whoami
I’m Anthony Contreras — a penetration tester and Computer Science Engineering student at Escuela Politécnica Nacional (Ecuador), specializing in offensive security.
I focus on Active Directory exploitation, malware development, and building offensive tools that run on both x86_64 and ARM architectures. When I’m not hacking, I’m writing about it here.
Certifications
| Certification | Issuer | Status |
|---|---|---|
| CPTS — Certified Penetration Testing Specialist | HackTheBox | ✅ |
| CAPE — Certified AD Penetration Expert | HackTheBox | ✅ |
| eJPT — Junior Penetration Tester | eLearnSecurity | ✅ |
| Cisco Ethical Hacker | Cisco | ✅ |
| Malware Development Certifications | Maldev | ✅ |
HTB ProLabs
Completed the following HackTheBox Pro Labs, which simulate real enterprise environments:
- Offshore — Multi-domain AD environment, external to full compromise
- Wutai — Advanced AD exploitation path, ADCS, Kerberos attacks
- Ifrit — Complex multi-forest environment, AD trust exploitation
Technical Focus
Active Directory & Windows
Kerberoasting, AS-REP Roasting, DCSync, NTLM relay, Pass-the-Hash/Ticket, Golden/Silver Tickets, ADCS ESC1–ESC8, trust attacks, SCCM exploitation, DNSADMINS, GPO abuse.
Malware & Evasion
PE structure, AMSI bypass, ETW patching, process injection, UserLand vs KernelLand, shellcoding, reverse engineering with Ghidra/IDA.
Offensive Tooling
Building tools in C/C++ targeting x86_64 and ARM — focused on portability across architectures and modern evasion techniques.
Web Exploitation
SQLi, XSS, XXE, LFI/RFI, SSRF, IDOR, deserialization. OWASP-based methodology, Burp Suite workflows.
C2 & Post-Exploitation
Sliver C2, Ligolo-ng tunneling, lateral movement via WMI/WinRM/DCOM/SMB.
Tools & Stack
Impacket CrackMapExec BloodHound Rubeus Mimikatz Sliver Metasploit Burp Suite
Nmap Responder Hashcat Ghidra GDB/pwndbg Python C/C++ Bash
Networks
- GitHub: 7heAnsw3r
- LinkedIn: Anthony Contreras
- Twitter/X: @TheAnsw3r
- Hack The Box: TheAnsw3r