ZeroDayZoetermeer 2026: Hacking in Hoodies and Putting the Municipality to the Test

On Friday 8 May, the third edition of ZeroDayZoetermeer took place at the Dutch Innovation Factory. Around fifty higher education students from institutions including The Hague University of Applied Sciences, Utrecht University of Applied Sciences, Leiden University of Applied Sciences and Inholland University of Applied Sciences travelled to Zoetermeer to further develop and sharpen their hacking skills.

During the event, students could choose between two tracks. In Hack Zoetermeer, participants were given the opportunity to ethically test the digital systems of the Municipality of Zoetermeer in a controlled environment. Students with less experience could take part in the competitive Capture the Flag (CTF) track, where they improved their cybersecurity skills by solving technical puzzles and challenges.

A day of excitement and healthy tension

Armed with laptops, chargers and the now-iconic ZeroDayZoetermeer hoodie, students arrived at the Dutch Innovation Factory around lunchtime. To keep energy levels high throughout the day, catering partner Bij Foodie provided lunch, snacks, drinks and dinner for all participants.

Alderman Jan Iedema officially opened the event with a mix of enthusiasm and humour. “I’m standing here with both excitement and concern,” he joked. “Excitement because we are once again working together with students and companies on a safer digital future and training the next generation of cybersecurity professionals. But also concern, because as a municipality we are deliberately making ourselves vulnerable today, you are all allowed to try and hack us.”

Real-World Cybersecurity Challenges

In the Hack Zoetermeer track, students actively searched for vulnerabilities within municipal systems. New this year was an additional operational technology (OT) challenge, where participants attempted to hack a PLC installation, hardware used to control infrastructure such as water levels and sewage pumps.

The relevance of this challenge became immediately clear during the event itself. Alderman Iedema explained that the municipality was dealing with a sewage system disruption at that very moment, with investigations underway into whether the issue had been caused by a programming error or potentially a cyberattack.

The challenge motivated students to carefully test, analyse and document vulnerabilities. As organisers emphasised throughout the day: finding a vulnerability is only part of the process, proper reporting and reproducibility are equally important.

Competitive spirit during the capture the flag

Alongside the live hacking environment, the Capture the Flag competition was in full swing. Infinity IT provided the server infrastructure for the CTF environment, where teams competed through a series of technical cybersecurity challenges requiring both creativity and technical expertise.

A live scoreboard kept the competition intense throughout the afternoon, with two teams running neck-and-neck towards the finish. Ultimately, team CTF Crushers claimed victory thanks to both their high score and the quality of their technical write-ups explaining how they solved the challenges.

From student to cybersecurity professional

Former HBO-ICT student Coen Zandstra also attended the event as a mentor and facilitator. Zandstra, now working as an inspector at the Dutch Authority for Nuclear Safety and Radiation Protection (ANVS) and active as an ethical hacker, participated in the previous editions of ZeroDayZoetermeer himself.

Partly thanks to skills developed during earlier editions, he recently discovered and responsibly disclosed a vulnerability at the Dutch National Institute for Public Health and the Environment (RIVM) through the National Cyber Security Centre (NCSC-NL). As a reward, he received the well-known hacker T-shirt reading: “I hacked the Dutch government and all I got was this lousy T-shirt.”

Award ceremony

After a full afternoon of hacking, testing and solving challenges, an independent jury of cybersecurity experts selected the winning teams. The Hack Zoetermeer award went to team Eye of Horus, who identified the most significant vulnerability within the PLC installation controlling municipal water pumps.

The jury particularly praised the team’s clear reporting and supporting evidence demonstrating the potential impact of the vulnerability. Their findings will now be further investigated together with the responsible departments and suppliers.

The winning teams received their awards from ICT Alderman Marijke van der Meer. Alderman Jan Iedema closed the event with a smile, stating: “Anyone capable of hacking the municipality should definitely give me a call, there is always room here for talented people.”

Organisation

ZeroDayZoetermeer was organised by the Municipality of Zoetermeer in collaboration with the Dutch Innovation Park, The Hague University of Applied Sciences, mboRijnland, Eye Security, the Dutch Institute for Vulnerability Disclosure (DIVD), Security Delta (HSD), Infinity IT and student association S.V. Equinox.

About ITVZH

IT Verband South Holland contributes to the sustainable development of IT talent for SMEs in South Holland. With support from the National Growth Fund, WE-IT, IT Campus Rotterdam, the Dutch Innovation Factory and Security Delta (HSD) are joining forces to strengthen education and training programmes, intensify research and development projects, and stimulate collaboration between SMEs and education providers. The ultimate goal: to reduce the shortage of IT talent in small and medium-sized enterprises.

The IT Verband Zuid-Holland programme aims to tackle the growing talent shortage for SMEs in South Holland and is a collective effort of WE-IT Zuid-Holland, Dutch Innovation Factory, Security Delta and IT Campus Rotterdam.

Source: Dutch Innovation Park