0xVince
offensive security · portfolio
system ~ boot
vincentiwuno.me
kali linux · remote
available for work · remote

penetration tester & ctf player

VincentIwuno

alias 0xVince# { offensive security }

$

I research attack surfaces, exploit vulnerabilities responsibly, and build tools that make the web harder to break — for everyone else.

// about me

Who am
I?

I'm Vincent Iwuno, a cybersecurity researcher and ethical hacker based in Nigeria. I'm passionate about understanding how systems work — and how they break.

I specialize in penetration testing, network security, and security awareness. When I'm not doing CTFs, I'm building tools, writing about security, or setting up infrastructure on Kali Linux.

Currently sharpening my skills through competitive CTF play, real infrastructure projects, and working towards professional certifications in offensive security.

10+
Projects
5+
Categories
2+
Platforms
download cvPDFupdated 2026
Vincent Iwuno — 0xVince

// technical skills6 categories

My Arsenal

⚔️
01

Offensive Security

MetasploitNmapBurp SuiteSQLmapGoPhishHydra
🔒
02

Network & Infrastructure

WiresharkPostfix/SMTPDNSTcpdumpFirewall RulesDKIM/SPF
💻
03

Programming & Scripting

PythonBashSQLJavaScriptHTML/CSSDockerRegexAST
👁️
04

OSINT & Recon

MaltegoShodantheHarvesterGoogle DorkingSocial Engineering
🐧
05

Operating Systems

Kali LinuxUbuntuWindows ServerTerminalDual Boot
🌐
06

Web Application Security

XSSSQLiCSRFLFI/RFIOWASP Top 10Recon-ng

// experience4 entries

My Journey

Work
CTF
Research
Education
2026 — present
Researchcurrent

Independent Security Researcher

Self-employedview ↗

Independently researching offensive security techniques and building real-world infrastructure to test attack and defence scenarios. Focus areas include email security, phishing simulation, and network-layer exploitation.

key highlights

  • Architected a production-grade SMTP mail server using Postfix + Brevo with full SPF, DKIM, and DMARC authentication on a custom domain
  • Deployed and operated GoPhish phishing simulation labs — designed realistic lure templates and tracked campaign metrics to study human attack vectors
  • Built a Python + Nmap recon automation pipeline that auto-emails formatted scan reports to a custom domain inbox on completion
  • Actively documenting research as technical blog posts to contribute back to the security community
PostfixGoPhishPythonNmapDNSKali LinuxSMTPDKIM/SPF/DMARCMCPDocker
2026
Researchcurrent

MCP Server Developer — SecureOps AI

Open-source · Vlex127/secureops-mcpview ↗

Built a local security auditing server that uses the Model Context Protocol to let LLMs run security scans without source code ever leaving the machine. Implements 14 security rules with 39 regex patterns, Python AST analysis for dangerous calls (eval, exec, pickle, os.system), .env file parsing, SARIF output, and path traversal protection on all file reads.

key highlights

  • Designed and implemented a multi-analyzer architecture: RegexScanner, ASTAnalyzer, FileScanner, and DepScanner — each handling a different class of vulnerability
  • Built 5 MCP tools (run_local_security_audit, get_audit_summary, scan_directory_structure, read_file_securely, run_local_security_audit_sarif) with structured JSON responses
  • Added .env file scanning with specialized KEY=VALUE parsing that catches unquoted secrets — a common blind spot in standard regex scanners
  • Produced SARIF v2.1.0 output compatible with GitHub Advanced Security and VS Code SARIF Viewer for inline PR annotations
  • Created an interactive HTML dashboard for visualizing audit results with severity donut charts, risk score gauges, and searchable findings tables
PythonMCPASTRegexSARIFDockerSecurity AuditingLLM Integration
2025 — 2026
CTF

CTF Competitor & Security Student

TryHackMe · HackTheBox

Immersed in competitive Capture the Flag events spanning web exploitation, privilege escalation, network forensics, binary analysis, and cryptography. Treated every challenge as a real-world attack scenario.

key highlights

  • Solved challenges across 5+ categories: web, pwn, forensics, crypto, and OSINT
  • Completed structured learning paths on TryHackMe covering networking, Linux, and ethical hacking fundamentals
  • Documented and published writeups — building a personal knowledge base of attack techniques and mitigations
  • Consistently progressed to harder difficulty tiers on HackTheBox through methodical enumeration and exploitation
Burp SuiteGDBWiresharkCyberChefSQLmapJohn the RipperGobuster
2024 — 2025
Education

Foundations: Networking & Ethical Hacking

Self-directed · Kali Linux Lab

Dedicated a full year to building the technical foundation of a security career — not through courses alone, but through hands-on lab work, building broken things intentionally, and understanding why they break.

key highlights

  • Mastered TCP/IP, DNS, HTTP, and core networking protocols through packet-level analysis with Wireshark
  • Set up and administered a personal Kali Linux lab environment for safe exploitation practice
  • Learned Python scripting with a focus on security tooling: port scanners, brute-force scripts, and log parsers
  • Studied the OWASP Top 10 in depth — reproducing each vulnerability class in controlled web environments
NetworkingLinux CLIPythonWiresharkOWASPVirtualBoxHTTP/DNS
more on LinkedIn ↗

// projects6 total · 2 in progress

What I've Built

Live
Active
Lab
In Progress
01
Live

Custom SMTP Mail Server

Deployed a full production-grade mail server on Kali Linux using Postfix and Brevo as the relay provider. Configured SPF, DKIM, and DMARC records on a custom domain (vincentiwuno.me) — the same authentication stack used by enterprise mail systems to prevent spoofing.

Fully authenticated outbound email with 0 spam-folder delivery on major providers.

PostfixBrevoDNSKali LinuxDKIMSPFDMARC
project 01view ↗
02
Lab

Phishing Awareness Lab

Set up a controlled GoPhish deployment to simulate end-to-end phishing campaigns — from lure design and domain spoofing to landing page capture and credential harvesting analysis. Built to study how attacks work, not to run them.

Revealed how small design decisions dramatically affect click-through and credential submission rates.

GoPhishSMTPHTML/CSSPython
project 02private repo
03
Active

Network Recon Automation Toolkit

Python scripts that wrap Nmap with smart defaults, parse XML output into readable reports, and auto-email findings to a designated inbox via the custom SMTP server. Designed to cut down repetitive recon work during lab sessions.

Reduced manual recon documentation time significantly — scan-to-report in one command.

PythonNmapBashSMTPXML parsing
project 03view ↗
06
Active

SecureOps MCP

A local security auditing server using the Model Context Protocol — runs regex + AST + filename scans on your codebase through an LLM-powered interface. 14 security rules, 39 regex patterns, SARIF output, and path traversal protection. Zero source code ever leaves the machine.

LLM-orchestrated security audits without sending source code to any third-party API.

PythonMCPASTRegexSARIFDocker
project 06view ↗
in the lab
soon
04
In Progress

CTF Writeup Platform

A personal writeup site for documenting CTF solutions — structured by category, difficulty, and platform. Built to solidify my own understanding and give back to the community.

🔧 under active development — details coming soon.
Next.jsMarkdownTailwind
in development🔒 locked
soon
05
In Progress

Recon Dashboard

A web UI for visualizing Nmap scan output — turns raw XML into a clean, searchable interface with port timeline views and host maps.

🔧 under active development — details coming soon.
PythonFlaskNmapSQLite
in development🔒 locked

more coming as I build in public —follow along on GitHub ↗

actively building

// capture the flag— ongoing

CTF & Hacking Labs

0xvince ~ terminal

$ whoami

→ security researcher · ctf player · offensive security student

$ cat philosophy.txt

→ I don't just read about vulnerabilities — I reproduce them,
   document how they work, and understand why defences fail.

$ status

actively solving · writeups incoming

TryHackMe
@0xvince

Structured learning paths, room-based labs, beginner to advanced.

Active
rooms completed
HackTheBox
@0xvince

Real-world machine exploitation — Linux & Windows privilege escalation.

Active
machines pwned
🌐
Web Exploits

XSS, SQLi, CSRF, LFI/RFI, IDOR — reproduced and documented.

5+
vulnerability classes
🗂️
Categories

Web · Pwn · Crypto · Forensics · OSINT

5+
challenge types

skill breakdown

Web Exploitation78%
Privilege Escalation65%
Network Forensics60%
Cryptography50%
OSINT72%
Binary / Pwn42%

self-assessed based on challenges solved and concepts applied in lab environments.

writeups in progress

Exploiting SSRF to reach internal AWS metadata

webmedium
soon

Manual SQLi bypass on a WAF-protected login

webhard
soon

Privilege escalation via SUID misconfiguration

linuxmedium
soon

Decoding a multi-layer crypto challenge (RSA+XOR)

cryptohard
soon
easy
medium
hard

writeups dropping on @0xvince ↗ and this site — follow to be notified.

actively competing

// blog3 posts · 1 published

Writing & Research

if i had to google it, i'm writing about it
phishing · red team02

GoPhish lab: simulating a phishing campaign end-to-end

Setting up GoPhish, crafting convincing lure emails, building credential-capture landing pages, and what the data tells you about human vulnerability.

coming soon · 2026
9 min read
dns · email security03

SPF, DKIM, DMARC — what they actually do and how to break them

Not just definitions — a practical look at how email authentication works at the packet level, and what happens when each record is misconfigured.

coming soon · 2026
10 min read

get notified

First to read when posts drop

Writeups, walkthroughs, and deep dives on real security topics — straight to your inbox. No fluff.

no spam · unsubscribe anytime · built with Postfix 😄

view all posts ↗·follow @0xvince ↗

1 post published

// contact

Let's work
together.

Have a security concern, want to collaborate on a CTF, or exploring a hire? I read every message and reply within 24 hours.

available for work

open to security roles, freelance pentesting, CTF teams & internships · remote

preferred contact

$ ping 0xvince@vincentiwuno.me

→ response time: < 24h

$ best for

→ security consulting · collaborations · opportunities

find me on

send a message

0/500