I spent a couple nights over my Christmas vacation working on the Christmas 2011 Hacking Challenge on the SANS Pen Test blog. This is the first year I’ve done the challenge, and I had a lot of fun with it. I may have gone a little overboard with the report, but I wanted to try to make it somewhat realistic.

I ended up getting honorable mention when the results were posted. I was pretty happy with that, even though it meant I didn’t win a copy of Ed Skoudis’s book. That wasn’t a big deal since I ended up winning a copy during NetWars at SANS2012 in Orlando, and I wouldn’t really need two copies. I had always meant to post my report when the challenge was over, and I’m just now getting around to that.

Here’s a link to my report and here is what Ed had to say about it in the results post:

Dave Lassalle: Your report was very detailed, and was a close second. You explained the Apple Software Update component of the attack well, explained all of the fields in the CellLocation table, mentioned the GPS anomalies and the duplicate timestamps, and included a great map showing all of the places. You also extracted and ran the iTunesSetup.exe malware and wrote your own handler for it, which was very impressive. Amazing work, beautifully executed.

2011HolidayHackChallenge