Available for collaboration

Hi, I'm Certifa.

Offensive security student in Utrecht. I take things apart on HackTheBox, study how attackers move through Active Directory, and write down what I learn.

Read writeups See projects GitHub
50+HTB boxes
MasterHTB rank
Pro Hackerpeak
24y/o · NL
~/certifa — zsh
live
$whoami
nameCertifa
roleoffsec student
schoolHogeschool Utrecht
focusAD · web · privesc
currentlystudying CCNA
$cat goals.txt
 root more boxes (chasing 100)
 complete more CTFs
 earn CJCA + CPTS
 land a red-team internship
$
#
session active uptime · 2h 14m

Recent writeups.

// retired HTB machines · post-flag analysis
All 8 writeups
★ Latest writeup
Kobold
Active HackTheBox machine — full writeup published after retirement.
platformHTB
difficultyeasy
filedMar 2026
tagslinux · MCP
read the post
Mar '26
HTB easy
CCTV
Active HackTheBox machine — full writeup published after retirement.
linux · ZoneMinder · SQLi
Mar '26
HTB hard
Pirate
Active HackTheBox machine — full writeup published after retirement.
windows · active-directory · pre2k
Oct '25
HTB medium
Gavel
Linux web box — exposed .git repo leaks PHP source revealing a SQLi, admin panel RCE via PHP rule engine, then privesc by abusing a root-run auction daemon that executes YAML-defined PHP rules.
linux · web · sqli

Things I've built.

// labs, tools, dashboards
All projects
AD Home Lab infra
Server 2022 DC + 2 workstations. The same misconfigs I see on HTB, sitting in my apartment.
WS22Hyper-VBloodHound
recon.py tool
Python pipeline that wraps nmap, ffuf, gobuster, and crackmapexec into a single Markdown report.
Pythonasynciojinja2
HTB Tracker dashboard
Personal dashboard tracking 50+ boxes — difficulty, time-to-root, recurring techniques, paths.
JavaScriptGitHub Pages
HackTheBox Profile profile
Master rank · peak Pro Hacker · 50+ machines pwned across Easy → Insane.
HTBPentestingAD

A bit about me.

// the short version
Full about

I'm a 24-year-old offensive security student at Hogeschool Utrecht, major Cybersecurity & Cloud. My playground is HackTheBox — 50+ machines across Easy → Insane, ranked Master with a peak of Pro Hacker.

I lean into the Windows side: Kerberos abuse, BloodHound, NTLM relay, certificate services. On Linux, privesc through weak services and SUID chains. On the web, Burp as a scalpel — not a shotgun.

Currently studying CCNA — the best attackers actually understand the network they're living in.

Read more
Boxes pwned · last 26 weeks
0 rooted
26w ago
less more
now

Working on something interesting?

CTF teams, internships, lab trades, or just a good Kerberos war story — I'm easy to find. Pick a channel.

mike@certifa.net github/Certifa hackthebox inlinkedin
↩ to send
Copied