Skip to content

Easter Eggs

Being John Malkovich

  • The movie Being John Malkovich is based on the concept of a portal to someone else’s mind where you can observe and control their behavior.
  • Floor 1 1/2 is a reference to floor 7 1/2 in the Mertin-Flemmer Building where the portal to John Malkovich’s mind was located.
  • The dark mysterious room with a light at the end somewhat resembles the portal in the movie.
  • In the movie, the characters are ejected from the portal onto the side of the New Jersey Turnpike.

Ed Skoudis' Office Tour

  • SANS held a virtual tour and scavenger hunt on Nov-15 where Ed provided a behind the scenes look at where he and his team make magic happen.
  • The billboard contains items that Ed introduced, including: Enigma machine, Klein Bottle, Whitman (the beetle), Coke Zero bottle (“Share a Coke with The Godfather of Pentesting”), and a Tardis (always featured in HHC).
  • The painting in the hallway has eye holes cut out of it, similar to the picture of Albert Einstein in Ed’s office that you can look through from a secret room behind the wall.

Garden Party

  • In the back right corner of the courtyard, there is a hidden area on the other side of the shrubbery called "Garden Party". Inside is a booth with an animated GIF of the meme "Dimitri Finds Out". The booth provides a series of encoded text strings.
  • If you chat in this area, your text appears encoded in the chat history pane. A simple substitution cipher is used here, and you can determine the substitutions by entering a string of known plaintext.
    • Plaintext : 
      abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,./?
    • Ciphertext: 
      lR5ET2WuOsx?Ht0h7SKd/nN9pFoMIz fwmgUiZLGkaP8AQ\BDCecX4ybrj1.3JYv,q
  • Use the Subsitute recipe in Cyberchef to translate what the booth says using the substitutions learned in the chat.
    • Ciphertext: 
      gH nlt M00du vvv gdK duT M00du vvvvM00du
    • Plaintext : 
      Im van Booth ... Its the Booth ....Booth
  • The character behind the booth looks like Evan Booth's avatar, so this is clearly the Evan Booth Booth!

Santa Stego

  • The painting of Santa in the hall was created by Ed Skoudis' daughter Jessica, but her initials play well into the story as "Jack Frost Santa".
  • A series of small letters are hidden throughout the painting. They form the phrase "NOW I SHALL BE OUT OF SIGHT", a line from the poem "Jack Frost" by Hannah Flagg Gould.

Other references and musings:

  • Jason the plant is on top of a scaffold in the front of the castle. He doesn’t speak, but there is a nail right next to him that offers some career advice.
  • The three French hens greet visitors in French with “Bonjour!” “Joyeuses fetes!” “Jacques DuGivres”, but they greet Santa in English with “Hello!” “Merry Christmas!” “Jack Frost!”. Did they know all along that Jack Frost had embodied Santa to carry out his plot?
  • A sign in front of Santa's Castle reads "Richard F. Hall Custom Homes, LLC". This is an actual builder in New Jersey who does some really fine work.
  • The vending machine quotes a series of lyrics from Weird Al Yankovich’s song “Albuquerque”.
  • Professor Query Petabyte's talk referenced a paper that Santa published on blockchain under a pseudonym in 2008. This is based on actual events surrounding the anonymous publication of "Bitcoin: A Peer-to-Peer Electronic Cash System", under the pseudonym Satoshi Nakamoto.
  • The Snowball Fight 2 player's name was Hugh Ransom Drysdale, the main antagonist of the 2019 mystery film Knives Out.
  • Tanta Kringle, referenced in objective #9, is a character from Santa Claus is Comin’ to Town. She is the Elf Queen, head of the Kringle family, and the guardian of Kris Kringle when he was a child.
  • The candy cane is an important tool for elves, as observed on the pegboard in Santa's workshop.
  • A picture hanging in the wrapping room contains an email to Chris Elgee giving permission to use the Proxmark3 in HHC20.
  • One of the malicious messages in the CAN-D Bus lock/unlock address was 0000000F2057, which seems to spell out the word FROST.
  • If you lose the Snowball Fight game, your error code is 501_PEBCAK_ERR_4EVA, suggesting that the "Problem Exists Between Chair and Keyboard".
  • Pictures hanging all over the castle appear to be very frosty images. Did Jack Frost also impersonate Santa's interior decorator?