SANS 2015 Shmoo Challenge Winners and Official Answer

by Jeff McJunkin

Greetings! Those of you who attended ShmooCon this year may have noticed a challenge from SANS included in your Shmoo bags. If you didn’t attend and you want to walk through the challenge yourself for some fun, I’d recommend you look at the challenge description  and avoid reading the official write-up at the end of this post until you’ve looked at the challenge itself.

We’re always excited to see the new ways our participants will solve our challenges, and the Shmoo crowd certainly didn’t disappoint! We had lots of great entries which were a pleasure to read through.

As written in the original description, the first ten participants who solved the challenge will receive a free SANS NetWars t-shirt. If you see your name below, you will also have an email sent to orchestrate the details of getting your prize to you.

Accordingly, here are those ten winners!

1. Annah Waggoner
2. Brad Berkemier
3. Karl Olson
4. Todd Carlson
5. Chris Gaal
6. Brian Lintz
7. Tsvetelin Choranov
8. Matthew B.T.
9. Mouza Romaithi
10. Colin Edwards

Congratulations to each of our ten winners!

One lucky winner, though, will receive a GRAND PRIZE of a free subscription to NetWars Continuous, valued at $2,499! This winner will have four full months of access to our CtF environment, including automated hints and support from our staff to ensure a Stuck-Free Experience(tm).

Without further ado, and with the thanks of’s “True Random Number Generator“, the winner of a free NetWars Continuous subscription is…

(This is the part where you do a drum roll in your head. We don’t skimp on special effects!)

…Colin Edwards!

Colin, along with being remarkably lucky, did a great job with his write-up. There were several parts of the challenge that he solved in a unique way.

Accordingly, I’m very happy to declare Colin’s Submission  as the official answer guide to the SANS 2015 ShmooCon Challenge!

Thanks to everyone who participated!
— Jeff McJunkin and the Counter Hack Challenges team

P.S. If you found this kind of challenge interesting, you might want to look at SANS course offerings for other opportunities to learn! We have lots of great upcoming courses at SANS   Pen Test Austin  in May including a SPECIAL NetWars Event…

We’ve got a really special event coming up with a TON of NetWars, CyberCity, and SANS Pen Test coins.  We call it SANS Pen Test Austin, and we’ve loaded it with the best SANS pen test courses and a bunch of outstanding evening events. From May 18 to 23, you’ll get to participate in:

*SANS Top Courses focused on Pen Testing: Learn hands-on skills that you can directly apply the day you get back to your job.
*NetWars, NetWars, NetWars: Enjoy three exciting nights of NetWars challenges, where you can have some fun while building serious infosec skills.
*Coin-a-palooza: Earn up to four additional SANS pen test challenge coins (each with an integrated cipher challenge) based on your performance in SANS NetWars!
* CyberCity Missions: Work through an evening of cyber missions that have a direct kinetic impact on the miniature SANS CyberCity environment with a real power grid, water reservoir, military base, and more!
* Lock Pick Evening: Get a chance to pick some locks one evening. Whether it’s your first time picking locks or you’re a seasoned expert, you’ll have a ton of fun hanging out with other infosec pros refining your skills.

Hope to see you in Austin!

Post Exploitation Redux Webcast Slides

Last Thursday, John Strand and I delivered a new webcast on post exploitation, covering all kinds of tips and tricks.  I focussed on some of the cool stuff you can do with the Windows netsh command, including setting up port pivots, sniffing, and gaining remote access to a target’s network configuration.  John Strand discussed a new tool his team released that provides a command and control channel via gmail.  We covered a lot of fun and useful material.


The slides are available here.

And, if you’d like to hear the webcast itself, you can do so here.

If you really like this kind of thing, I hope you’ll consider taking the SANS Security 560 course from me soon, where we delve deep into the art of high-value penetration testing.  I’ll be teaching it at SANS Orlando in April.  Hope you can join us there!


–Ed Skoudis & John Strand