put “notable security stud” on some business cards, or maybe a button, now.
Congrats stud. I haven’t looked at the challenges in a while and need to get back at it.
I won the “random” drawing a while back for Kevin Bong’s awesome Simpson’s spoof. I put quotes around random because the challenge had an image in it with a stego message and apparently I was the first or only person to recover that before they extended the challenge.
I didn’t win the overall, but was happy to get a copy of Ed Skoudis’ and Lenny Zeltser’s excellent Malware book.