A team of five Johns Hopkins University students finished second in the annual Raymond James Capture the Flag cybersecurity competition, held on Saturday, October 5 in St. Petersburg, Florida. The event challenged 14 teams of students from universities across North America to solve real-world cybersecurity scenarios.
This year’s results mark Johns Hopkins’ best-ever performance in the competition, surpassing its previous third-place finishes in 2018 and 2023.
The JHU team included Zhengyu Liu, a CS PhD student; Ishmeal Lee, an undergraduate CS major; and Xinyue Huang, Marcos von Sydow, and Jiacheng Zhong, all students in the department’s Master of Science in Security Informatics program. Xiangyang Li, the MSSI program director, coached the team.
This year, the competition took on a Jeopardy-style format that tested the teams’ skills and allowed them to apply their technical knowledge to identify and exploit security vulnerabilities across technologies in a series of challenges. Liu explains that once a challenge was solved, a unique code, called a “flag,” was revealed. The team then submitted the flag to score points.
The team at work during the competition.
The competition began with a unique physical security task for each of the teams to complete. The JHU team was asked to extract information from a blank magnetic stripe card using a small box of tools that included a nail, a notebook, a candle, a grindstone, and a pencil.
“We tried several approaches, like heating the card to reveal hidden details, scratching the surface, and even covering the card with notebook paper to rub a pencil over it, hoping to capture any indentations,” Liu says. “Eventually, we discovered that the information was encoded directly within the magnetic stripe itself, which we revealed by sprinkling iron filings, filed from the nail, over the stripe, allowing us to decode the hidden pattern.”
The Raymond James CTF was Zhong’s first-ever in-person cybersecurity competition.
“It turned out to be one of the most unforgettable experiences of my life,” he says. “It felt like a roller coaster, going from the lower ranks to securing second place by the end of the event. Thanks to our team’s strong collaboration and indomitable spirit, we made it happen. I’m proud and honored to have achieved such a great outcome on behalf of the JHU Information Security Institute.”
A team from the University of South Florida finished first, and Purdue University came in third place.