P0wn Party

MENDIX CAPTURE THE FLAG 2024

OCTOBER 10 & 11

Are you ready for an epic event that will challenge your hacking skills? Then sign up and you will be the first one to know when registration goes live so you can reserve your spot before anyone else and GO BREAK IT!
GO BREAK IT!

During this Capture The Flag (CTF) hacking event, you will have two days to detect and exploit vulnerabilities in Mendix web applications, collect flags, and score points. This unique opportunity is made possible through the joint efforts of The S-Unit, Mendix, Low-Code Academy, and Kobeon, showcasing their combined expertise in cybersecurity and application development.

The CTF serves as the ultimate challenge to prove yourself and test your hacking and development knowledge and skills using state-of-the-art security technologies. But there is more! The event offers the unique opportunity to meet fellow hackers, developers and Mendix enthusiasts from around the world and to exchange experiences and knowledge. Workshops, hosted by security experts, will provide hands-on experience with the latest technologies and trends, teaching you how to make your Mendix applications more secure and how to avoid common pitfalls. If you hack your way to the top 3, you can claim eternal fame and some amazing prizes!

Join us on October 10-11 in the Mendix Rotterdam office or online, and experience an exciting journey of hacking, learning, and networking.

We listened to last years’ feedback and made some improvements for this edition:
  • More beginner friendly
  • Lunch and dinner are now also included on day 1 (and lunch on day 2)
  • More time to hack! CTF 24 is two full days
Mendix CTF 2023
Mendix CTF 2023
IMPROVE YOUR SKILLS
Learn new cybersecurity and Mendix development skills by tackling the challenges together. Use the knowledge from security experts firsthand in detailed workshops.
MEET FELLOW DEVELOPERS
Meet like-minded development professionals who share your passion for cybersecurity, app development, and Mendix and expand your professional network.
BOOST YOUR KNOWLEDGE
Cybersecurity and Mendix experts provide many interesting workshops. Get hands-on guidance on how to make your Mendix applications more secure, how to avoid common pitfalls, and gain valuable insights that can help you build more secure apps.
HAVE FUN!
The CTF is the ultimate playground for all the hacking enthusiasts out there! Solve challenges, crack codes, and connect with fellow tech-savvy minds. If you’re in the office, join a gaming competition and win big!
Day 1 – 10th October
Day 2 – 11th October
8:00 AM
Walk-in and registration
8:00 AM
Office open
9:00 AM
Capture The Flag 2024 Kick-off
10:00 AM
Workshop
Hunter Koppen – Top Security Features Introduced from Mendix 8 to 10
9:30 AM
Workshop
Dirk van Veen – Beginner Tips & Tricks for Hacking Mendix Apps
11:30 AM
Lunch
11:30 AM
Lunch
3:00 PM
Award Ceremony
2:00 PM
Workshop
Rene van Hofwegen – Tips & Tricks for Developing Secure Mendix Apps
3:30 PM
Solution Explanation
3:00 PM
Table Tennis Tournament
Rotterdam
4:00 PM
Drinks & Snacks
4:00 PM
Workshop
John Sinteur – Security in the Mendix Platform
5:00 PM
Weekend!
6:00 PM
Dinner
8:00 PM
Mario Kart Tournament
Rotterdam
October 10th
8:00 AM
Walk-in and registration
9:00 AM
Capture The Flag 2024 Kick-off
9:30 AM
Workshop
Dirk van Veen – Beginner Tips & Tricks for Hacking Mendix Apps
11:30 AM
Lunch
2:00 PM
Workshop
Rene van Hofwegen – Tips & Tricks for Developing Secure Mendix Apps
3:00 PM
Table Tennis Tournament
Rotterdam
4:00 PM
Workshop
Jon Sinteur – Security in the Mendix Platform
6:00 PM
Dinner
8:00 PM
Mario Kart Tournament
Rotterdam
October 11th
8:00 AM
Office open
10:00 AM
Workshop
Hunter Koppen – Top Security Features Introduced from Mendix 8 to 10
11:30 AM
Lunch
3:00 PM
Award Ceremony
3:30 PM
Solution Explanation
4:00 PM
Drinks & Snacks
5:00 PM
Weekend!
Register for the Mendix CTF*
*In-person attendance at the Mendix office in Rotterdam is fully booked; only registrations for online participation are possible.

    Mendix ctf FAQ
    What level of hacking skills do I need to participate in this event?
    If you are looking to learn, strictly speaking, there is no prior hacking skill requirement. The competition will have multiple challenges, with difficulty levels varying from very beginner to highly advanced. Additionally, there will be introductory workshops for those unfamiliar with security or hacking with tips and tricks to get you started.

    However, do keep in mind that hacking is an exercise that is technical in nature, which means that some familiarity and experience with the technical aspects of Mendix and web applications go a long way.
    How do I create a team?
    You sign up to the CTF individually at https://p0wnparty.nl/mendix/. When the CTF starts, you will get access to the event app that contains the challenges, scoreboard, and teams. You can create, invite, and join teams in this app.
    How many people can you have in a team?
    A team can hold up to 5 people. If you don’t have a team prior to the event don’t worry! You may find other team members at the event itself, or you can talk to other participants and ask questions in the CTF channel on the Mendix Community Slack. Not a member yet? Create an account here: https://bit.ly/mendixslack24.
    Is there a limit to the number of participants who can join the event? If so, how can I ensure my spot?
    There are 175 seats for the in-person part of the event in the Mendix Office in Rotterdam. There is no limit to the number of online attendees.
    When can I stay in the Mendix office?
    On October 10, the Mendix office is open from 8AM til 9PM. You cannot stay at the office overnight. On October 11, the office will be open from 8AM till 5PM.
    Is there food?
    For those who are joining the event in the Rotterdam office, Oct 10, there will be welcome drinks and a snack between 8AM and 9AM. Lunch will be available around noon. There will also be drinks and snacks in the afternoon.

    On Oct 11, there will be snacks and drinks in the morning and afternoon. Lunch will be available around noon. Do NOT be late, because you will have to queue up with the rest of the Mendix employees. Unless that’s exactly what you want, of course.
    How do I participate online?
    The opening and closing ceremonies and workshops will be streamed live on Zoom. The links to the sessions will be shared in the CTF channel on the Mendix Community Slack. Not a member yet? Create an account here: https://bit.ly/mendixslack24.
    Do I need any prerequisite knowledge or tools to take part in the Capture The Flag?

    Although not strictly necessary, there are a few things that can make participation in the CTF significantly easier:

    Will any resources be provided before the event to help participants prepare?
    For those who are new to hacking, there will be beginner workshops on security and hacking Mendix application during the event. There will also be coaches on site and online who can give tips and hints to teams concerning the challenges. Note that this is still a competition, which means that as the difficulty of the challenges increases, the number of hints and the level of details provided by coaches will decrease significantly.
    Are the workshops suitable for beginners?
    The workshops are for people with different levels of experience with cybersecurity, JavaScripting, and more. The first workshop is specifically aimed at beginners and provides hands-on tips and tricks to learn how to find vulnerabilities in Mendix apps.
    What type of vulnerabilities do we need to exploit?
    The CTF will center around Mendix applications. As such, there will be several Mendix-specific types of vulnerabilities related to the domain model, access rules, microflows, etc. However, Mendix applications are still web applications, so you may also encounter more traditional web application vulnerability types.
    Are there any restrictions on the type of equipment or software I can use during the event?
    We ask players not to use traditional, automated (web app) vulnerability scanners. These are notoriously bad at analyzing Mendix applications and typically only cause unnecessary load for the apps.
    How will the points be scored during the Capture The Flag event?
    The CTF will use a Jeopardy-style scoring mechanism, where challenges have fixed and pre-determined values. In case of ties, the winner will be determined based on flag submission time.
    How will the event be managed to ensure fair competition and maintain the integrity of the event?
    A dedicated support crew of 20 people is available throughout the event to make sure everything runs smoothly. We expect everyone to treat each other with respect and human decency.
    Will there be opportunities for networking during or after the event?
    Yes! We encourage you to connect with as many people as possible during the event. This is your chance to connect with Mendix and security experts.
    What type of prizes will be awarded to the top 3?
    Each member of a team that ends up in the top 3 will receive a trophy and a special prize.
    What are the dates and times for the workshops that will be conducted during the event?
    You can find the full schedule at https://p0wnparty.nl/mendix/.
    Are the workshops recorded and shared afterwards?
    Yes.
    How do I get to the Mendix office in Rotterdam by public transport?
    From Rotterdam Central Station, take Metro D (destination De Akkers) or E (destination Slinge) and get off at Metro station Wilhelminaplein. Go up the stairs and exit through the left tunnel. Cross the road and enter The Rotterdam building using the entrance just beyond the Nhow hotel entrance. Then take the elevator up to the 5th floor. You’re now at the Mendix office.
    How do I get to the Mendix office in Rotterdam by car?
    Enter Wilhelminakade 197 into your navigation. You can park in Q-park De Rotterdam or Q-park Boston nearby. Mendix does not provide exit cards for this event.
    I registered to participate on-site but I can’t make it, how do I change my registration?
    If you want to cancel or change your registration to remote, please email us at community@mendix.com.
    I’m on the waiting list to join on-site. How does that work?
    It’s first come, first serve. When a spot opens up on-site, the first person on the waiting list will move into that seat and gets notified about this change to their registration.