Hello, I am
Vid Grosek
Ethical Hacker | Penetration Tester
18+ years of experience. 15+ certifications: OSCE3, OSCP+, OSCP, OSEP, OSWE, OSED, OSWA, OSIR, OSDA, CPTS, CWES, eWPT, eJPT, CEH. I help Slovenian companies discover security vulnerabilities before attackers do.
Professional Journey
Throughout an 18-year professional career spanning administration, gaming, and cryptographic technologies, I developed a deep technical foundation that naturally led me into offensive cybersecurity.
My transition into penetration testing was driven by a long-standing attacker mindset, hands-on technical problem solving, and a strong understanding of complex systems.
I specialize in offensive security and penetration testing, combining advanced technical execution with structured analysis, clear communication, and disciplined engagement delivery. My background enables me to rapidly understand complex environments, identify real-world attack paths, and translate technical findings into actionable outcomes for both technical and executive audiences.
Known for my reliability, precision, and calm approach under pressure, I thrive in challenging environments where manual exploitation, creative thinking, and deep system understanding are required. I actively contribute to high-performing teams, continuously refine my skillset, and focus on delivering security outcomes that meaningfully reduce risk.
OSCE3
Offensive Security Certified Expert 3
First in Slovenia
OSED
Offensive Security Exploit Developer
OSCP+
Offensive Security Certified Professional Plus
First in Slovenia
OSCP
Offensive Security Certified Professional
OSEP
Offensive Security Experienced Penetration Tester
OSWE
Offensive Security Web Expert
OSWA
Offensive Security Web Assessor
OSIR
Offensive Security Incident Responder
OSDA
Offensive Security Defense Analyst
eWPT
eLearnSecurity Web Application Penetration Tester
eJPT
eLearnSecurity Junior Penetration Tester
CEH
Certified Ethical Hacker
CPTS
Certified Penetration Testing Specialist
CWES
Certified Web Exploitation Specialist
Professional Experience
Telprom d.o.o
Lead Penetration Tester - Offensive Security
- Lead and execute advanced external and internal penetration testing engagements against enterprise environments
- Manual web application penetration testing, including business logic abuse, authentication/MFA weaknesses, API security issues, and WAF bypass
- Active Directory attack path analysis, privilege escalation, lateral movement, and post-exploitation activities
- Red team–style attack simulations, emulating real threat actors to validate real-world impact
- Targeted social engineering assessments aligned with organizational threat models
- Risk-driven vulnerability assessments, prioritizing exploitable and high-impact findings over automated noise
- Blue team validation support by reproducing attack techniques, verifying detections, and assisting with remediation guidance
- High-quality technical and management-level reports with clear attack narratives and actionable recommendations
GO-LIX d.o.o
Ethical Hacker / Penetration Tester
- External and internal penetration testing
- Web and mobile application penetration testing
- Security awareness
SZO Grosek Psenicnik Marjana, dr. med
Administrator
- IT infrastructure management
- Confidential data protection
- System administration and maintenance
Areas of Expertise
Penetration testing and offensive security in Europe. Active Directory security, web application penetration testing, and incident response.
Penetration Testing
I provide real-world penetration testing services focused on actual attacker behavior, not checklist-based compliance.
- External, internal, and assumed breach testing
- Advanced lateral movement (pivoting, tunneling, port forwarding)
- Bypassing network segmentation, WAFs, and security controls
- Identifying paths to privileged access and critical systems
Active Directory Security
Active Directory remains the primary path to full enterprise compromise.
- AD enumeration (LDAP, Kerberos, NTLM)
- NTLM relay, Kerberoasting, AS-REP roasting
- Delegation, trust, and ADCS abuse
- Privilege escalation to Tier-0 / Domain Admin
Web Application Security
I test modern web applications, portals, and internal systems.
- XSS, SQL Injection, SSRF, and business logic flaws
- Session management and authentication attacks
- API testing (REST, JSON, OAuth)
- JavaScript deobfuscation and WAF bypass
Network Security
Network enumeration and vulnerability assessment in internal and external environments.
- Network enumeration (Nmap, service fingerprinting)
- Common service and protocol attacks
- Reverse shells, payloads, and C2 communication
- Internal and external vulnerability assessment
Incident Response
Security incident analysis and attack path reconstruction.
- Security incident analysis and investigation
- Digital forensics and attack path reconstruction
- Containment and eradication of attackers
- Actionable remediation and prevention guidance
Documentation & Reporting
Documentation built for decision-making, not just compliance.
- Executive and technical security reports
- Clear proof-of-concepts and attack narratives
- CVSS scoring, risk prioritization, and mitigation guidance
- Practical recommendations for security improvement
Community Contributions
HackTheBox Slovenia Meetup
Organizer & Mentor | 2024 - 2025
Organizing regular HackTheBox community meetups in Slovenia. Helping aspiring security professionals through mentorship and hands-on workshops.
Latest Writing
Opinions, analysis, and insights from real engagements.
Assessing Your Security Maturity: Where Do You Stand?
A framework for understanding your organization security posture.
Vulnerability vs Risk: What Decision Makers Need to Know
Not every vulnerability is a risk. Learn to prioritize what matters.
How to Buy Security Testing: A Guide for Decision Makers
What to look for when purchasing penetration testing services.
Frequently Asked Questions
Who is Vid Grosek?
Vid Grosek is Slovenia's first OSCE3 and OSCP+ certified ethical hacker and penetration tester. He has over 18 years of experience in cybersecurity, specializing in Active Directory security, web application penetration testing, and red team operations. He holds 15+ professional certifications including OSCE3, OSCP+, OSEP, OSWE, OSED, and more.
What is OSCE3 certification?
OSCE3 (Offensive Security Certified Expert 3) is an elite certification from Offensive Security, awarded to professionals who complete three advanced courses: OSEP (Experienced Penetration Tester), OSWE (Web Expert), and OSED (Exploit Developer). Vid Grosek is the first person in Slovenia to achieve this certification.
What penetration testing services does Vid Grosek offer?
Vid Grosek offers comprehensive penetration testing services including: external and internal network penetration testing, Active Directory security assessments, web application security testing, API security testing, red team operations, cloud security assessments (AWS, Azure, GCP), and social engineering assessments.
Who is the best penetration tester in Slovenia?
Vid Grosek is considered one of the top penetration testers in Slovenia, being the first and only OSCE3 and OSCP+ certified professional in the country. With 18+ years of experience and 15+ professional certifications, he specializes in Active Directory attacks, web application security, and red team operations.
Need a Penetration Test?
Contact me for a professional security assessment of your infrastructure.