Listen to this Post

Participating in NahamCon 2025 CTF was an exhilarating experience, with 3,000+ global teams competing. My team, DawnFelons🐉, faced intense challenges, dropping from 263rd to 555th overnight—yet the learning was invaluable.
Challenges That Stood Out
- TMCB [Web-Easy]: A web exploitation challenge testing basic security flaws.
- Cube [Misc-Hard🧠]: A complex reverse engineering and cryptography puzzle.
Key Sponsors & Organizers
Big thanks to John Hammond and NahamSec (Ben Sadeghipour) for organizing this CTF, with sponsors like:
– YesWeHack
– Intigriti
– HackingHub
– ThreatLocker
– Patchstack
You Should Know: Essential CTF Tools & Commands
1. Web Exploitation (TMCB Challenge)
- Burp Suite: Intercept and modify HTTP requests.
java -jar burpsuite.jar
- SQL Injection Testing with SQLmap
sqlmap -u "http://example.com/login" --data="username=admin&password=test" --dbs
- Directory Bruteforcing with Gobuster
gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt
2. Reverse Engineering & Cryptography (Cube Challenge)
- Ghidra: Decompile and analyze binaries.
ghidra &
- Binwalk: Extract embedded files.
binwalk -e suspicious_file
- Python for XOR Decryption
def xor_decrypt(ciphertext, key): return bytes([b ^ key for b in ciphertext]) print(xor_decrypt(b"encrypted_data", 0x41))
3. Privilege Escalation (Post-Exploitation)
- Linux Privilege Escalation Checker (LinPEAS)
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
- Windows Privilege Escalation (WinPEAS)
iwr -uri https://github.com/carlospolop/PEASS-ng/releases/latest/download/winpeas.bat -OutFile winpeas.bat .\winpeas.bat
4. Network & Forensics
- Wireshark for Packet Analysis
wireshark -k -i eth0
- Steganography (Extracting Hidden Data)
steghide extract -sf image.jpg -p "pass123"
What Undercode Say
CTFs like NahamCon 2025 sharpen real-world cybersecurity skills. Key takeaways:
– Teamwork is crucial—collaboration solves complex challenges faster.
– Web exploitation remains a dominant category—master SQLi, XSS, and SSRF.
– Reverse engineering requires patience—Ghidra, Radare2, and GDB are must-know tools.
– Privilege escalation is a common CTF and real-world attack vector—LinPEAS/WinPEAS are gold.
For aspiring hackers: Practice on platforms like Hack The Box, TryHackMe, and CTFtime.
Prediction
Future CTFs will likely integrate AI-based challenges, requiring knowledge of ML model exploitation and adversarial attacks.
Expected Output
- CTF Platforms: CTFtime | Hack The Box
- Bug Bounty Platforms: YesWeHack | Intigriti
https://www.youtube.com/c/Nahamsec
References:
Reported By: Mukesh Chandra – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


