About | stuk0v's blog

Hi! I’m stuk0v, casual dad, pentester and wannabe red teamer, and this is my personal blog where I will occasionally ramble about various InfoSec things. I am most interested in offensive tradecraft in Microsoft corporate environments (Active Directory, SCCM, etc.), but I have also been focusing on adversary simulation and emulation a lot lately. I blame people like RastaMouse and noodlearms for this affliction, but it might come in handy at work eventually.

Work experience

Started in IT as a humble helpdesk noob around 2007
Eventually turned sysadmin after some time and started building and supporting corporate networks (it would probably be embarrassing to look back at everything I did wrong back then, but that still taught me a lot)
Went through a few specialized roles too: backups+storage, Exchange/MDM, M365…
Pentester today, with a focus on internal assessments - also trying to build a red team/purple team operator mindset in my spare time.

Certifications and education

I’ve grown to learn that we don’t care much about those… I’ve seen literal geniuses with only an OSCP or no certification at all, and total goofballs with a wall full of titles… but I’ve done a few of them. For some reason, I quite enjoy the guided learning format and also the challenge/adrenaline of exams.

For now, I have done the following certifications:

OffSec OSCP and OSWP
HTB CPTS and CAPE
Zero-Point Security RTO 2024 and RTO 2025 (with OPSEC objectives)
Zero-Point Security RTL 2024 - the new 2025 edition is on the list, it looks like daddy Rasta has cooked some cool things with Crystal Palace.

While I don’t plan to do any new certification or exam anytime soon (new version of RTL doesn’t count), I have done a lot of content in HTB Academy, namely the CDSA, CWES, CWEE, and CWPE roles paths. More recently, I have also done almost all of the newish advanced defensive content. I really enjoyed the newer modules around Windows internals and detecting offensive tradecraft. I am still a complete noob on the defensive side, but it seems very valuable to me to get some exposure to that side of the fence. After all, improving defense is what it is all about.

As if it was not enough, I’m also slowly working through Maldev Academy’s phishing and maldev courses when time allows, and have Alex Reid’s BOF dev course in the pipeline—will probably get to it after revisiting the newly updated CRTO2 course.

Between courses, HTB modules, and desperately trying to keep up with SpecterOps’ research, I’ve been increasingly drawn to build things in the lab and tinker without a strict agenda. If only there were more hours in a day…

Get in Touch

I am not a big social media person, but you can find me on various Discord servers and the BloodHound Gang Slack as stuk0v.

Thanks for stopping by!