Link to the challenge itself here: https://www.holidayhackchallenge.com/2017/

For myself and anyone else interested I wanted to post a collection of all the holiday challenge hints collected so far for easy reference. Good luck everyone and happy holidays!

Hint 1) Understanding and Exploiting Web-based LDAP | [Tweet]

Hint 2) Why You Need the Skills to Tinker with Publicly Released Exploit Code | [Tweet]

Hint 3) Go To The Head Of The Class: LD_PRELOAD For The Win | [Tweet]

Hint 4) The Restricted Bash Shell (A Spot of Tee) | [Tweet]

Hint 5) Exploiting XXE Vulnerabilities in IIS/.NET | [Tweet]

Hint 6) Your Pokemon Guide for Essential SQL Pen Test Commands | [Tweet]

Hint 7) Using the Free Tier on Amazon Web Services (EC2) (Putting My Zero Cents In) | [Tweet]

More useful information may potentially be found further back in the archives of the SANS Pen-Testing Blog.

And you can also watch Ed Skoudis’ live announcement featured on Security Weekly below (starts at 1:02:42):