penetration tester & ctf player
VincentIwuno
alias 0xVince# { offensive security }
$
I research attack surfaces, exploit vulnerabilities responsibly, and build tools that make the web harder to break — for everyone else.
// about me
Who am
I?
I'm Vincent Iwuno, a cybersecurity enthusiast and ethical hacker based in Lagos, Nigeria. I'm passionate about understanding how systems work — and how they break.
I specialize in penetration testing, network security, and security awareness. When I'm not doing CTFs, I'm building tools, writing about security, or setting up lab environments on Kali Linux.
Currently sharpening my skills and working towards professional certifications in offensive security.
// technical skills— 6 categories
My Arsenal
Offensive Security
Network & Infrastructure
Programming & Scripting
OSINT & Recon
Operating Systems
Web Application Security
// experience— 3 entries
My Journey
Independent Security Researcher
Independently researching offensive security techniques and building real-world infrastructure to test attack and defence scenarios. Focus areas include email security, phishing simulation, and network-layer exploitation.
CTF Competitor & Security Student
Immersed in competitive Capture the Flag events spanning web exploitation, privilege escalation, network forensics, binary analysis, and cryptography. Treated every challenge as a real-world attack scenario.
Foundations: Networking & Ethical Hacking
Dedicated a full year to building the technical foundation of a security career — not through courses alone, but through hands-on lab work, building broken things intentionally, and understanding why they break.
// projects— 5 total · 2 in progress
What I've Built
Custom SMTP Mail Server
Deployed a full production-grade mail server on Kali Linux using Postfix and Brevo as the relay provider. Configured SPF, DKIM, and DMARC records on a custom domain (vincentiwuno.me) — the same authentication stack used by enterprise mail systems to prevent spoofing.
Fully authenticated outbound email with 0 spam-folder delivery on major providers.
Phishing Awareness Lab
Set up a controlled GoPhish deployment to simulate end-to-end phishing campaigns — from lure design and domain spoofing to landing page capture and credential harvesting analysis. Built to study how attacks work, not to run them.
Revealed how small design decisions dramatically affect click-through and credential submission rates.
Network Recon Automation Toolkit
Python scripts that wrap Nmap with smart defaults, parse XML output into readable reports, and auto-email findings to a designated inbox via the custom SMTP server. Designed to cut down repetitive recon work during lab sessions.
Reduced manual recon documentation time significantly — scan-to-report in one command.
CTF Writeup Platform
A personal writeup site for documenting CTF solutions — structured by category, difficulty, and platform. Built to solidify my own understanding and give back to the community.
Recon Dashboard
A web UI for visualizing Nmap scan output — turns raw XML into a clean, searchable interface with port timeline views and host maps.
more coming as I build in public —follow along on GitHub ↗
// ctf writeups
Capture The Flag
writeups dropping soon — follow @0xvince for updates
// blog
Latest Posts
Building a production mail server on Kali Linux from scratch
A full walkthrough: Postfix setup, Brevo relay configuration, DKIM key generation, SPF/DMARC record publishing, and testing deliverability — all on a custom domain.
GoPhish lab: simulating a phishing campaign end-to-end
Setting up GoPhish, crafting convincing lure emails, building credential-capture landing pages, and what the data tells you about human vulnerability.
SPF, DKIM, DMARC — what they actually do and how to break them
Not just definitions — a practical look at how email authentication works at the packet level, and what happens when each record is misconfigured.
// contact
Let's work
together.
Have a security concern, want to collaborate, or just want to talk hacking? Hit me up — I respond to every message.