Hello, I'm
Kevin McCarthy
BS Cybersecurity Student @ RIT
Hello, I'm
BS Cybersecurity Student @ RIT
Incident Response, Digital Forensics, Ethical Hacking, and Network Security
Bachelors in Cybersecurity
Minor in System Administration
Focused and driven second-year Cybersecurity student actively seeking 2025 co-op opportunities in both Cybersecurity and Networking fields. Eager to expand upon current foundational knowledge through practical, hands-on experience. Flexible to adjust availability to meet organizational needs.
Active member of RIT's largest academic club. Focused on furthering student's cybersecurity development according to their motto "Security Through Community" with student-led efforts including education, research, interest groups, and renowned competitions such as IRSeC, ISTS, and RITSEC CTF, attracting global talent.
Demonstrated skills in incident response and penetration testing through competitive events, including 2nd place finishes in University of Buffalo Lockdown and CORA II. Additionally collaborated on RIT competition development, contributing to competition logging and King of the Hill (KoTH) challenge design and implementation.
Dedicated indoor boulderer who has developed valuable skills in strategic thinking, risk management, and perseverance through progressively difficult climbs. Proven ability to set realistic goals, adapt to dynamic situations, and work effectively both independently and in group settings.
Initiative's founder and active manager establishing the website, eligibility criteria, and selection process for evaluating award recipient submissions, enabling the distribution of over $1,000 to underrepresented students attending West Haven High School in Connecticut, directly supporting their educational pursuits.
Analysis and extraction of hidden data were performed across two distinct scenarios using digital forensics techniques. The first scenario involved a complex drug smuggling operation, requiring the examination of forensic images and memory dumps from multiple devices (Windows laptops and a desktop) belonging to individuals with interconnected roles – a suspected smuggler, an undercover officer, and a drug distributor. This case necessitated the identification of communication patterns, the uncovering of hidden files potentially using steganography as suggested by the persona descriptions, and the piecing together of the motives and objectives of each individual across different Windows 10 builds. The second scenario involved the alien abduction of astronomer Jesse McCarthy's laptop and cat Bingus. This shifted the focus to analyzing recovered "UFO crash" artifacts to seek insights into the nature and implications of this extraterrestrial event.
To provide a practical and controlled setting for cybersecurity education and testing, a deliberately vulnerable Windows machine named database was designed and deployed, featuring multiple attack vectors like remote code execution (RCE) and weak authentication. Intentionally misconfigured security settings were used to mirror common real-world weaknesses, allowing for the simulation of realistic exploitation scenarios. The environment's susceptibility to attacks was rigorously validated using industry-standard tools such as Nmap for reconnaissance and Metasploit for exploit execution, alongside the exploration of various privilege escalation techniques.
A Windows Server was configured with essential client services, including Active Directory, DHCP, DNS, and a pfSense gateway, to establish a functional network environment. User accounts, organizational units (OUs), and Group Policy Objects (GPOs) were effectively managed across both Linux and Windows client systems, ensuring consistent policy enforcement. For version control, remote Git repositories were configured on a Linux server, facilitating collaborative development workflows. Secure file transfer capabilities were implemented through a vsftpd server with mounted storage. Furthermore, various remote access and file sharing protocols, such as rsync, FTP, Samba, and NFS, were implemented and evaluated for their effectiveness. Finally, an Apache webserver with robust SSL/TLS encryption was deployed to provide a secure user login interface.
Employing the MITRE ATT&CK framework within a RITSEC mentorship, adversarial tactics were applied across diverse real-world scenarios through hands-on simulations. This practical approach emulated sophisticated cyber-attacks, demonstrating a comprehensive understanding of adversary behavior and the techniques, tactics, and procedures (TTPs) employed by advanced threat actors.
