Jack Ghafari

About Me

I'm a cybersecurity student with a passion for finding website vulnerabilities and strengthening digital security by providing mitigations. My journey began at a young age, from studying all night and trying to break into the industry, all the way to formulating a responsible disclosure that protects users.

With experience in security research, OSINT investigations, and network analysis, I bring a practical understanding of modern threats and mitigation strategies, with an excellence at translating technical concepts into non-technical means, I ensure it is delegated into actionable insights.

Having prior access to commercial digital forensics tools and the ability to perform OSINT techniques by experts, I can collect, analyse, and interpret information and/or data publicly available to support investigations, whilst having awareness of digital footprints and the importance of online privacy.

Currently focused on advancing my skills in Web Application Security, Networking, Machine Learning, and AI through independent research and academic projects.

90% Independent Security Research

5+ Operating Systems Used

10+ Tools Mastered

100% Authorised Security Testing

Experience

November 2025 - February 2026

Technical Lead

CyberFirst Wales | De Montfort University

Led a student team in a national cybersecurity competition with real-world scenarios
Gained exposure to the Security Operations Centre room to understand operations performed
Performed digital forensic investigations using specialised tools such as XAMN & XRY
Completed OSINT challenges to solve complex investigative tasks

July 2025 - August 2025

Independent Security Researcher

Pxl-Persona | Remote

Conducted authorised independent penetration testing and successfully disclosed a reflected XSS vulnerability
Developed a solution to mitigate the website vulnerability
Created proof-of-concept payloads demonstrating phishing simulation and data exfiltration risks
Authored a detailed responsible disclosure report with complete reproduction steps

August 2025

Project Manager

The Smallpeice Trust | University of Manchester

Attended a 3-day residential cybersecurity, electrical, and engineering course
Managed team projects from concept to final brand implementation
Collaborated to overcome technical challenges in cybersecurity scenarios
Networked with industry professionals to gain real-world insights

March 2024 - April 2024

Team Leader

The Prince's Trust | Merseyside

Led a team of 5 students in pitching a business idea to be implemented if won
Coordinated instructions and gave roles to each member of the team
Upon final examination, our team placed 4th nationally across the UK
Enhanced team collaboration through effective communication strategies

Personal Security Lab

This is my controlled home lab environment for learning and ethical cybersecurity experimentation. All activities follow strict safety protocols, ethical guidelines, and are performed in isolated networks to prevent unintended consequences.

Docker Containers

🐋

Portainer – Central management for configuring and managing all images and containers
Nextcloud – Self-hosted private cloud storage that can be accessed anywhere via Tailscale
Pihole Unbound – A network-wide blocker and a recursive DNS resolver to ensure maximum privacy
Uptime Kuma – Self-hosted monitoring tool that tracks the uptime and performance of websites
PicoClaw – An autonomous AI agent that can automate tasks through an external LLM
ConvertX – Local file converter that supports over 1,000+ file formats without having to rely on third-party tools

Privacy & Security Tools

🔧

Key Tools in my arsenal

Nmap

Wireshark

Burp Suite

CyberChef

Bettercap

Portmaster

Signal

Tailscale

OpenVPN

Termius

SSH

WireGuard

NFC Tools

BeEF

Aircrack-ng

Surge

LocalSend

Proton VPN

Maltego

Oracle VirtualBox

jExifTool

Sandboxie

Example Experiments

🧪

1. Reflected XSS PoC

Safe demonstration of reflected XSS vulnerability on my test web app. Learned about payload encoding and input validation importance.

2. Simulated Phishing Attack

Gained practical insight on how threat actors set up a phishing page, how it's hosted, and the importance of URL authenticity.

3. DHCP Configuration

Experimented with the Dynamic Host Configuration Protocol to allow static IP addresses via DHCP reservations.

Additional Learning Outcomes

📚

⚙️ M5Stack Cardputer

Deep understanding of Wi-Fi attacks, Bluetooth & IoT vulnerabilities, and the LoRa module (peer-to-peer mesh network) through hands‑on experimentation.

🛡️ Home Lab Configuration

Converted old hardware into a headless setup to have an isolated lab environment that can be accessed via SSH only. Learnt many aspects, ranging from diagnosing network failures, configuring access to the server outside LAN, troubleshooting systems, and much more.

🗝️ Cryptography Methodologies

Completed security research about cryptography. Concluded insight into RSA being quantum-vulnerable, MD5 hash being vulnerable to rainbow table attacks if not properly salted, and a range of encryption techniques via CyberChef.

Featured Projects

PicoClaw

Integrated an autonomous agent framework using the dedicated Docker image and external LLM APIs to automate tasks and scheduling.

Docker Autonomous AI LLM integration Self-Assigned Webhooks Cron Scheduling

Network Monitoring Analysis

Performed traffic analysis using Bettercap to understand the importance of HTTPS, HTTP vulnerabilities & Wi-Fi security.

Bettercap HTTP/HTTPS ARP Spoofing Man-in-The-Middle (MiTM) Attack Packet Sniffing

Triple-Boot System Configuration

Configured a multi-boot environment with Windows and two Linux distributions for experimentation, self-learning, and feasibility.

Volume Configuration GRUB Operating Systems Partitioning

Web Security Research

Conducted comprehensive vulnerability assessment on a website application, identifying and responsibly disclosing a security flaw, creating proof-of-concept payloads and providing mitigations.

Burp Suite Phishing Simulation XSS Payloads Responsible Disclosure Zphisher

Simulated Honeypot

Experimented with a low-interaction simulated honeypot framework made by Evilputer to gain an understanding of the behaviour on the backend.

Interaction Logging Honeypot Simulation Localised Environment Telnet Low-Interaction Cardputer

Technical Skills

Web Application Security

Proof-of-Concept Development Burp Suite Vulnerability Analysis Responsible Disclosure HTTP/HTTPS Security XSS Payloads DOM Manipulation

Network Security

Bettercap Traffic Analysis Wi-Fi Security TCP/IP ARP Fundamentals & Spoofing DNS/DHCP SSH VPN Configuration Firewall Basics

OSINT & Forensics

Reverse Image Reconnaissance Techniques Digital Forensics Experience Dark Web Investigations Information Gathering WHOIS Lookup Google Dorking Investigation Techniques

Programming & Scripting

Python Bash C# HTML/CSS JSON CSV SQL API Integration Hashing Webhooks Linux Fundamentals Visual Studio VSCode

Soft Skills

Technical Communication Confidentiality Project Management Accountability Analytical Thinking Problem Solving Attention to Detail Time Management Adaptability Collaboration Leadership Critical Thinking Creativity & Innovation

System & Infrastructure

Docker Service Deployment Headless Server Management Virtual Machines 24/7 Lab Availability Port Configuration Network Configuration Backup & Recovery Monitoring & Logging Access Control