⟁ HXA πŸ‡ͺπŸ‡Έ ES 
β”Œβ”€[ Alejandro Lopez Aguilar ]────────────────────────────────────────────────────────────────────────
β”‚ user: Alejandro Lopez Aguilar
β”” path: /en/alejandro-lopez-aguilar/
Offensive Security Engineer focused on realistic penetration testing, Active Directory, pivoting and
offensive tooling. OSCP+ (100/100) and HTB CPTS certified, with a Software Engineering background, 
experience building vulnerable labs and the ability to turn complex techniques into guides, scripts 
and reproducible environments.

~ β–Έ Specialization

Red Teaming & Offensive Pentesting
Compromise of corporate environments through realistic attacks: web exploitation, pivoting across 
segmented networks, Active Directory exploitation, post-exploitation and privilege escalation on 
Windows/Linux.

Malware Development
Development of offensive tools in C/C++ with Win32 API, process injection, hooking, AV/EDR evasion 
and Windows Internals research.

Security Automation
Custom Python, PowerShell and Bash scripts to accelerate enumeration, exploitation, flag validation 
and technical documentation.

~ β–Έ Featured Achievements

~ OSCP+ Certified with perfect score (100/100) - February 2026
~ HTB CPTS - Professional pentesting methodology - 2025
~ Maldev Academy Graduate - Advanced offensive development in C/C++ - 2024
~ CTF-Lab Local - Corporate network pentesting lab designed as final degree project

───────────────────────────────────────────────────────────────

~ 🧬 Technical Stack

> β–Έ Offensive Security

Active Directory: Kerberoasting, AS-REP Roasting, DCSync, Zerologon, Golden/Silver Tickets, 
Constrained/Unconstrained Delegation, NTLM Relay

Post-Exploitation: Mimikatz, Rubeus, PowerView, Empire C2, Cobalt Strike (Labs), BloodHound, 
SharpHound

Pivoting: Ligolo-ng, Chisel, SSH Tunneling, Port Forwarding, Socks Proxies

Evasion: AV/EDR bypass, AMSI bypass, Process Injection, API Unhooking

> 🧬 Development & Malware

Languages: C/C++ (Win32 API), C# (.NET), Python, PowerShell, Bash

Maldev Techniques: Process Injection (DLL, Shellcode), Process Hollowing, API Hooking, Reflective 
Loading, PE Injection, Thread Hijacking

Advanced Evasion: Obfuscation, Packing (UPX, custom), Anti-Debugging, Sandbox Detection, AMSI/ETW 
Patching

Reverse Engineering: Ghidra, x64dbg, IDA (basic)

> πŸ§ͺ Pentesting & Tools

Web: OWASP Top 10, SQLi, XSS, SSRF, IDOR, Authentication Bypass, Burp Suite Pro, Caido

Network: Nmap, Masscan, Netcat, Wireshark, tcpdump

Password Attacks: John the Ripper, Hashcat, Hydra, CrackMapExec, NetExec

Enumeration: Ffuf, Gobuster, enum4linux-ng, ldapsearch, rpcclient

Exploitation: Metasploit, Exploit-DB, Custom Exploit Development

───────────────────────────────────────────────────────────────

~ β–Έ Sections

~ Certifications
~ Custom tools

───────────────────────────────────────────────────────────────

~ β–Έ Education

> β–Έ Software Engineering Degree | 2023 - 2026

Universitat Oberta de Catalunya (UOC)
Software Engineering track

Final Degree Project: CTF-Lab Local - Corporate network simulation for pentesting

───────────────────────────────────────────────────────────────

> πŸŽ“ Master's Degree in Cybersecurity | 2023 - 2024

CPIFP Alan Turing, Malaga
Ethical Hacking, Digital Forensics, Network Hardening, Compliance and Security Regulations

───────────────────────────────────────────────────────────────

> β–Έ Higher Technician in Cross-Platform Application Development | 2021 - 2023

Colegio San Jose, Malaga
Java, Databases, Operating Systems, Web Development

───────────────────────────────────────────────────────────────

~ β–Έ Featured Projects

> 🧬 CTF-Lab Local | Final Degree Project

September 2025 - January 2026 | Grade: 9/10

Featured Projects

───────────────────────────────────────────────────────────────

~ β–Έ Currently Working On

~ Maintaining this public archive of notes, writeups and offensive methodology
~ Expanding CTF-Lab Local with more realistic network scenarios
~ Going deeper into MalDev: evasion, Windows Internals, ETW/AMSI and process injection
~ Taking the Certified WifiChallenge Professional course
~ Practicing Active Directory, pivoting, reporting and advanced web exploitation
~ Studying Cloud Pentesting focused on AWS/Azure security

───────────────────────────────────────────────────────────────

:: β–Έ Contact

Location: Malaga, Spain
Availability: Remote | Hybrid | On-site (Malaga/Spain)

Email: <alejandrolopezaguilar.dev@gmail.com>
LinkedIn: linkedin.com/in/alejandrolopezaguilardev
GitHub: github.com/AleLopezDev
CV: View CV

───────────────────────────────────────────────────────────────

~ β–Έ Looking For Opportunities In

Pentesting / Red Teaming
Offensive Cybersecurity
Security Research
Application Security (AppSec)


ret <volume_0>  <indice>