Challenge: Someone was monitoring weird transmissions on Santa’s network, fortunately their systems are outdated so you might have some luck decoding the message.
Ah yes, now you speak my language! Start Wireshark!
First I did a quick Statistics / Conversations:
I chose to skip HTTP and HTTPS and ended up with port 21. Hey! FTP.
Ok, thats the control traffic, what about data?
Dash? Dot? Don’t tell me, outdated? Morse code? String replace and https://morsedecoder.com/ or CyberChef.
Flag: xmas{EVEN-TCP_1S-CELEBRATING-1337-XMAS}
What did I learn: First try the simple angles.
