Embedded Google Doc
Download Resume

Below you'll find my Resume, a full list of my Certifications, and my Portfolio.

*My name was legally changed from Nathan Gage Kincaid to Abraham Emanuel Smitz in 2024

Certifications & Recommendations

Copy of Recommendation NKincaid-1.png
CompTIA Secure Infrastructure Specialist – CSIS-1.png
CompTIA IT Operations Specialist – CIOS-1.png
CompTIA Security+ ce certificate-1.png
CompTIA Network+ ce certificate-1.png
CompTIA A+ ce certificate-1.png
Fortinet_Certified_Fundamentals_in_Cybersecurity-1.png
NSE_2_Certification-1.png
NSE_1_Certification-1.png
Photoshop2015-1.png
Illustrator2015-1.png
InDesign2015-1.png
May 2015 newCIWInternetBusinessAssociate-1.png
May 2016SiteDevelopmentAssociate-1.png
UdemyExcel-1.png
levelidcybercert-1.png
KevinStanleyArmyRecommendation-1.png
KeithCrispynArmyRecommendation-1.png
PeterThaiArmyRecommendation-1.png
DavidLiebertArmyRecommendation-1.png

Check out my portfolio on GitHub!

Below I’ve embedded my writeup for my participation in the inaugural Cyber Sentinel Capture the Flag competition hosted by the DoD!

CyberSentinel CTF Experience
CyberSentinel CTF Competition

Introduction

I was one of 5000 participants selected to compete in the inaugural CyberSentinel Capture the Flag (CTF) competition, hosted by Correlation One and the United States Department of Defense. This 8-hour event featured several technical categories and marked my first experience in a CTF competition. Below, I will describe the process I used to navigate the competition and solve some of the challenges.

Preparation

The day before the competition, I reviewed the resources page on the competition Slack forum, where competitors were sharing various tools and techniques they had used in previous CTF competitions. One participant shared a course he had developed on Udemy called CTF 101, which I quickly enrolled in. This course provided invaluable insights, helping me set up my Kali Linux attack virtual machine with various hacking tools and a foundational understanding of their applications in different challenge categories.

Throughout the competition, I leveraged Google and AI models to assist in solving the challenges. These resources did not solve the challenges for me but suggested various tools and approaches that I could experiment with.

Printer (Web Security)

This challenge presented a login page. I used DIRB, a command-line tool included in Kali Linux, to scan the webpage for existing and hidden web objects. This scan listed various directories and files, including /robots.txt and /notes.txt. By investigating these files, I found the admin password, logged into the printer, and obtained the flag.

Note: This challenge was problematic due to brute force attempts by other competitors. Despite using the correct credentials, the server repeatedly rejected my login attempts. The developers announced on Slack that the challenge was malfunctioning and advised us to persistently try the correct credentials until the server accepted them. After several minutes of repeated attempts, I successfully logged in and obtained the flag. This issue cost me valuable time, as I had already solved the problem within the first 30 minutes, but spent hours exploring unnecessary rabbit holes due to the server error.

Header Hinterlands (Network and Recon)

Header Hinterlands Challenge

In this challenge, I was given a .tar image to set up a Docker container. Using Google, I learned the specific commands needed to do so. After opening the webpage in my browser and inspecting the source code without finding anything suspicious, I asked ChatGPT for guidance. It recommended using the curl command to fetch the HTTP headers of the webpage. By doing so, I noticed that the X-Syndicate-Command header contained a hash ending with "=", indicating Base64 encoding. I decoded this hash using CyberChef and successfully retrieved the flag.

Have you bean here before? (OSINT)

Have you bean here before? Challenge

This challenge required finding the MAC address for the guest WiFi network at an unknown location. I started by checking the image metadata for geolocation data, which proved unfruitful. I then uploaded the image to Google Lens, but the image was too blurry for Google to recognize any landmarks.

Noticing the name "PAUL" on both the plate and mug, I searched for PAUL Cafe on Google Maps. I found several locations, but based on the surrounding landmarks, I focused on two locations in Washington, D.C. Using Google Street View, I identified the exact location here. I then used WiGLE to identify the PAUL guest network and its MAC address, obtaining the flag.

WiGLE Screenshot

Planes (OSINT)

For this challenge, we were tasked with finding the ICAO airport code of a specific runway, given two images:

Plane Image Imagery

I started by checking the metadata for additional details but found little information. I then uploaded the images to Google Lens, which led me to a Yahoo article about Russian aircraft and the Soltsy airbase in Russia. However, this airbase did not match the aerial photograph provided.

Narrowing my search to airbases in Russia and Ukraine, I enhanced the aerial photograph using Photoshop and passed the edited photo through Google Lens, which improved the relevancy of the suggested images.

Enhanced Aerial Photograph

After reviewing various suggestions, I found a matching image attached to an X post.

Matching Image

I then located the ICAO code for the Starokonstantinov airbase on Wikipedia (UKLS) and successfully submitted it as the flag for the challenge.

Conclusion

Competing in my first CTF competition was an exhilarating experience. It exposed me to a wide variety of tools and techniques that I plan to build upon in future competitions. To continuously improve my skills, I plan to use platforms like TryHackMe and HackTheBox as I advance my career in cybersecurity.