Charbel Farhat

Security Researcher & Engineer

I'm a Security Researcher and Engineer with a strong background in Backend & Cloud Engineering and a passion for Vulnerability Research.

Interests: Vulnerability Research, Cloud Security, Distributed Systems, Python, CTFs

Recent Projects

Cloud SaC Pipeline

22 Oct 2025

Automated security scanning pipeline that catches IaC vulnerabilities before deployment

DevSecOps Terraform Cloud GCP Python GitHub Actions Security

See all projects on GitHub

Blogs

The False Sense of Security in Supply Chain Scanning

07 Jan 2026

Modern software is built on layers of third-party dependencies, CI/CD tooling, and external services. Supply chain attacks exploit this trust by compromising components upstream, allowing malicious code to spread downstream into otherwise legitimate applications. The impact and frequency of these...

Supply Chain Attacks DevSecOps SAST GuardDog semgrep YARA PyPI npm

TryHackMe - DiskFiltration (Hard)

30 Dec 2025

Lately I’ve been investing a lot of time into TryHackMe’s Security Analyst path (SOC L1, SOC L2, Advanced Endpoint Investigations) in order to sharpen my blue teaming skills. DiskFiltration is a fun challenge that I came across today. Challenge Intro...

CTF Blue Team SOC DFIR

Solving GCP Pentest Lab

05 Nov 2025

GCP Pentest Lab is a vulnerable cloud environemnt designed to learn and exploit clouod misconfigurations and vulnerabilities. We will be jumping around the environemnt using different security flaws to uncover embedded flags left for us. Setup All we have to...

Cloud Security GCP CTF

See all 11 blogs

Career Changelog

This changelog is a fun little experiment I built to showcase my journey. For a complete overview of my experience and skills, my resume is available upon request.

All notable changes to this project (my career) will be documented in this section.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

1.2.0 - Cybersecurity Engineer @ Coordinates Middle East (March 2026 to Present)

Added

Skills to work with different security products in a multi-tenant MDR environment.
Skills to investigate novel techniques and attack chains used by threat actors and develop high-fidelity detections across cloud and hybrid environments.
Use of FortiSIEM, Microsoft Sentinel, Microsoft Defender, QRadar, XSOAR, Python, Powershell, KQL...
Automating Active Directory and Entra ID Conditional Access Policies assessments.
Knowledge in Cloud Security and Threat Hunting at scale.
Broad Knowledge in Managed Detection and Response.

1.1.0 - Backend & Cloud Engineer @ WITS (Sep 2022 to Mar 2025)

Added

Skills to develop SaaS solutions.
Use of Agile methodologies.
Use of Python, C++, FastAPI, MongoDB, Elasticsearch, Docker, Kubernetes, Celery, RabbitMQ, Redis, AWS, GCP, CI/CD Pipelines, Ansible, NGINX, Cloudflare.
Building of scalable distributed systems using microservices and RESTful APIs.
Knowledge in SDLC, system design, testing, cloud platforms...
Deeper knowledge in the Cybersecurity industry: HFM, recon, vulnerabiity scanning, automation...

1.0.0 - Backend Engineer Intern @ WITS (Aug 2022 to Sep 2022)

Added

Use of Python, C++, FastAPI, PostgreSQL, Docker, Celery, RabbitMQ, Redis.
knowledge in the Cybersecurity industry.

0.1.0 - The Beginning (2022)

Added

The beginning of my professional journey into software engineering with a passion for problem solving and cybersecurity.