We don't want to have to enforce restrictions on you, but there are a few things we would like to politely ask you not to do:
- Please do not attack the competition infrastructure or other players. The challenges are your targets. That's it.
- You do not need to use automated scanners like
sqlmap
, DirBuster,nmap
, Metasploit,nikto
or others. Please do not use them against the challenges. - Please do not brute-force flags.
- Please do not share flags with other players, or explicitly and deliberately cheat.
- Please do not blatantly ask for hints. The proper to way to ask for help is to explain what you have tried and showcase(in a direct message) what errors or output you may have.
Flag Format
Flags for this competition will follow the format: flag\{[0-9a-f]{32}\}
. That means a `flag{}` wrapper with what looks like an MD5 hash inside the curly braces. If you look closely, you can even find a flag on this page!
Support
For admin support in the case of any technical issues, please join the NahamSec
Discord server.
You should find a #ctf-general
channel in the NahamCon 2025 category and direct your questions there. When your question requires discussing a specific challenge, please direct message one of the challenge authors as noted in the challenge description.
Sponsors


