A yearly Capture The Flag event that was a part of NahamCon. The event lasted 48 hours, and had loads of challenges from different categories.

Post thumbnail
ReversingScriptingCrypto+392 points


Reverse engineer a Linux binary and find the encrypted password. Use Ghidra to decompile the code and decrypt the password in a Python script

Post thumbnail
WebReversingMobile+402 points

OTP Vault

An Android application with an OTP code. Reverse engineer the React Native APK to find a flag endpoint on a webserver

Post thumbnail
ScriptingMiscellaneous+383 points


A Python Scripting challenge with an esoteric programming language called LOLPython. Write LOLPython code to execute commands on the remote server. Includes LOLD, LOLD2 and LOLD3

Post thumbnail
WebXSS+473 points

Two For One

A Hard challenge in the Web category with 2 Factor Authentication. Use a Blind XSS to reset the administrator 2FA and password and read the secret flag

Post thumbnail
ReversingEncodingHardware+368 points


A hardware challenge with Arduino and a circuit. Reverse engineer the circuit with the output to get back the flag

Post thumbnail
WebSQL InjectionScripting+168 points

Flaskmetal Alchemist

A web challenge made in Python with Flask and SQLAlchemy. Research to find a CVE and exploit the boolean SQL Injection vulnerability