Hi, I’m Erkan Aksoy — a Senior Content Engineer at Hack The Box.

I create cybersecurity training content, hands-on labs, and realistic attack scenarios. My core focus is Windows, Active Directory, Azure, and Microsoft Entra ID security, and increasingly the cloud and AI workloads that now sit at the center of most enterprise environments.

Before moving into offensive security, I spent around ten years as a systems administrator. That background still shapes how I work today: I like understanding how systems are designed, how they’re managed in real environments, and how small configuration decisions can open up unexpected attack paths.

Certifications are useful milestones, but most of my learning comes from building labs, researching attack techniques, breaking things, and documenting what I find.

Certifications

  • OffSec — OSCP, OSWP, OSEP, OSED, OSWE (OSCE3)
  • Zero-Point Security — CRTO (Certified Red Team Operator)
  • Altered Security — CARTP (Certified Azure Red Team Professional), CARTE (Certified Azure Red Team Expert)

What I Write About

This blog mainly covers:

  • Active Directory & identity security
  • Azure & Microsoft Entra ID pentesting
  • Cloud & AI workload security — the attack surface around the model, not just the model
  • Windows & Linux security tooling
  • Lab development and vulnerable machine design
  • Research, experiments, and lessons learned from real testing

My goal is content that’s technically accurate, practical, and based on hands-on testing rather than theory alone.

Outside Cybersecurity

Away from the keyboard, I’m into wildlife photography — mostly birds, butterflies, and insects. I also enjoy hiking and scuba diving, and I hold a PADI Advanced Open Water certification.

Find Me

Thanks for visiting.