The operators· losec://members

The people behind the findings

A small team of offensive researchers and AI engineers. We hold CAPE, CWEE, OSWE, OSEP and CDSA — and we build the machines that read code faster than any of us can.

NV

Nguyen Van Hiep

@n0ctis

Founder & Lead Researcher

Nguyen founded LoSec to turn vulnerability research into a repeatable, AI-assisted discipline rather than a matter of luck. He has spent a decade tearing apart everything from enterprise web stacks to hardened internal networks, and now steers the lab's hunt for high-impact 0-days. When a target is called unbreakable, that is usually where he starts reading code.

OSWEOSEP0-day discovery
EV

Elena Vukovic

@sh4dowbyte

Web Exploitation Lead

Elena lives in the gap between what a web app is supposed to do and what its source code actually allows. She chains auth bypasses, deserialization flaws, and logic bugs into full pre-auth RCE, then writes the exploit that proves it beyond doubt. Her whitebox reviews have a habit of turning "low severity" findings into headline CVEs.

CWEEOSWEweb app & source-code 0-days
MA

Marcus Adeyemi

@greyw0lf

AD / Red Team Lead

Marcus treats a corporate network like a puzzle box, moving from a single foothold to Domain Admin with tooling that stays a step ahead of EDR. He specializes in Active Directory abuse, evasion, and the quiet tradecraft that separates a real adversary from a noisy scanner. His post-exploitation write-ups double as a masterclass for the rest of the team.

OSEPCAPEActive Directory & lateral movement
SM

Sofia Marchetti

@vect0r

AI Research Engineer

Sofia builds the models and pipelines that let LoSec read code and reason about vulnerabilities at machine scale. She fuses program analysis with LLM-driven triage so human researchers spend their time on the bugs that actually matter. Half her work is finding flaws; the other half is teaching a machine to find them first.

CAPECDSALLM-assisted vulnerability discovery
KW

Kenji Watanabe

@n1bble

Vulnerability Researcher

Kenji goes deep on the native layer, chasing memory corruption bugs through fuzzers, sanitizers, and long nights in a debugger. He turns crashes nobody else can reproduce into clean, weaponizable primitives. If it parses untrusted input in C, he assumes it is already broken and sets out to prove it.

CWEEmemory corruption & fuzzing
Team certifications
CAPE

Certified Active Directory Pentesting Expert

Altered Security · Active Directory

CWEE

Certified Web Exploitation Expert

Hack The Box · Web Exploitation

OSWE

OffSec Web Expert

OffSec · Whitebox Web

OSEP

OffSec Experienced Penetration Tester

OffSec · Evasion & Red Team

CDSA

Certified Defensive Security Analyst

Hack The Box · Blue Team & Detection

Think you can break what we can't?

We're always reading applications from serious researchers.

Join the lab →