Become a sponsor to Nick Frichette
đź‘‹ Hi there! My name is Nick Frichette. I'm a Cloud Security Researcher specializing in offensive security in AWS. I publish research on AWS attack techniques, as well as 0day vulnerabilities I find.
In my free time, I'm the creator and primary maintainer of Hacking the Cloud, an open-source encyclopedia of offensive security techniques that can be used in cloud environments.
Vulnerability Research
Here are some examples of research I've conducted as well as notable vulnerabilities I have found.
- Non-Production Endpoints as an Attack Surface in AWS
- Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover
- Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research
- Cross-Tenant Confused Deputy Vulnerability in AWS AppSync
- AWS CloudTrail bypass for specific IAM actions
- XSS in the AWS Console
- Enumerate AWS API Permissions without Logging to CloudTrail
- Intercept SSM Agent Communications
- CVE-2020-11108: How I Stumbled into a Pi-Hole RCE+LPE
- CVE-2020-15511: Account Takeover in Terraform Enterprise
Community Involvement
I'm involved/participate with the security community in several ways. Here are just a few:
- fwd:cloudsec NA 2024 - I gave a talk titled "Trust Me Bro: Preexisting Trust is the New Initial Access Vector" at fwd:cloudsec NA 2024.
- Black Hat USA 2023 - I spoke on the main stage of Black Hat USA 2023 about my research into CloudTrail evasion.
- Cloud Security Podcast: How to Escape Clusters in a Managed Kubernetes Cluster? - I was a guest on the Cloud Security Podcast talking about abusing managed Kubernetes clusters.
- DEF CON Cloud Village 2023 - I gave a talk at the DEF CON Cloud Village titled "Evading Logging in the Cloud: Bypassing AWS CloudTrail".
- Wiz: Top 16 cloud security experts you should follow in 2023 - I was included as a "top cloud security expert" in Wiz's yearly roundup.
- fwd:cloudsec 2023 - Gave a talk titled "Evading Logging in the Cloud: Disrupting and Bypassing AWS CloudTrail", which was an overview of my research on AWS CloudTrail bypasses.
- Cloud Securiy Podcast: Getting Started With Hacking AWS Cloud - I was a guest on the Cloud Security Podcast, discussing some of my security research.
- SANS Pentest Hackfest 2022 - Gave a talk at the main track on "What I Wish I Knew Before Pentesting AWS Environments" (slides).
- Screaming in the Cloud #226 - Corey Quinn - I was a guest on the Screaming in the Cloud podcast, hosted by Corey Quinn. We talked about offensive security in AWS, AWS security research, and more.
- Research in the News - My research has been featured in multiple well-known newsletters including CloudSecList, tl;dr sec, and Bug Bytes.
- ShellCon 2020 - Gave a talk (Hacking AWS - TTPs for the Cloud) at the Main Track of ShellCon 2020. Covered the tactics and techniques a penetration testing or red team can leverage when attacking AWS infrastructure.
Why Sponsor Me?
If you like any of the work I do, I would be very grateful for your sponsorship. Any amount helps me dedicate time to focus on my research or maintaining Hacking the Cloud.
1 sponsor has funded Frichetten’s work.
Featured work
-
Hacking-the-Cloud/hackingthe.cloud
An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
Dockerfile 1,652 -
Frichetten/SneakyEndpoints
Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints
HCL 112 -
Frichetten/aws_stealth_perm_enum
Research on the enumeration of IAM permissions without logging to CloudTrail
Python 60 -
Frichetten/ssm-agent-research
This is a custom SSM agent which is sorta functional
Python 16 -
Frichetten/aws_api_shapeshifter
A small library to alter AWS API requests; Used for fuzzing research
Python 21 -
Frichetten/CVE-2019-5736-PoC
PoC for CVE-2019-5736
Go 637