In the 2015 SANS Holiday Hack Challenge the goal was to determine the true purpose of the "Gnome In Your Home" product, as well as "Who" was behind its development and the details of their dastardly plot. This is a writeup of my findings and how I arrived at them …

Executive Summary

VLC versions before 2.1.5 contain a vulnerability in the transcode module that may allow a corrupted stream to overflow buffers on the heap. With a non-malicious input, this could lead to heap corruption and a crash. However, under the right circumstances, a malicious attacker could potentially …