Refreshing...
running... ~/portfolio
$ whoami

Wyatt BeckerOSCP

Penetration Tester
Security Consultant

Press demo to see some of my common network pentest techniques

mitm6
ntlmrelayx

I find vulnerabilities

Before the bad actors do.

OSCP-certified with 7+ years and 500+ engagements across government, finance, and gaming. Full lifecycle — from testing to reporting.

View Project Download Resume
scroll
01

About

OSCP-certified penetration tester with 7+ years of experience and 500+ completed engagements across government agencies, financial institutions, and casinos.

Full engagement lifecycle expertise — from client consultation and hands-on testing to detailed reporting and remediation guidance. Proven track record securing mission-critical infrastructure including voting systems and federal agency environments.

Currently providing independent mobile application security assessments and building custom security tooling like RedOps Mobile.

0+ Engagements Completed
0+ Years Experience
0 Industry Verticals
02

Skills

Offensive Security

Web Application Testing Internal Network Testing External Infrastructure Mobile App Security API Security Assessment Physical Security

🛠 Tools & Technologies

RedOps Mobile Burp Suite Metasploit Impacket Nmap Wireshark SQLMap Hashcat Ghidra Bloodhound Responder CrackMapExec Frida Objection MobSF Nessus Python Bash Linux AWS Docker Active Directory PowerShell

📜 Certifications

OSCP Offensive Security Certified Professional
03

Methodology

  • Rules of engagement, data handling, MFA/SSO expectations, out-of-scope/DoS guardrails
  • Threat modeling mapped to MITRE ATT&CK + STRIDE; impact hypotheses tied to business processes
  • Asset inventory & tagging (prod/non-prod), change-freeze coordination, logging/alerting checkpoints
Inputs: ROE, target list, test creds, success criteria
  • Passive recon (WHOIS/DNS, TLS, crt.sh, bucket/registry hunting), technographic mapping
  • Active discovery with noise controls: subdomain enum, port/service fingerprinting, banner entropy
  • Attack surface reduction recommendations issued in-flight (misconfig buckets, exposed mgmt planes)
Deliverable: asset map + quick wins
  • Exploit chaining across web/API/authZ, cloud identity, and on-prem AD; payload safety gates
  • Credential attacks: Kerberoast/AS-REP, relays, session hijack, token replay, JWT/key abuse
  • Post-ex: data access validation, egress feasibility, persistence/cleanup and evidence capture
Principle: prove impact with minimal blast radius
  • Actionable fixes: root cause, exploit path, detection gaps, compensating controls, owner/prio
  • Severity mapped to CVSS 4.0 + likelihood/impact matrix and business context
  • Retest & evidence: proof-of-fix, residual risk notes, detection/alert validation
Outputs: exec summary, engineer-ready steps, retest plan
04

Experience

2025 — Present

Independent Security Consultant

Freelance

Delivering expert mobile application security assessments for clients requiring thorough, actionable vulnerability analysis. Built RedOps Mobile, a custom penetration testing platform that streamlines mobile security assessment workflows. Active bug bounty hunter with multiple critical vulnerability discoveries.

Mobile Security Bug Bounty Tooling
2018 — 2025

Cybersecurity Consultant

Bulletproof Solutions

Sole penetration tester — independently conducted 500+ engagements across web application, internal network, external infrastructure, and mobile platforms. Managed the full lifecycle end-to-end: direct client consultation, hands-on testing, detailed report writing, and remediation guidance. Secured voting machine systems ahead of the 2020 election. Core member of the 5-person team that earned federal agency penetration testing accreditation.

Web Apps Network Mobile Physical
05

Projects

📱
Security Platform

RedOps Mobile

A revolutionary Android penetration testing platform that turns your phone into a complete security toolkit. 92,000+ lines of Kotlin powering 17 integrated modules — from automated target analysis and traffic interception to Frida-based hooking and IPC fuzzing. An AI agent ties every tool into a coherent investigation, and the built-in report engine generates professional engagement reports with evidence and findings in minutes, not hours.

Kotlin Jetpack Compose Frida Claude AI
View Live Preview
06

Contact

Let's work together

Available for penetration testing engagements, security consulting, and speaking opportunities. Let's discuss how I can help secure your organization.

Email wyatt.becker@gmail.com in LinkedIn Connect gh GitHub wyatt727
$ echo "Thanks for visiting!"

Thanks for visiting!

@