Fanel Besleaga

Security practitioner with experience across both offensive and defensive disciplines — from vulnerability research and penetration testing to threat detection and incident response. I'm interested in the full attack-defence cycle: understanding how things break, then building systems that catch it when they do.

Background

I started in security driven by curiosity about how vulnerabilities work at a mechanical level. Over time that expanded from finding and exploiting weaknesses to building detection pipelines that surface attacker behaviour in real environments. That dual perspective shapes how I approach every project — I try to think like an attacker while building like a defender.

Home Lab

My home lab runs on Proxmox and serves as the testing ground for most of what ends up on this blog. Current focus areas:

• Infrastructure automation — Ansible playbooks and Packer templates for reproducible Windows and Linux VM deployments
• Detection engineering — Security Onion for network monitoring, log aggregation, and alert tuning
• Adversary simulation — controlled attack scenarios to generate realistic telemetry for detection work
• Cloud integration — hybrid setups bridging on-prem lab and Azure for security tooling evaluation

This Blog

I document what I build, what I break, and what I learn in the process. Posts tend to be technical and hands-on, with working configs and code rather than high-level overviews. Topics include:

• Automation — deployment pipelines, IaC, and reducing toil in lab environments
• Detection & monitoring — SIEM tuning, detection rules, and visibility gaps
• Penetration testing — methodology, tooling, and writeups from platforms like HackTheBox
• Vulnerability research — setup guides for running automated scans and managing findings

Connect

Open to collaboration, discussions on security topics, or just talking shop. Reach out on any of the platforms below.

• LinkedIn
• GitHub
• HackTheBox