YO! I knocked out a Systems 1 C++ assignment in the morning, built a Kali VM as my attack box, and then accidentally spent four hours on HTB Academy because I got hooked.

The attack box#

My homelab now has two purpose-built VMs that talk to each other:

  • DC01 — Windows Server 2025 running Active Directory Domain Services for corp.local. Five users seeded with intentional weaknesses (Kerberoastable service account, AS-REP roastable legacy account, secondary domain admin). Built this Friday.
  • Kali — fresh install on Proxmox, 8GB RAM, 4 vCPU, on the same vmbr0 bridge as the DC. Built today.

HTB Academy#

Got about 60% done with the Getting Started module under the Penetration Testing job path. Learned a TON, escalated privileges, used Metasploit for the first time, learned how to search for vulnerabilities on machines, etc.

What I understand vs what I don’t#

My gap in knowledge doesn’t bother me the way I expected it to. Watching Ippsec’s “Active” walkthrough last night, I understood maybe 20% of the specific commands but 100% of the attack arc. That’s good enough for week one. It’ll be 60% by week six and 90% by month four. Pattern recognition baby.

Tomorrow#

Continuing the Getting Started module from the Nibbles walkthrough, then probably some Maldev modules in the evening. Monday is a long school day so cyber load is light.

Four days down. Lab is built. I feel extremely proud of myself and satisfied with today, thanks for reading <3