JerseyCTF Competition Shatters Record for Highest Participation from Around the World

It was a global cyber attack of epic proportions — but only in the best way possible for the student chapter of the Association for Computing Machinery (ACM) and the NJIT Secure Computing Initiative. The second annual NJIT JerseyCTF competition attracted participants from around the world and exceeded the target goals — and expectations — of the organizers by more than doubling the previous year’s registrations. 

A mix of student, professional and amateur cyber enthusiast teams battled to “capture the flag” by cyber hacking their way through a series of challenges to win coveted prizes. Winning teams were awarded an impressive array of prizes for their “heisting” expertise, but all involved in the event had the opportunity to hear top industry and government guest speakers from distinguished organizations including the FBI, NJCCIC, FRSecure, Accenture, Google and CrowdStrike, among many others.

The competition attracted 1,470 registrants and resulted in 505 teams comprised of 785 participants from 46 countries and 40 U.S. states who engaged in solving a series of 45 beginner to advanced cybersecurity challenges. 

The battle was fierce at times and trash talkers ran the risk of getting disqualified, but they were few and far between during the weekend-long event that tested the skill and tenacity of dedicated code breakers on a mission. 

Team fierceBadRabbits from Duke University (student division) and idek (non-student division) took first place honors, earning $1,000 for the entire team and a Black Hat Briefings Virtual Conference voucher for each teammate. 

Second place winners KnightSec from the University of Central Florida (students) and View Source (non-students) were awarded $750 for the entire team and a choice of 1 CompTIA Certification Basic Bundle (Security+, Pentest+, or CySA+) for each teammate.

Panda Bears from Japan (non-students) and carl g evan’s week 3 discussion from University of IL at Urbana-Champaign (students) earned $500 and a one-year McAfee Antivirus subscription with VPN included for each teammate as the third-place contestants. 

Keynote Speaker Michael Geraghty of the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) was instrumental in assisting to increase sponsorships and attracting higher-level speakers. He also provided valuable guidance and advice to the students in addition to lending support from his own team for help with challenges and technical oversight. 

But the ACM team comprised of students from the Ying Wu College of Computing deserve the biggest accolades for their tireless work in organizing an event that is a now benchmark for future competitions across the globe. 

All challenges, solutions, build tools, write-ups and backend infrastructure, among additional resources, were devised and executed by the team of 18 students and industry professionals, led by project leader and computing major Logan Reyes, who supervised the event and challenges through the lifecycle; ACM President David Garcia, who handled logistics, adjudicated final decisions and coordinated the speakers; Christian Gutierrez, co-coordinator of speakers and challenge tester; and Massa Belal, a new ACM member and first-time CTF team participant, who worked with sponsors and oversaw the email campaign.

Of the 18 people devising challenges, two from high schools created seven of the hardest digital puzzles. According to Gutierrez, the “win-bin-analysis” challenge was only solved by seven people who found the hidden word. 

Planning for the competition starts not long after the previous one is completed, with new challenges being built during summer. “The biggest challenge is coming up with ideas for the challenges themselves,” said Gutierrez. 

Competition day also included a team building event for the NJIT-ACM members to meet to review, test and oversee the challenges. Garcia also ran some side events for fun. 

Plans for the April 2023 competition will include challenges based on recently disclosed vulnerabilities, such as log4shell (CVE-2021-44228), further increasing sponsorship fundraising, and continuing to improve the event infrastructure. 

Reyes also wants to continue “welcoming more international players from around the world.”

Garcia stated, “One of the best parts about this event is connecting with each other. You learn so much from working together.” 

The experience has inspired Belal to pursue a master’s in Cybersecurity & Privacy once she graduates. 

Until next year, the “heist” is over on a job well done.