> For the complete documentation index, see [llms.txt](https://ne0b1t3.gitbook.io/vault/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ne0b1t3.gitbook.io/vault/eng/me/career-path.md).

# Career Path

## <mark style="color:$primary;">First Steps</mark>

I hold a **Higher Level Vocational Training DIplome in Network Systems Administration** (**ASIR**), a period during which I discovered that the area of IT that attracted me the most was offensive cybersecurity. The opportunity to understand how systems work, identify weaknesses, and continuously develop new skills was what ultimately sparked my interest in this field.

My first steps were through courses such as Hack4u and local labs, complemented by platforms like VulnHub, TryHackMe, DockerLabs, and TheHackerLabs. All of them proved especially useful in building a solid practical foundation in ethical hacking. However, over time, I realized the importance of moving on to more demanding environments such as Hack The Box, where the complexity increases significantly and scenarios are much closer to real-world situations.

### <mark style="color:$primary;">Specialized Certifications</mark>

I later purchased an annual subscription to INE, where I completed the entire <mark style="color:$primary;">**eJPT**</mark> learning path along with all its associated labs. To this day, I still consider the eJPT one of the best certifications for validating a solid foundation in penetration testing, particularly because of its excellent balance between quality and cost.

Afterward, I continued with the <mark style="color:$primary;">**eCPPT**</mark>, which explores more advanced penetration testing techniques and provides much deeper coverage of Active Directory. Thanks to the experience I had already accumulated through platforms and labs, I was able to reinforce much of the content while expanding my knowledge independently. I eventually sat for the exam in January 2026 and completed it in approximately 11 hours. Although the exam experience was somewhat uneven compared to the quality of the course and labs, I still believe the training itself is highly valuable, and I intend to write a more detailed reflection on it in the future.

> Starting in September 2025, I began solving competitive season machines on Hack The Box. The level was significantly higher than anything I had worked on previously, but the support of the community and the shared tips made the learning process particularly rewarding.

It was during this period that I began developing a more structured methodology, which would later become a key factor in my progress.

During <mark style="color:$primary;">February</mark> 2026, I focused on preparing for the CRTP while simultaneously working on my Master's Thesis, titled *"Attack Surface Assessment in Active Directory."* Both processes complemented each other naturally, allowing me to deepen my understanding of Windows and Active Directory environments from a more technical and structured perspective.

In <mark style="color:$primary;">March</mark>, I subscribed to Hack The Box's VIP+ plan with the goal of tackling retired machines, particularly those focused on Windows, Active Directory, and Red Teaming. During this period, I completed more than one hundred machines, coming very close to covering nearly the entire Active Directory-related catalog available on the platform. This was probably the period of greatest technical growth and confidence, where I consolidated existing knowledge, discovered new techniques, and refined my methodology.

In <mark style="color:$primary;">April</mark>, I began organizing all of that accumulated knowledge. Until then, I documented each machine individually, but I felt the need to centralize the most relevant information. This led to the creation of my own cheat sheets for recurring areas frequently encountered in real-world environments, such as AD CS, MSSQL, SQL, Kerberos, and BloodyAD—a tool that eventually became part of my daily workflow for Active Directory enumeration and abuse.

### <mark style="color:$primary;">HTB – Academy CAPE Modules</mark>

At the same time, I had the opportunity to complete several advanced Hack The Box modules from the Active Directory learning path, including:

* NTLM Relay Attacks
* Trust Attacks
* DACL Abuse II
* Windows Evasion
* And others

<figure><img src="/files/8SD4jNmAwVy0zjfKYnBl" alt=""><figcaption><p>Final Relaying Attack Lab - Skill Assessment</p></figcaption></figure>

<figure><img src="/files/syWPrGBqT1dM9GHRQLCq" alt=""><figcaption><p>Final Trust Attack Lab - Skill Assessment</p></figcaption></figure>

<figure><img src="/files/C99rWsaXhYIRA1EyWJTx" alt=""><figcaption><p>Practice Box - Hercules (DACL abuse)</p></figcaption></figure>

<figure><img src="/files/4SBu1BCEnHtIGEsekM4i" alt=""><figcaption><p>C2 Sliver Practice - HTB Puppet Mini ProLabs</p></figcaption></figure>

<figure><img src="/files/mklxdHnaUJ5R291QTLtE" alt=""><figcaption><p>C2 Adaptix Practice - HTB RastaLabs ProLab</p></figcaption></figure>

The latter module was particularly relevant, as it allowed me to dive deeper into evasion techniques, AMSI and antivirus bypasses, as well as the use of modern C2 frameworks such as Adaptix and Sliver, including shellcode execution through custom loaders.

### <mark style="color:$primary;">HTB - Seasonal Competition</mark>

During Season 10 (January–April), I successfully solved 11 out of the 12 machines, achieving the highest competitive rank available ("Holo"). The only machine I missed was from Week 7, as I was heavily focused on retired machines at the time and simply overlooked it.

<figure><img src="/files/Xn5eJm14igVpj5hawQYj" alt=""><figcaption></figcaption></figure>

Without a doubt, the most memorable machine was the Insane-rated "**PingPong**," which took me approximately two days to complete. It was one of the most valuable experiences of the season, as it forced me to combine several techniques that later proved extremely useful in both advanced modules and Pro Labs.

I like to mention this because every machine, no matter how small it may seem (even if it was an Insane machine, it was still just a single target to compromise), eventually fits into a much larger puzzle that shapes your technical growth.

During this period, I also achieved the individual rank of "Pro Hacker" (now renamed to "Master III"), further consolidating my progression within the platform.

<figure><img src="/files/zk9sObkCOyTEzc25WRVi" alt=""><figcaption><p>Captura de mi perfil HTB: tomada el 25 de Abril de 2026</p></figcaption></figure>

This combination of hands-on practice, study, and personal documentation ultimately built the foundation that later enabled me to successfully tackle Pro Labs and advanced certifications such as the CRTE, CRTO, and CRTL.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ne0b1t3.gitbook.io/vault/eng/me/career-path.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.