penetration tester & ctf player
VincentIwuno
alias 0xVince# { offensive security }
$
I research attack surfaces, exploit vulnerabilities responsibly, and build tools that make the web harder to break — for everyone else.
// about me
Who am
I?
I'm Vincent Iwuno, a cybersecurity researcher and ethical hacker based in Nigeria. I'm passionate about understanding how systems work — and how they break.
I specialize in penetration testing, network security, and security awareness. When I'm not doing CTFs, I'm building tools, writing about security, or setting up infrastructure on Kali Linux.
Currently sharpening my skills through competitive CTF play, real infrastructure projects, and working towards professional certifications in offensive security.
// technical skills— 6 categories
My Arsenal
Offensive Security
Network & Infrastructure
Programming & Scripting
OSINT & Recon
Operating Systems
Web Application Security
// experience— 3 entries
My Journey
Independent Security Researcher
Independently researching offensive security techniques and building real-world infrastructure to test attack and defence scenarios. Focus areas include email security, phishing simulation, and network-layer exploitation.
CTF Competitor & Security Student
Immersed in competitive Capture the Flag events spanning web exploitation, privilege escalation, network forensics, binary analysis, and cryptography. Treated every challenge as a real-world attack scenario.
Foundations: Networking & Ethical Hacking
Dedicated a full year to building the technical foundation of a security career — not through courses alone, but through hands-on lab work, building broken things intentionally, and understanding why they break.
// projects— 5 total · 2 in progress
What I've Built
Custom SMTP Mail Server
Deployed a full production-grade mail server on Kali Linux using Postfix and Brevo as the relay provider. Configured SPF, DKIM, and DMARC records on a custom domain (vincentiwuno.me) — the same authentication stack used by enterprise mail systems to prevent spoofing.
Fully authenticated outbound email with 0 spam-folder delivery on major providers.
Phishing Awareness Lab
Set up a controlled GoPhish deployment to simulate end-to-end phishing campaigns — from lure design and domain spoofing to landing page capture and credential harvesting analysis. Built to study how attacks work, not to run them.
Revealed how small design decisions dramatically affect click-through and credential submission rates.
Network Recon Automation Toolkit
Python scripts that wrap Nmap with smart defaults, parse XML output into readable reports, and auto-email findings to a designated inbox via the custom SMTP server. Designed to cut down repetitive recon work during lab sessions.
Reduced manual recon documentation time significantly — scan-to-report in one command.
CTF Writeup Platform
A personal writeup site for documenting CTF solutions — structured by category, difficulty, and platform. Built to solidify my own understanding and give back to the community.
Recon Dashboard
A web UI for visualizing Nmap scan output — turns raw XML into a clean, searchable interface with port timeline views and host maps.
more coming as I build in public —follow along on GitHub ↗
// capture the flag— ongoing
CTF & Hacking Labs
$ whoami
→ security researcher · ctf player · offensive security student
$ cat philosophy.txt
→ I don't just read about vulnerabilities — I reproduce them,
document how they work, and understand why defences fail.
$ status
actively solving · writeups incoming
Structured learning paths, room-based labs, beginner to advanced.
Real-world machine exploitation — Linux & Windows privilege escalation.
XSS, SQLi, CSRF, LFI/RFI, IDOR — reproduced and documented.
Web · Pwn · Crypto · Forensics · OSINT
skill breakdown
self-assessed based on challenges solved and concepts applied in lab environments.
writeups in progress
Exploiting SSRF to reach internal AWS metadata
Manual SQLi bypass on a WAF-protected login
Privilege escalation via SUID misconfiguration
Decoding a multi-layer crypto challenge (RSA+XOR)
writeups dropping on @0xvince ↗ and this site — follow to be notified.
// blog— 3 posts incoming
Writing & Research
Building a production mail server on Kali Linux from scratch
A full walkthrough: Postfix setup, Brevo relay configuration, DKIM key generation, SPF/DMARC record publishing, and testing deliverability — all on a custom domain.
GoPhish lab: simulating a phishing campaign end-to-end
Setting up GoPhish, crafting convincing lure emails, building credential-capture landing pages, and what the data tells you about human vulnerability.
SPF, DKIM, DMARC — what they actually do and how to break them
Not just definitions — a practical look at how email authentication works at the packet level, and what happens when each record is misconfigured.
get notified
First to read when posts drop
Writeups, walkthroughs, and deep dives on real security topics — straight to your inbox. No fluff.
no spam · unsubscribe anytime · built with Postfix 😄
follow along on @0xvince ↗
// contact
Let's work
together.
Have a security concern, want to collaborate on a CTF, or exploring a hire? I read every message and reply within 24 hours.
available for work
open to security roles, freelance pentesting, CTF teams & internships · remote
$ ping 0xvince@vincentiwuno.me
→ response time: < 24h
$ best for
→ security consulting · collaborations · opportunities