Successful first edition of ethical hacking event HALON with 49 vulnerabilities found

On June 28, a total of 46 students and employees of educational institutions set to work to find vulnerabilities in the networks of TU Delft, WUR, UvA/HvA, UU and SURF. With the aim of further improving digital security. This first edition of the ethical hacking event HALON was a success with 49 found vulnerabilities.

Contributing to strengthening digital resilience in education and research

The aim of HALON (Hack Al het Onderwijs Nederland) is to contribute to the further improvement of digital resilience in education and research. Starting with the institutions that participated in this first edition. Ultimately, the aim is for as many institutions as possible to participate in order to further strengthen the defensibility of the sector as a whole. At the same time, this event - hosted this year by TU Delft - offers students and staff in education and research the opportunity to improve their IT skills in a fun and playful way, while at the same time contributing to a safer digital education and working environment. For themselves, but also for their fellow students and colleagues.

Bringing security specialists together

But finding vulnerabilities is not the only goal of HALON. "With events like this, we hope to bring security specialists in education and research together," says Wim Biemolt, organiser of HALON and member of SURFcert, SURF's incident response team. "So that security people who normally do their own thing at their institution can find each other and learn from each other. We hope that this will help make them enthusiastic about staying or starting work in the sector. Because the temptations to work in other sectors are great.

Two critical vulnerabilities

The results of this first edition of HALON are impressive: the participants - divided into 13 teams - reported a total of 61 vulnerabilities that they found in predetermined open IP ranges of the target institutions. 49 of these were found to be valid by Zerocopter. They were present to validate the vulnerabilities reported. Five of the vulnerabilities were rated 'high', and two even 'critical'. A great result. The institutions and SURF are working to resolve the vulnerabilities.


Four teams were awarded prizes, in the following categories:

  • First vulnerability found: team M
  • Most advanced vulnerability found: team Lantarenpaal
  • Most creative method of finding a vulnerability: team Radboud Institute of Pwning
  • Most vulnerabilities found in all participating networks: team Foks-IT

Successful day

The first edition of HALON was a success. Institutions can continue to work on digital resilience, and the participants had a fun and educational day. Rodrigo Martín, Computer Science student at TU/e: "I want to continue in security, so this is a good opportunity to gain practical experience. I learned a lot today, and with my team we even managed to find a validated vulnerability".

This is a copy of the original news-item on SURF.