YesWeHack sponsors Nahamcon 2025 - Winter Edition

Header page image

Are you ready?

On December 17-18, the virtual security conference founded by NahamSec returns for a special winter edition of NahamCon. Lots of activities are planned during these two days - including workshops, talks, CTF challenges, and other surprises!

If you're looking to acquire new skills, connect with other bug hunters, or share insights, don't miss out on the event. It will be broadcast live on YouTube.com/NahamSec.

And yes, it's starting to becoming a habit: YesWeHack is a proud sponsor of the conference!

This year, in addition to a super workshop presented by Brumens, our ✨ amazing H2H team ✨ has created not one, not two, but three CTF challenges for you to enjoy! See details below.

Curious about Python pitfalls?

Our Researcher Enablement Analyst Brumens is as well. That's why he's been spending a lot of time digging into a topic many security teams underestimate: the hidden dangers that lurk in everyday Python code.

Titled “Python Pitfalls: Turning Developer Mistakes into Vulnerabilities,” his upcoming NahamCon workshop distils this research into a practical session designed to help security researchers get more out of Python-focused assessments.

The workshop will showcase how common functions with a simple pitfall can lead to critical vulnerabilities such as SSRF, File read, Code injection and more. To move beyond theory, the session includes six hands-on Dojo labs, each dedicated to a specific Python pitfall.

🗓 Don’t miss it on December 17th!
Exact timing will be announced soon on NahamCon’s website.

Sharpen your skills ⚔️

You're not dreaming! We've created three exclusive CTF challenges for NahamCon.

1️⃣ Dojo HelpCenter

We're starting out with the easiest one! This Android challenge has been developed by Pwnii.

Dojo HelpCenter is a mobile app designed to help bug hunters improve their skills. It looks like a basic help center, but the developers overlooked some security details... Will you be able to you find what they missed?

2️⃣ BugBountyHub

Still in the Android category, our second CTF is a bit more difficult. Pwnii says the complexity is medium!

BugBountyHub is a mobile app designed to help bug hunters manage and preview their reports. The preview feature supports HTML rendering making report writing easier and more professional. Can you find the security flaw and retrieve the flag?

3️⃣ BountyScanner

Last but not least: the most difficult challenge of the three, this time in the web app category - and created by Brumens.

BountyScanner is a vulnerability scanner created for bug hunters to automate the process of finding bugs. It is hosted as a web server. It challenges players to find a way to access internal services and compromise the system hosting the vulnerability scanner to capture the flag.

👉 There's a challenge for every level, so we're counting on you to try solving at least one of them - if not the three!

About YesWeHack

YesWeHack is a leading Bug Bounty and Vulnerability Management Platform used by hundreds of organisations and tens of thousands of bug hunters worldwide. Built and run by ethical hackers since 2015, our Bug Bounty platform offers fast, in-house triage, fair rewards and prompt payouts, and compliance with stringent EU data security laws.

YesWeHack manages hundreds of private and public programs and holds regular Live Hacking Events. Bug Bounty programs include Tencent, Swiss Post, Orange France and the French Ministry of Armed Forces.

Bug hunting is boosted by YesWeHack’s CTF playground/training platform (Dojo), various bug hunting tools, responsible vulnerability disclosure platform (ZeroDisclo.com), non-partisan Bug Bounty/VDP search engine (FireBounty.com), and a blog featuring technical tips and interviews.

Find out more at www.yeswehack.com and via X, LinkedIn, YouTube and GitHub.