Pre-CTF Rules
Before the main event kicks off, we’ve got a few rules to help keep things fair, fun, and frustration-free for everyone participating in the Pre-CTF:
- No flag sharing. Seriously. You find it, you earn it. Keep it to yourself.
- No automated scanning tools. There’s no need to use tools like
nmap
,dirbuster
,sqlmap
, or similar. If it feels like cheating, it probably is. - Challenge scope is limited. All flags are inside the challenges. No need to go poking around infrastructure or scanning ports/directories—you won’t find treasure there.
- Pre-CTF flags use a special format:
ctf\{[0-9a-f]{32}\}
. That’s 32 lowercase hex characters insidectf{}
. - There is also one special Pre-CTF flag:
ctf{welcome_to_nahamcon_ctf}
! Just to say hello. - You should find a #ctf-general channel on our Discord under the NahamCon 2025 category and direct your questions there.
Main CTF Rules
We don't want to have to enforce restrictions on you, but there are a few things we would like to politely ask you not to do:
- Please do not attack the competition infrastructure or other players. The challenges are your targets. That's it.
- You do not need to use automated scanners like
sqlmap
, DirBuster,nmap
, Metasploit,nikto
or others. Please do not use them against the challenges. - Please do not brute-force flags.
- Please do not share flags with other players, or explicitly and deliberately cheat.
- Please do not blatantly ask for hints. The proper to way to ask for help is to explain what you have tried and showcase(in a direct message) what errors or output you may have.
Flag Format
Flags for this competition will follow the format: flag\{[0-9a-f]{32}\}
. That means a flag{}
wrapper with a 32-character lowercase hex string inside—basically something that looks like an MD5 hash. And yes, there may or may not be one right here on this page...
Support
For admin support in the case of any technical issues, please join the NahamSec
Discord server.
You should find a #ctf-general
channel in the NahamCon 2025 category and direct your questions there. When your question requires discussing a specific challenge, please direct message one of the challenge authors as noted in the challenge description.
Sponsors




