whoami
Hi! I’m Rafael Gacek — I break things to understand how they work, and build things meant to last.
This blog is my public notebook: offensive security, AI red teaming, OSINT, and notes from the road toward building something of my own. No marketing, no filler — just the interesting parts.
Receipts
Claims are cheap in security, so here are the falsifiable ones:
- Certs: OSCP · eWPTX · BSCP · C-AI/MLPen · AIRTP+ · BTL1 — the full progression lives at bersec.me/path
- Disclosures: coordinated CVE work, e.g. CVE-2026-41496 — details and timelines at bersec.me/disclosures
- Projects & tooling: bersec.me/projects
This site
- 100% static — Astro + the AstroPaper theme
- Hosted on Cloudflare Pages
- No backend, no database, no tracking — your visit stays between you and your browser
If that sounds paranoid: good. It’s a security blog.
Contact
My card and contact details live at bersec.me.
P.S. If you like poking around, try the Konami code on the home page.