Nairobi, Kenya — EAT, UTC+3

Michael
Irungu
Muriithi

Phantomojo / ngairuru

Full-stack systems builder and security architect building across cybersecurity, agriculture tech, fintech, climate analytics, and AI/ML. 32 GitHub repos. GhostWire architect. Honeypot author. M-Pesa integrator. Climate platform builder. I don't wait for the map — I draw it.

Security Architecture Agriculture Tech Fintech / M-Pesa AI/ML Systems GhostWire Passua Bites Cerberus ORUN.IO SK-CERT 56th 32 Repos Tinkerer
View Projects Get In Touch
Scroll
001 — About

Drop Me In.
We Figure It Out.

Nairobi. Night owl. Wired differently. Built for the unknown.

I'm a Year 3 Cybersecurity student at Open University of Kenya — and the kind of person who doesn't wait for the map to exist before starting the journey. I built GhostWire, a post-quantum encrypted mesh network, because the problem was real and the solution wasn't. That's usually how it starts with me.

I'm AuDHD — which means I think in parallel threads, I hyperfocus until things break open, and I don't let the shape of a problem intimidate me. I taught myself post-quantum cryptography while building the thing that needed it. I ran a 42-page self-study on my own neurology because the system wouldn't do it for me. That's just the mode I operate in.

I work best in the dark — literally. Peak hours are 20:00 to 02:00 EAT. That's when the noise drops and the signal gets clear. I use AI agents as genuine thinking partners, not autocomplete. I treat philosophy and systems architecture as the same discipline. I believe connection is infrastructure — and that no one should own it.

The philosophy behind everything I build: Ubuntu — the idea that what we create should serve the network, not extract from it. That's not just a value. It's literally in the routing protocol.

Michael Irungu Muriithi — Phantomojo
32
GitHub repositories
4
Published Rust crates
7
Published articles on dev.to
5+
Production deployments
ghostty — ph@omen: ~
ph@omen cat identity.toml

alias = "Phantomojo"
anon_id = "ngairuru" # "divine shadow"
title = "Full-Stack Builder · Security Architect · Tinkerer"
locale = "Nairobi, Kenya"
neurodiv = "AuDHD" # wired differently, not broken
chronotype = "night_owl" # peak: 20:00-02:00 EAT
mode = "drop_me_in" # we figure it out
philosophy = "Ubuntu · Cypherpunk · Indra's Net"
theme = "Votive Archive" # #010205 + #DB9202
002 — Projects

What I've Built

Real code, verified from source. Every project on this page exists on disk.

GhostWire
Secure Mesh Communication Platform — AGPL-3.0 — v0.2.0

A peer-to-peer encrypted mesh communication platform for connectivity-constrained communities. Built in Rust over one year as sole architect. Post-quantum (ML-KEM-768 + Double Ratchet via vodozemac), libp2p full feature set, Sphinx onion routing, SKademlia Sybil-resistant DHT, Ghost Channels anonymous broadcast, and a 4-layer AI routing system (LightGBM + Gemma 4 + Graph Attention Network + PRoPHET fallback) trained on real 63-node Guifi.net data. GCD4F 2026 competitor across 5 Kenyan universities.

Crypto
ML-KEM-768 · Ed25519 · X25519 · Vodozemac Olm/Megolm
Network
libp2p 0.56 · TCP · BLE · DTN · Sphinx Onion Routing
AI Layer
4-layer GAT · LightGBM · Gemma 4 · PRoPHET Protocol
Platform
Daemon/Client · Tauri UI · TUI (ratatui) · Axum WebSocket
Rust libp2p tokio vodozemac ONNX PyTorch Ollama ratatui Tauri
Active
Cerberus Honeypot

AI-powered adaptive honeypot with "Carrot & Stick" neighbor generation, OS fingerprint masking, and HoneyGPT threat response engine. Phoenix HUD v5.0 visualization. Cowrie integration.

C Python HoneyGPT Cowrie Shodan API
C+Python Core Language
v5.0 Phoenix HUD
Active
Verba MVP

Cross-platform Tauri desktop app for real-time audio transcription using faster-whisper. FastAPI backend with VAD filter, session management, device picker UI, system audio detection on Linux.

Rust Tauri FastAPI Whisper pydub
Cross-platform DEB · RPM · MSI
Contributor
GlobalThreatMap

Live threat intelligence platform built on Next.js 16, React 19, Mapbox GL, Valyu API. 1401-line threat-map component with military base layers, country conflict intelligence, OAuth PKCE, Polymarket integration.

Next.js 16 Mapbox GL Zustand Tailwind v4 Valyu API
Deployed Vercel
22+ PRs Merged
Active
AfriCrop Predict

Satellite-powered crop yield prediction for Kenyan counties. Google Earth Engine NDVI analysis, Streamlit dashboard, ML feature importance (rainfall 28%, NDVI 22%, soil SOC 18%). Orbitron-themed tactical UI.

Python GEE Streamlit scikit-learn
6 features ML Pipeline
Research Contrib.
HRM — Hierarchical Reasoning Model

Contributor to sapientinc/HRM (arxiv 2506.21734). Two-level recurrent architecture: H_level planning + L_level computation. Q-learning halting mechanism. 27M params. Trained on ARC-AGI, Sudoku, Maze datasets. No pretraining needed.

PyTorch bfloat16 SwiGLU ARC-AGI
27M Parameters
arxiv 2506.21734
Complete
Omarchy-Votive

Full system-wide desktop theme: Abyss Black + Accent Gold across Hyprland, Waybar, Neovim, Ghostty, VSCode, Obsidian, GTK, and more. Includes 5-layer GLSL live wallpaper, CTF tracker, job monitor, AI agent modules.

Hyprland Neovim Lua GLSL Fish Shell Starship
12+ Apps Themed
#DB9202 Accent Gold
Active
Passua Bites

Kenyan food delivery platform with M-Pesa payment integration. Full-stack: tRPC, Drizzle ORM, Neon PostgreSQL, Next.js. 140+ TypeScript files. USSD/SMS order management for informal businesses.

TypeScript tRPC Drizzle ORM M-Pesa Next.js
140+ TS Files
Production Deployed
Active
ORUN.IO

Climate Impact Verification Platform with satellite analytics and community data collection. Interactive mapping for environmental monitoring across Africa.

HTML Satellite APIs Maps
Climate Impact Verification
Active
HedgeFund-Lite

Production-hardened algorithmic trading system with AI integration. Real-time market data processing, risk management, and portfolio optimisation.

Python AI/ML Trading
AI Integration
Active
Mali-Connect

AI livestock assessment platform with 3D visualisation, health scoring, and ecosystem integration for modern agriculture in East Africa.

TypeScript 3D Viz AI
Agriculture Livestock AI
003 — Skills

Tools of the Trade

Verified from actual source code and git history. No resume padding.

Languages
  • Rust (Expert) — libp2p, tokio, axum, ratatui, ort
  • Python — FastAPI, PyTorch, Streamlit, GEE
  • TypeScript — Next.js 16, React 19, Mapbox GL
  • C — Network fingerprinting, secure memory
  • Bash — 487-line .bashrc, CTF tooling
  • Lua — Neovim colorscheme, custom config
Cryptography & Security
  • Post-Quantum: ML-KEM-768, Kyber
  • Double Ratchet via vodozemac (Matrix Olm)
  • Ed25519 signing, X25519 key exchange
  • Sphinx Onion Routing (published crate)
  • Shellcode authoring, syscall stubs
  • APK reverse engineering (jadx, androguard)
  • Ghidra binary analysis, heap exploitation
Networking & Infrastructure
  • libp2p 0.56 — full feature mesh
  • SKademlia DHT, GossipSub, mDNS
  • Tailscale zero-trust networking
  • BLE transport (bluer 0.17)
  • Delay-Tolerant Networking (GhostDTN)
  • GitHub Actions CI, Docker, Vercel
  • btrfs snapshots, LUKS, Arch recovery
Machine Learning
  • Graph Attention Networks (4-layer, 8-head GAT)
  • LightGBM routing regression
  • ONNX runtime integration (ort 2.0)
  • XGBoost + Optuna Bayesian tuning
  • SHAP explainability
  • faster-whisper, VAD filtering
  • Kaggle GPU compute (P100, T4)
004 — Frameworks & Compliance

Standards I Work Within

Applied across GhostWire, Cerberus, and security assessments.

Security Frameworks
  • NIST Cybersecurity Framework (CSF)
  • MITRE ATT&CK — Cerberus device profiles map to IoT adversary tactics
  • OWASP — GhostWire protocol design, Cerberus security policy
  • ISO 27001 — Cerberus security policy, contributing guide
  • CIS Benchmarks — Hardening standards
Compliance & Regulation
  • Kenya Data Protection Act 2019 — GhostWire privacy-by-design
  • GDPR — Data minimization, right to erasure in mesh routing
  • PCI-DSS — Payment security awareness
  • SOC 2 — Trust service criteria understanding
Security Methodologies
  • Penetration Testing (PTES) — CVE-2025-24367 Cacti RCE PoC, WiFi-Mtaani
  • Threat Hunting — Cerberus quorum engine, SENTRY_THREAT_REPORT
  • Incident Response (NIST SP 800-61) — Cerberus morphing engine
  • Red Team / Blue Team — CTFs, HackTheBox, Cerberus defense
  • Deception Technology — Cerberus bio-adaptive honeypot (6-phase morphing)
Soft Skills & Leadership
  • Team Leadership — Led 5-person Team GhostWire (GCD4F 2026), 4 universities
  • Mentoring — Cerberus CONTRIBUTING.md, code of conduct, PR templates
  • Technical Writing — Design reports, manifesto, deep-dives
  • Cross-functional Collaboration — Cybersecurity + Data Science + SE + Journalism
  • Project Management — GhostWire Phase 1, Cerberus 6-phase, MVP planning
languages — ph@omen: ~
ph@omen cat languages.env

LANG_01 = "English" # Professional — fluent, all documentation & code
LANG_02 = "Swahili" # Conversational — daily use, Nairobi
005 — CTF & Research

Breaking Things
to Understand Them

CTF competitor. Android forensics researcher. Security tooling author.

SK-CERT CyberGame 2026
56th Place · 4,360 pts · 23/83 Challenges · PHANTOMOJO

Official certificate: National Cyber Security Centre. Heap pwn with MTE simulation (Ricettoni), Windows AD1 forensics, 3-stage reverse engineering (custom hash gate + feedback cipher + 13-opcode VM), ECC over GF(p⁴) + CRT scalar recovery, PDF steganography (pyHanko, hidden pages via /Count mismatch), sheet music note-interval binary encoding.

Android Forensics Research
83GB Samsung Analysis · APK RE

Reverse engineered M-Pesa, NCBA, PayPal, and Safaricom Android applications using jadx and androguard. Firmware analysis, digital vault setup, KDE Connect integration. Deep dive into how African fintech apps handle data under the hood.

HackTheBox
Active · soulmate.htb + more

Active Directory exploitation (ccache files, Kerberos, LDAP, SPN attacks), hash cracking, blind SQL injection, network forensics (PCAP analysis, Apache path traversal), steganography. AutoRecon-based recon pipeline.

Security Tool Development
Published Crates · Active Research

Published Rust crates: sphinx-rs (onion routing), ghostwire-dtn (delay-tolerant networking), hlc-rs (hybrid logical clocks), trust-store. TruffleHog local build for secret scanning. GhostWire BLAKE3 model integrity verification.

006 — Publications & Writing

Ideas Worth Sharing

Technical writing, design documents, and public content.

GhostWire Design Report
GCD4F 2026 Submission

Full technical architecture document covering post-quantum crypto stack, libp2p mesh integration, 4-layer AI routing system, Sphinx onion routing, and SKademlia DHT design decisions.

GhostWire Manifesto
22 Instagram Cards · Public Campaign

Visual storytelling series covering brand identity, privacy philosophy, cryptographic foundations, and the case for decentralized mesh infrastructure in East Africa.

Cerberus 6-Phase Architecture
Technical Specification

Complete architecture document for the bio-adaptive honeypot system: reconnaissance → fingerprint → morph → engage → adapt → report. Maps to MITRE ATT&CK IoT adversary tactics.

WiFi-Mtaani Security Assessment
Infrastructure Audit · Nairobi

Neighborhood business WiFi security audit. MikroTik router (172.20.0.1) scored 3.6/10. Vulnerable to AirSnitch, exposed management ports. Practical hardened configuration guide delivered.

007 — Contact

Build Together

Available for mesh networking consulting, security audits, Rust development, AI/ML routing, CTF mentoring, and open-source collaboration.

GitHub Phantomojo → ProtonMail mirungu015@proton.me → LinkedIn Michael Irungu Muriithi → Dev.to phantomojo →
Location Nairobi, Kenya · UTC+3
Available For Open Source · Security · AgriTech · Fintech

I don't believe connection should be owned. That's not just a design principle for GhostWire — it's how I approach collaboration.

"Ubuntu: Umuntu ngumuntu ngabantu. A person is a person through other people."

I'm a night owl. Best response times are 20:00 – 02:00 EAT. I reply to everything eventually. If you're building something that matters for African digital infrastructure, privacy, or security — I especially want to hear from you.

mirungu015@proton.me  ·  LinkedIn  ·  @PhantoMojo