Nikos Vourdas
Senior Offensive Security Consultant
Chicago, Illinois, United States
Actions
Nikos Vourdas, also known as nickvourd or NCV, is a Senior Offensive Security Consultant based in the US. With over five years of professional experience, he has actively participated in various global Tiber-EU and iCAST Red Teaming engagements. Regardless of his young age, Nikos has conducted full Red Teaming operations to major clients across retail, banking, shipping, construction industries. He holds OSCE3, OSCP, OSWP, CRTL, CRTO and OASP certifications. Also, he has previously presented at DEF CON, DevSecCon, and various BSides events around the world. Nikos loves contributing to open-source projects and always starts his day at 05:00 AM with a refreshing jog while listening to French rap music.
Area of Expertise
Topics
May the Least Privilege Be With You: Exposing the Dark Side of Azure Service Principal Permissions
In every modern Azure environment, Service Principals drive automation and integration. Yet, to support enterprise solutions in identity governance, cloud security, and DevOps automation, these principals are often endowed with broad Microsoft Graph API permissions, such as RoleManagement.ReadWrite.Directory, Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, and ServicePrincipalEndpoint.ReadWrite.All. Even Entra ID roles that are not typically classified as “privileged” can be exploited, enabling attackers to modify Service Principal configurations and escalate privileges in unexpected ways.
This session reveals groundbreaking research that uncovers how excessive Graph API permissions, and the abuse of non‑privileged Entra ID roles, create new exploitation pathways in Azure. We will detail common misconfigurations that, when left unmonitored, allow attackers to seize control of Service Principals and manipulate application configurations. In doing so, we introduce Azure AppHunter, a novel open‑source tool that scans Azure environments for Service Principals with dangerous permissions and maps out potential attack vectors.
Attendees will gain practical techniques for detecting and mitigating these vulnerabilities, enforce least privilege, and integrate continuous auditing into their security workflows, all essential for securing Azure deployments against emerging threats.
Local Admin in less than 60 seconds [My guilty pleasure]
Local Privilege Escalation, also known as LPE, refers to the process of elevating user privileges on a computing system or network beyond what is intended, granting unauthorized access to resources or capabilities typically restricted to higher privilege levels. Gaining local admin privileges during red teaming significantly enhances the potential for lateral movement and access to additional resources. Modern environments offer unprecedented opportunities to gain local admin privileges more easily than one might imagine. The days of relying solely on traditional techniques such as exploiting unquoted service paths, weak service permissions, misconfigured AlwaysInstallElevated policies etc. are long gone (still possible but rare). Thus, in this presentation, we will explore together some alternative and realistic methods for escalating privileges and moving laterally within an internal network, inspired by my recent engagements.
Introduction to COM Hijacking
During long term adversary simulations engagements, host persistence is an useful method of regaining access to a compromised workstation or server, without having to exploit the initial foothold all over again. COM object hijacking is an unique technique in which a default system-wide COM Object can be replaced by a malicious software and load in its place. In this presentation we will explore together ways to implement COM Hijacking via CLSID, ProgID, Task Scheduler, Missing Libraries and others.
BSidesChicago 2025 Sessionize Event Upcoming
Security BSides Athens 2024 Sessionize Event
BSides Tirana 2022 Sessionize Event
Nikos Vourdas
Senior Offensive Security Consultant
Chicago, Illinois, United States
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top