MENDIX CTF EVENT

Are you ready for an epic event that will challenge your hacking skills? Sign up for the Mendix P0wn Party and GO BREAK IT!

GO BREAK IT!

During this Capture The Flag (CTF) hacking event, organized in collaboration between The S-Unit and Mendix, you will have 24 hours to detect and exploit vulnerabilities in Mendix web applications, collect flags, and score points. This unique opportunity is made possible through the joint efforts of The S-Unit and Mendix, showcasing their combined expertise in cybersecurity and application development.

The CTF serves as the ultimate challenge to prove yourself, allowing you to test your hacking and development knowledge and skills using state-of-the-art security technologies. But there is more! The event offers the unique opportunity to meet fellow hackers, developers and Mendix enthusiasts from around the world and to exchange experiences and knowledge. During the various interesting workshops, you will gain hands-on experience with the latest technologies and trends, you will learn how to make your Mendix applications more secure and how to avoid common pitfalls. And are you one of the top three best hackers of the Mendix P0wn Party? Then you will receive an amazing prize!

Join us for this groundbreaking CTF, brought to you by the collaboration between The S-Unit and Mendix, and embark on an exhilarating journey of hacking, learning, and networking.

00DAYS LEFT

IMPROVE YOUR SKILLS

Improve your cybersecurity and development skills. The challenges are designed to provide you with hands-on experience in the latest techniques and methods and enable you to learn from other participants.

MEET FELLOW DEVELOPERS

Meet like-minded experts who share your passion for cybersecurity, development, and Mendix. Connect with fellow hackers, developers, and Mendix experts and enthusiasts to expand your professional network!

BOOST YOUR KNOWLEDGE

Cybersecurity and Mendix experts provide many interesting workshops. Get hands-on guidance on how to make your Mendix applications more secure, how to avoid common pitfalls, and gain valuable insights that can help you grow in your career!

ENJOY THE EXPERIENCE

The Mendix P0wn Party is the ultimate playground for all the hacking enthusiasts out there! Solve challenges, crack codes and connect with fellow tech-savvy minds.

4th October

October 5th

14:00 CEST

Walk-in Capture The Flag

10:00 CEST

Workshop

Johannes van Niekerk – Creating apps securely / preventing vulnerabilities

14:30 CEST

Kick-off Mendix CTF

15:00 CEST

Award ceremony

14:40 CEST

Workshop

Dirk van Veen – Security in Mendix apps from a hacker’s perspective

15:30 CEST

Q&A & Drinks

Challenges explained, possibility to ask questions and drinks.

14:40 CEST

Capture The Flag Starts!

16:30 CEST

Workshop

Dirk van Veen – Beginner tips & tricks for hacking Mendix apps

19:00 CEST

Workshop

John Sinteur – Security in the Mendix platform

October 4th

14:00 CEST

Walk-in Capture The Flag

14:30 CEST

Kick-off Mendix CTF

14:40 CEST

Workshop

Dirk van Veen – Security in Mendix apps from a hacker’s perspective

14:40 CEST

Capture The Flag Starts!

16:30 CEST

Workshop

Dirk van Veen – Beginner tips & tricks for hacking Mendix apps

19:00 CEST

Workshop

John Sinteur – Security in the Mendix platform

October 5th

10:00 CEST

Workshop

Johannes van Niekerk – Creating apps securely / preventing vulnerabilities

15:00 CEST

Award ceremony

15:30 – 17:00 CEST

Q&A & Drinks

Challenges explained, possibility to ask questions and drinks.

Participate in the Mendix CTF*

Mendix ctf FAQ

What level of hacking skills do I need to participate in this event?

If you are looking to learn, strictly speaking, there is no prior hacking skill requirement. The competition will have multiple challenges, with difficulty levels varying from very beginner to highly advanced. Additionally, there will be introductory workshops for those unfamiliar with security or hacking with tips and tricks to get you started.

However, do keep in mind that hacking is an exercise that is technical in nature, which means that some familiarity and experience with the technical aspects of Mendix/web applications go a long way.

How do I create a team?

You sign up to the CTF individually at https://p0wnparty.nl/mendix/. When the CTF starts, you will get access to the event app that contains the challenges, scoreboard, and teams. You can create, invite, and join teams in this app.

How many people can you have in a team?

A team can hold up to 5 people. If you don’t have a team prior to the event don’t worry! You may find other team members at the event itself, or you can talk to other participants and ask questions in the CTF channel on the Mendix Community Slack. Not a member yet? Create an account here: http://bit.ly/mxslack.

Is there a limit to the number of participants who can join the event? If so, how can I ensure my spot?

There are 150 seats for the in-person part of the event in the Mendix Office in Rotterdam. There is no limit to the number of online attendees.

When can I stay in the Mendix office?

On October 4^th, the Mendix office is open from 2PM until 9PM. There will be drinks and snacks but not dinner. You cannot stay at the office overnight. On October 5^th, the office will open from 9AM till 5PM.

Is there food?

On Oct 4^th, there will be snacks and drinks in the afternoon. While Mendix does not provide dinner for this event, we recommend any of the restaurants around the Mendix office. You can take your food to the 6^th floor cafeteria (enter through the 5^th floor), just make sure you clean everything up nicely, like at home 😉

On Oct 5^th, there will be snacks and drinks in the morning and afternoon. Lunch will start at 11:30 AM on the 5^th floor and can be had in the 6^th-floor cafeteria. When you’re done, take your tray down to the 5^th floor and clear it away. Do NOT be late, because you will have to queue up with the rest of the Mendix employees. Unless that’s exactly what you want.

How do I participate online?

The opening and closing ceremonies and workshops will be streamed live on Zoom. The links to the sessions will be shared in the CTF channel on the Mendix Community Slack. Not a member yet? Create an account here: http://bit.ly/mxslack.

Do I need any prerequisite knowledge or tools to take part in the Capture The Flag?

Although not strictly necessary, there are a few things that can make participation in the CTF significantly easier:

Knowledge of JavaScript and the Mendix Client API:
- https://docs.mendix.com/apidocs-mxsdk/apidocs/client-api/
Access to / experience with a local web proxy, such as Burp Suite or OWASP Zap
- https://portswigger.net/burp/communitydownload
- https://www.zaproxy.org/download/

Will any resources be provided before the event to help participants prepare?

For those who are new to hacking, there will be beginner workshops on security and hacking Mendix application during the event. There will also be coaches on site and online who can give tips and hints to teams concerning the challenges. Note that this is still a competition, which means that as the difficulty of the challenges increases, the number of hints and the level of details provided by coaches will decrease significantly.

If participating online, will there be any specific software or platforms needed to join the event?

All you need is a browser.

Are the workshops suitable for beginners, or are they aimed more towards those with an advanced level of cybersecurity knowledge?

The workshops are aimed at Mendix makers with limited to no security-specific experience.

What type of vulnerabilities do we need to exploit?

The CTF will center around Mendix applications. As such, there will be several Mendix-specific types of vulnerabilities related to the domain model, access rules, microflows, etc. However, Mendix applications are still web applications, so you may also encounter more traditional web application vulnerability types.

Are there any restrictions on the type of equipment or software I can use during the event?

We ask players not to use traditional, automated (web app) vulnerability scanners. These are notoriously bad at analyzing Mendix applications and typically only cause unnecessary load for the apps.

How will the points be scored during the Capture The Flag event?

The CTF will use a Jeopardy-style scoring mechanism, where challenges have fixed and pre-determined values. In case of ties, the winner will be determined based on flag submission time.

How will the event be managed to ensure fair competition and maintain the integrity of the event?

A dedicated support crew of 20 people is available throughout the event to make sure everything runs smoothly. We expect everyone to treat each other with respect and human decency.

Will there be opportunities for networking during or after the event?

Yes! We encourage you to connect with as many people as possible during the event. This is your chance to connect with Mendix and security experts.

What type of prizes will be awarded to the top 3?

Each member of a team that ends up in the top 3 will receive a trophy and a special prize.

What are the dates and times for the workshops that will be conducted during the event?

You can find the full schedule at https://p0wnparty.nl/mendix/.

Are the workshops recorded and shared afterwards?

Yes.

How do I get to the Mendix office in Rotterdam by public transport?

From Rotterdam Central Station, take Metro D (destination De Akkers) or E (destination Slinge) and get off at Metro station Wilhelminaplein. Go up the stairs and exit through the left tunnel. Cross the road and enter The Rotterdam building using the entrance just beyond the Nhow hotel entrance. Then take the elevator up to the 5th floor. You’re now at the Mendix office.

How do I get to the Mendix office in Rotterdam by car?

Enter Wilhelminakade 197 into your navigation. You can park in Q-park De Rotterdam or Q-park Boston nearby. Mendix does not provide exit cards for this event.