NahamCon 2025 CTF: Challenges, Teamwork, and Key Takeaways

Listen to this Post

Featured Image
Participating in NahamCon 2025 CTF was an exhilarating experience, with 3,000+ global teams competing. My team, DawnFelons🐉, faced intense challenges, dropping from 263rd to 555th overnight—yet the learning was invaluable.

Challenges That Stood Out

  • TMCB [Web-Easy]: A web exploitation challenge testing basic security flaws.
  • Cube [Misc-Hard🧠]: A complex reverse engineering and cryptography puzzle.

Key Sponsors & Organizers

Big thanks to John Hammond and NahamSec (Ben Sadeghipour) for organizing this CTF, with sponsors like:
– YesWeHack
– Intigriti
– HackingHub
– ThreatLocker
– Patchstack

You Should Know: Essential CTF Tools & Commands

1. Web Exploitation (TMCB Challenge)

  • Burp Suite: Intercept and modify HTTP requests.
    java -jar burpsuite.jar
    
  • SQL Injection Testing with SQLmap
    sqlmap -u "http://example.com/login" --data="username=admin&password=test" --dbs
    
  • Directory Bruteforcing with Gobuster
    gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt
    

2. Reverse Engineering & Cryptography (Cube Challenge)

  • Ghidra: Decompile and analyze binaries.
    ghidra &
    
  • Binwalk: Extract embedded files.
    binwalk -e suspicious_file
    
  • Python for XOR Decryption
    def xor_decrypt(ciphertext, key):
    return bytes([b ^ key for b in ciphertext])
    print(xor_decrypt(b"encrypted_data", 0x41))
    

3. Privilege Escalation (Post-Exploitation)

  • Linux Privilege Escalation Checker (LinPEAS)
    curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
    
  • Windows Privilege Escalation (WinPEAS)
    iwr -uri https://github.com/carlospolop/PEASS-ng/releases/latest/download/winpeas.bat -OutFile winpeas.bat
    .\winpeas.bat
    

4. Network & Forensics

  • Wireshark for Packet Analysis
    wireshark -k -i eth0
    
  • Steganography (Extracting Hidden Data)
    steghide extract -sf image.jpg -p "pass123"
    

What Undercode Say

CTFs like NahamCon 2025 sharpen real-world cybersecurity skills. Key takeaways:
– Teamwork is crucial—collaboration solves complex challenges faster.
– Web exploitation remains a dominant category—master SQLi, XSS, and SSRF.
– Reverse engineering requires patience—Ghidra, Radare2, and GDB are must-know tools.
– Privilege escalation is a common CTF and real-world attack vector—LinPEAS/WinPEAS are gold.

For aspiring hackers: Practice on platforms like Hack The Box, TryHackMe, and CTFtime.

Prediction

Future CTFs will likely integrate AI-based challenges, requiring knowledge of ML model exploitation and adversarial attacks.

Expected Output

References:

Reported By: Mukesh Chandra – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram