JerseyCTF 2024 IV Earns Its Place Among the Competition
The fourth edition of the annual Jersey Capture the Flag competition has become a brand standard among the global millions who depend on the dashboard CTFTime to remain informed and participate in the highly popular information security competitions. This year’s event drew many repeat visitors to the NJIT campus as well as online from around the world to brave the 24-hr. marathon and hack their way through a total of 67 challenges in cryptography, binary exploitation/reverse engineering, forensics, web exploitation and OSINT (open source intelligence).
The competition drew 1,700 registrants comprising 863 teams, of which 1,087 active users and 651 teams participated. Approximately 125 students, including those from NJIT, took part on-site in the Campus Center ballroom, which featured tables by event sponsors ADP, AWS, Crowdstrike, Google Cloud, ISACA, Merck, Palo Alto Networks and Splunk. A special debt of gratitude was extended to principal sponsor NJCCIC (New Jersey Cybersecurity & Communications Integration Cell) and its director Mike Geraghty, who has actively supported and championed NJIT and JerseyCTF since the competition’s inception four years ago.
JerseyCTF 2023 was fortunate to have CBS meteorologist John Elliott broadcast live in the early morning hours of day two (thanks to him for giving NJIT an on-air shout this year), where he interviewed Geraghty, along with various local and national students, faculty and the soon-to-be inaugurated President Teik C. Lim.
Planning for the competition began in late November by core team members Ian Hanna, John Zabriskie, Al Simpson, Logan DesRochers and Will Simpkins; Dina Anello, executive director of External Relations, acted as advisor to the team and was responsible for assisting to coordinate the event day itself. All but Simpkins are also members of the elite CyberCorps Scholarship for Service (SFS) Program through the NJIT Secure Computing Initiative (SCI), who, along with the student chapter of the Association for Computing Machinery (ACM) and the NJIT Information and Cybersecurity Club (NICC), collectively produce the JerseyCTF competitions every year.
“Each of us have our own strengths, and when we put them together, we get an amazing event!” said Zabriskie, who was lucky enough to have JerseyCTF IV be his master’s project prior to graduating in December 2024.
Simpson remarked that many people do not fully understand just how much work goes into making the event happen, with challenge developers, including students from each of the chapter organizations along with alumni, faculty and even some sponsors, spending months working non-stop to create the well-designed hacking puzzles that will ultimately allow competitors to find the flags and earn cash prizes, vouchers for cybersecurity conferences and training certifications.
“We are known now, so some cybersecurity clubs from nearby states will show up to compete -and win!” he said.
Hanna finds managing the event weekend to be somewhat “mystifying,” stating, “We plan so much for everything but there are some things you just can’t plan ahead for,” referencing supplies and orders not delivered, misrouted or that are incorrect; equipment such as microphones, speakers or video monitors malfunctioning; or handling last minutes changes to guest speakers.
But in the end, this, too, is an education: in problem solving, multitasking, adapting, working as a group – and diplomatically addressing different personalities and opinions.
The “command station,” as Anello calls it, is where the main organizers are front and center; ACM handles speaker streaming, events and other in-person requirements; and NICC responds to technical issues and answers the many help tickets streaming in from teams in the room and online.
Hanna and Simpson recall an instance where one competitor submitted a ticket adamantly refuting a challenge as incorrect and his solution being valid. According to Simpson, the player demanded that he be connected to the developer, an alumnus who was out-of-state.
“It became the meme of the day to just yell ‘get me Dan!’ whenever we experienced any kind of problem or hiccup,” he said.
Hanna added, “After we had been talking to this person for 10 long minutes, Professor [Ryan] Tolboom provided an explanation in two short ones. The student not only accepted his answer but agreed and thanked him for the teaching moment. It was funny to see a professor legitimately teach someone something outside of class who wasn’t their student. Sometimes you get more than you came for.”
Future goals will incorporate the feedback given through surveys to continue striving to make JerseyCTF V a touchstone among the competition. In the meantime, another CTF event is taking place somewhere in the world right now for anyone with the skills and endurance to “hack it.” And NJIT will be ready for the challenge when they return next year.
The Winners
Open Division (includes professionals):
1 - InfoSec IITR (a school in India)
2 – L3ak (Multinational but primarily North American)
3 – Binary Peasants (U.S.)
Student Division:
1 – KCSC (Vietnam) – Academy of Cryptography Techniques
2- BKISC (Vietnam) – Ho Chi Minh City University of Technology
3- Students Taking Flags United (Hong Kong) – The Hong Kong University of Science and Technology
Top countries participating: U.S. (39 states), India, Vietnam, Canada, Indonesia, Morocco, Australia, Russia, France, and Hong Kong.