A yearly Capture The Flag event that was a part of NahamCon. The event lasted 48 hours, and had loads of challenges from different categories.

ReversingScriptingCrypto +392 points


Reverse engineer a Linux binary and find the encrypted password. Use Ghidra to decompile the code and decrypt the password in a Python script

MobileReversingWeb +402 points

OTP Vault

An Android application with an OTP code. Reverse engineer the React Native APK to find a flag endpoint on a webserver

ScriptingMiscellaneous +383 points


A Python Scripting challenge with an esoteric programming language called LOLPython. Write LOLPython code to execute commands on the remote server. Includes LOLD, LOLD2 and LOLD3

WebXSS +473 points

Two For One

A Hard challenge in the Web category with 2 Factor Authentication. Use a Blind XSS to reset the administrator 2FA and password and read the secret flag

HardwareReversingEncoding +368 points


A hardware challenge with Arduino and a circuit. Reverse engineer the circuit with the output to get back the flag

WebScriptingSQL Injection +168 points

Flaskmetal Alchemist

A web challenge made in Python with Flask and SQLAlchemy. Research to find a CVE and exploit the boolean SQL Injection vulnerability