Hackevent HALON: 'hack' an educational institution

Are you a student or employee with a hacker mindset? And do you want to make Dutch education more cyber resilient? Then HALON is for you! Compete with other teams to find vulnerabilities at different educational institutions. This year, we are guests at Windesheim University of Applied Sciences in Zwolle on 10 October.

Drie studenten achter een laptop
10 Oct 2023
9.00 to 19.00
Windesheim University of Applied Sciences


HALON (Hack All Education in the Netherlands) is a hacking event for education, by education. With your team, you will search for vulnerabilities in the open IP ranges and a number of domain names of various Dutch educational institutions. By finding vulnerabilities, you also contribute to the cyber resilience of these institutions. The organisation is in the hands of SURF, the ICT partnership for education and research. We ensure proper handling of found vulnerabilities.

For whom?

HALON is intended for students and employees of universities, colleges and mbo's. It is useful if you already know your way around IT systems, but even if you are not very experienced, you are welcome.

Little experience with hacking? Follow the ethical hacking crash course on 25 September

On 25 September in the morning, we will organise a meeting on ethical hacking for those who have little experience with hacking but would like to join in. Interested? Then register now! Experienced hackers will also be present on 10 October to ask your questions if, for example, you get stuck somewhere.

What's in it for you?

If you participate, you get:

  • a must-have HALON2023 T-shirt
  • one or more fun prizes (if you win 😉 )
  • a fun day with other students and staff where you also improve your IT skills at the same time
  • a more cyber-proof educational environment


9.15 Walk-in and registration
10.00 Kick-off
10.15 Find all the vulnerabilities you can
12.30 Lunch
16:55 End of event
17.00 Drinks, pizza and jury deliberations
18.30 Award ceremony

Put together a team and sign up!

Put together a team of up to 3 people. A team can consist of only students, only staff members or a combination of the two. It is also possible to put together a team with students and/or staff from other educational institutions than the one you are affiliated with. Don't have a team and still want to participate? Then register before 30 September and mention 'Single Player' in the comments field. The organisation will then assign you to a team.


  • Each team member must register separately with his/her e-mail address of the institution at which they study or work: This is necessary to identify yourself as a student or employee of an educational institution (Tip: on the registration form, choose the option 'Log in with your institution account' (via SURFconext)')
  • Mention the name of your team in the comments field of the registration form. If you do not do this, the organisation will assign you to a team.
  • The maximum capacity of this event is 33 teams of 3 people.
  • Please register no later than 30 September.  

Prize categories

In addition to eternal glory, as a team you can win prizes in the following categories, plus at least these additional categories per university/school:

  •     first successful verified vulnerability
  •     most advanced verified vulnerability
  •     most creative verified vulnerability

If you care about the big money: alas, there are no cash prizes to be won.


HALON's rules are based on the normal coordinated vulnerablilty disclosure policies of all participating educational institutions. This means, for example:

  • do not exploit vulnerabilities, for example by downloading more data than necessary to demonstrate the vulnerability, looking into third-party data, deleting or modifying data.
  • be extra careful when personal data is involved.
  • alert organisations well before further sharing information about your findings, thus giving them time to fix the problems found. This minimizes the risk of misuse.
  • delete data you obtain through vulnerabilities as soon as possible.
  • do not use social engineering, spam or perform denial of service (DoS) attacks.

Any questions?

Please contact halon@surf.nl.

Het logo van HALON 2023