Nikolaos Vourdas
Summary
Red teaming and penetration testing professional with extensive experience conducting security assessments across a wide range of industries. Skilled in developing offensive security tooling, executing social engineering engagements, and leading cybersecurity training initiatives aimed at strengthening organizational security posture. Proficient in threat-led penetration testing frameworks such as TIBER-EU and iCAST, with a strong focus on emulating real-world adversarial tactics, techniques, and procedures (TTPs). Additionally, I successfully completed my military service obligations in April 2020.
Overview
6
6
years of professional experience
1
1
Certification
Work History
Senior Cyber Consultant
Ernst & Young
US
09.2024 - Current
- Conducting Red Teaming and Penetration Testing engagements to Fortune 500 firms.
- Executed Red Teaming operations for clients in retail, banking, construction, shipping, and leasing industries.
- Performed physical assessments for clients in banking and retail industries to identify security vulnerabilities.
- Trained team members on best practices in security operations.
- Created public and private security tools tailored for client needs.
- Research for new offensive security techniques.
Senior Offensive Security Consultant
Ernst & Young
Greece
10.2022 - 08.2024
- Conducted Red Teaming Operations for clients across retail, banking, leasing, shipping, and construction industries to identify vulnerabilities and enhance security posture.
- Penetration Testing (External/Internal/Web) to clients in shipping, banking industries and public sector.
- Performed Physical Assessments for clients in shipping, banking, retail, and construction industries to evaluate security measures and recommend improvements.
- Experienced in iCast and Tiber-EU Red Teaming Frameworks.
- Social Engineering to clients in most industries in Greece.
- Conducted training sessions for team members to enhance skills and knowledge.
- Developed public and private tools to streamline operations and increase effectiveness in security assessments.
Offensive Security Consultant
Ernst & Young
Greece
12.2021 - 09.2022
- Conducted Red Teaming operations for clients across shipping, construction, and banking industries, identifying vulnerabilities and enhancing security postures.
- Penetration Testing (External/Internal/Web) to clients in insurance, banking, shipping, food industries.
- Supported iCast Red Team assessment by providing operational assistance.
- Developed public and private tools for cybersecurity assessments.
- Designed and built a Capture The Flag (CTF) scenario to assess candidate skills during recruitment process.
- Provided guidance to team members to enhance their skills.
- Developed internal lab environments for team collaboration.
Penetration Tester
TwelveSec
Greece
06.2020 - 12.2021
- Executed penetration testing (external/internal/web) for clients in banking, food, technology industries, and public sector, identifying vulnerabilities and enhancing security posture.
- Performed source code reviews for clients in the food industry, ensuring adherence to security best practices and identifying potential risks.
- Designed and developed open-source tools to improve software capabilities, contributing to community resources and enhancing user security.
- Building a Capture The Flag (CTF) scenario tailored for the recruitment process.
Education
BS & Integrated Master - Informatics and Telecommunication Engineering
University of Western Macedonia
Kozani, Greece07-2022
Personal Information
- Date of Birth: 02/17/97
- Nationality: Greek
- Home Address: 8439 W Catherine Ave, APT 511, Chicago, Illinois, 60656
Social Media
- https://github.com/nickvourd
- https://linkedin.com/in/nickvourd
- https://x.com/nickvourd
- https://medium.com/@nickvourd
Open Source Projects
- PrivKit, https://github.com/mertdas/PrivKit, Co-Author, C/C++, 11/2025
- SugarFree, https://github.com/nickvourd/SugarFree, GO, 03/2025
- Rocabella, https://github.com/nickvourd/Rocabella, GO, 11/2024
- Windows Local Privilege Escalation Cookbook, https://github.com/nickvourd/Windows-Local-Privilege-Escalation-Cookbook.git, PowerShell, C#, HTML, ASP.NET, 01/2024
- CS Aggressor Scripts, https://github.com/nickvourd/CS-Aggressor-Scripts, Sleep, PowerShell, Bash, 01/2024
- Supernova, https://github.com/nickvourd/Supernova, GO, 10/2023
- RTI-Toolkit, https://github.com/nickvourd/RTI-Toolkit, PowerShell, 10/2023
- Responder-Parser, https://github.com/nickvourd/Responder-Parser, Python, 08/2023
- COM-Hunter, https://github.com/nickvourd/COM-Hunter, C#, C, Beacon Object File (BOF), 05/2022
- Active-Directory-Exploitation-Cheat-Sheet, https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet, Co-Author, 11/2021
- Rootend, https://github.com/twelvesec/rootend, Co-Author, Python, 07/2020
Certification
- BOF Development & Tradecraft, 03/2026
- Beacon Object File (BOF) Development, 03/2026
- EDR Internals: Research & Development, 11/2025
- OffSec Certified Experienced 3 (OSCE3), 07/2025
- OffSec Exploit Developer (OSED), 07/2025
- Offensive Azure Security Professional (OASP), 04/2024
- Hack The Box – BlackSky – Cyclone Pro Lab, 04/2024
- Modern Initial Access and Evasion Tactics, 09/2023
- OffSec Web Expert (OSWE), 09/2023
- Hack The Box – Offshore Pro Lab, 03/2023
- OffSec Experienced Penetration Tester (OSEP), 01/2023
- Certified Red Team Lead (CRTL), 09/2022
- Certified Red Team Operator (CRTO), 04/2022
- OffSec Certified Professional (OSCP), 01/2021
- OffSec Wireless Professional (OSWP), 03/2017
Activities And Awards
- Committee member of Call for Papers (CFP) in the OffensiveX Conference, 06/2025 - 01/2021
- Awarded 1st Place in the OfffensiveX Conference CTF Competition, 06/2024
- Community Contribution Champion 2020 (Associated with TwelveSec), 03/2021
- Employee of the month (Associated with TwelveSec), 02/2021
- Hacktober 2020 CTF – Top 50% of Scoreboard, 10/2020
- Acknowledgement for reporting critical security vulnerabilities (Associated with University of Western Macedonia), 06/2019
- Moderator & Beta Tester at Hack The Box, 09/2017 - 04/2018
- Volunteering in cybersecurity community events as general stuff and CTF organizer (Associated with Security BSides Athens, Cyprus) 06/2017 - 01/2022
Presentations
- Security BSides 312, 05/2026, The Walking Dead of Active Directory, https://bsides312.org/
- Security BSides Chicago, 11/2025, May The Least Privilege Be With You: Exposing The Dark Side Of Azure Principal Permissions, https://www.youtube.com/watch?v=730Qd3gjniU
- Security BSides Peoria, 10/2025, I Need a C2 Infrastructure Immediately… As in, Yesterday!, https://bsidespeoria.com/
- DEF CON 33 Cloud Village, 08/2025, May The Least Privilege Be With You: Exposing The Dark Side Of Azure Principal Permissions, https://www.youtube.com/watch?v=730Qd3gjniU
- Security BSides Athens, 07/2024, Local Admin in Less than 60 Sec (My Guilty Pleasure), https://2024.bsidesath.gr
- Security BSides Budapest, 05/2024, Local Admin in Less than 60 Sec (My Guilty Pleasure), https://2024.bsidesbud.com
- Security BSides Athens, 06/2022, COM Hijacking Voodoo, https://www.youtube.com/watch?v=qF1RaSM_X1Q
- Dev Sec Con Global Community, 06/2022, COM Hijacking Voodoo, http://www.youtube.com/watch?v=Rrr99CX3uCE
- Security BSides Tirana, 05/2022, Introduction to COM Hijacking Voodoo, https://bsidestirana.al
- Security BSides Cyprus, 10/2021, May the “R00t” be with you, http://www.youtube.com/watch?v=pU3A82byKTM
- Hacking Nightmare #2 – IEEE UOWM SB, 09/2017, Hacking Nightmare #2 – ISCASI Everywhere, http://www.youtube.com/watch?v=gXaahEǪjjZw
Timeline
Senior Cyber Consultant
Ernst & Young
09.2024 - Current
Senior Offensive Security Consultant
Ernst & Young
10.2022 - 08.2024
Offensive Security Consultant
Ernst & Young
12.2021 - 09.2022
Penetration Tester
TwelveSec
06.2020 - 12.2021
BS & Integrated Master - Informatics and Telecommunication Engineering
University of Western Macedonia