Yehor Ulianov
Offensive Security Consultant • Web Application Pentester
Security professional specializing in web application penetration testing, with hands-on experience across OWASP WSTG coverage assessments, perimeter testing, and physical security engagements. Currently leading projects end-to-end at r-tec IT Security GmbH - from kickoff meetings and scoping through testing to final report delivery and client presentations. Background in CTFs, bug bounty, and offensive security research. Always breaking things, preferably before someone else does.
work_experience
Led 50+ web application and perimeter penetration testing projects end-to-end across healthcare, utilities (Stadtwerke), IT, and other DACH-region companies
Performing thorough WSTG-based assessments across complex multi-tenant SaaS platforms, APIs, and legacy enterprise applications
Conducting perimeter/infrastructure penetration tests against client-facing attack surfaces
Executing physical security assessments
Developing internal tooling and automation for recurring assessment workflows
Performing source code reviews and whitebox assessments alongside black/greybox testing
Delivering reports and presentations in both German and English
Conducting retests with actionable remediation guidance for development teams
Teaching the whole team about weird web attack surfaces and techniques
Managed Windows Active Directory infrastructure - user provisioning, group policies, organizational units
Designed and deployed a Raspberry Pi-based Kubernetes cluster for the department
Built and maintained an OWASP-based pentesting sandbox environment for cybersecurity students
certifications
education
Attended IT and cybersecurity lectures as a visiting student while deepening German language proficiency for professional use
skills
offensive
- Web Application Pentesting (WSTG)
- API Security Testing (REST, GraphQL)
- Perimeter / Infrastructure Pentesting
- Physical Security Assessments
- OSINT & Reconnaissance
- Browser Exploitation
- Source Code Review
technical
- Burp Suite Pro
- Python, Bash, PowerShell
- Linux & Windows Administration
- Docker / Kubernetes
- Git & CI/CD Pipelines
- LLM-Assisted Testing Workflows
soft
- Project Lead
- Technical Report Writing
- Client Communication
- Internal Training & Knowledge Sharing
projects
Personal blog covering web application security, AI in pentesting, and opinionated takes on the industry
Custom workflow integrating local and cloud LLMs into structured WSTG-coverage assessments, automating reconnaissance, test case generation, and reporting
Custom C2 framework exploring unconventional persistence and post-exploitation techniques on Windows targets - built as an offensive security research project
languages
interests
- CTFs
- Bug Bounty
- Open Source Security Tooling
- Writing about things that annoy me