#12DaysofSwigmas – Happy Holidays from The Daily Swig

On the 12th Day of Swigmas, The Daily Swig gave to me…

Forget five gold rings, this year’s must-have Christmas gift is a festive swag bundle from The Daily Swig, courtesy of PortSwigger Web Security.

All you have to do to be in with a chance of winning is take part in our 12 Days of Swigmas challenge.

How it works

Every day at 15:00 UTC from December 25 until January 5, head over to our Twitter page @DailySwig.

There, you’ll find that day’s challenge – from question and answers to polls, a festive-themed coding puzzle, and more.

To enter, all you need to do is simply write your answer below the tweet (for the polls, clicking on the statement you believe to be true is enough).

A correct entry will gain you a place in the prize draw. Entries are limited to one per individual per day. You might be tempted to just copy an answer that’s already been given, but unless it’s correct it won’t gain an entry.

For example: Alice answers all 12 Swigmas challenges and gets all 12 correct. This earns her 12 entries into the draw. Bob answers all 12 but only get nine correct. He gains nine entries.

On January 6, the final day of #Swigmas, all correct entries will be uploaded to an online prize draw by the Swig and a winner will be announced.

What can I win?

The winner will receive a boxed-up bundle of goodies including stickers, stationery, and even a coveted Burp Suite t-shirt.

We will announce the winner on January 6 and be in touch directly shortly after.

Make sure you’re following @DailySwig to keep up to date and join in with the hashtag #12DaysofSwigmas.

Good luck!

12 Days of Swigmas answers

Day 1 – Q: Replace a Christmas song with an infosec term, for example I Wish It Could Be XSS Every Day

A: We had some great entries for this, all which deserved an entry into the prize draw. Our favourite? ‘All I Want for Christmas is an RCE’ by @R29k_

Day 2 – Q: Can you solve this JavaScript challenge set by PortSwigger researcher @garethheyes? (1?105:98)+(1?110:115)+(1?102:103)+(0?122:111)+(0?102:115)+(0?119:101)+(0?121:99)

A: Infosec

Solution: alert(String.fromCharCode(1?105:98)+String.fromCharCode(1?110:115)+String.fromCharCode(1?102:103)+String.fromCharCode(0?122:111)+String.fromCharCode(0?102:115)+String.fromCharCode(0?119:101)+String.fromCharCode(0?121:99))

Day 3 – Q: Which hacking tool does Trinity use in the Matrix Reloaded?

A: NMAP

Day 4 – Q: Make us laugh with a festive infosec meme to win a place in the prize draw

A: Again, some great entries. Here’s our favourite from @michele654…

Day 5 – Q: #OSINT challenge: Where was this photograph taken and why is the location relevant to infosec?

A: Mandalay Bay Convention Center, Las Vegas (@BlackHatEvents USA host venue)

Day 6 – Poll: Which of these hacker films was the highest grossing (in US$) at the box office?

The Matrix (1999)
Hackers (1995)
Tron (1982)

A: The Matrix ($466.3 million)

Day 7 – Q: Which malware strain made a worrying comeback towards the end of this year, several months after authorities said they had dismantled the campaign?

A: Emotet

Day 8 – Poll: According to a report from bug bounty platform HackerOne (@Hacker0x01) which class of vulnerability was the most-discovered bug in 2021?

XSS
RCE
CSRF

A: XSS

Day 9 – Q: Replace a word in a Christmas movie title with an infosec term. The most creative receive an entry into our prize draw

A: All of the entries were worthy winners, but our favourite was ‘JNDI Unchained’ by @jkmartindale

Day 10 – Q: Solve this anagram – abc chowing peonies

A: web cache poisoning

Day 11 – Q: Infosec dingbats

A: Cross-site scripting
Web cache poisoning
SQL injection

Day 12 – Q: Cryptography puzzle

A: The answer was the lyrics to the Christmas carol ‘Silent Night’ in German: