frichetten

View JSON Representation

Staff Security Researcher | Cloud Chaos Causer

Funding Links: https://github.com/sponsors/Frichetten

• Name: Nick Frichette
• Location: Bloomington, IL
• Kind: user
• Followers: 490
• Following: 78
• Total stars: 1023
• Repositories count: 78
• Created at: 2022-11-19T07:37:14.716Z
• Updated at: 2025-06-26T04:02:19.022Z
• Last synced at: 2025-06-26T04:02:19.022Z

GitHub Sponsors Profile

👋 Hi there! My name is Nick Frichette. I'm a Cloud Security Researcher specializing in offensive security in AWS. I publish research on AWS attack techniques, as well as 0day vulnerabilities I find.
In my free time, I'm the creator and primary maintainer of Hacking the Cloud, an open-source encyclopedia of offensive security techniques that can be used in cloud environments.
Vulnerability Research
Here are some examples of research I've conducted as well as notable vulnerabilities I have found.

Non-Production Endpoints as an Attack Surface in AWS
Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover
Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research
Cross-Tenant Confused Deputy Vulnerability in AWS AppSync
AWS CloudTrail bypass for specific IAM actions
XSS in the AWS Console
Enumerate AWS API Permissions without Logging to CloudTrail
Intercept SSM Agent Communications
CVE-2020-11108: How I Stumbled into a Pi-Hole RCE+LPE
CVE-2020-15511: Account Takeover in Terraform Enterprise

Community Involvement
I'm involved/participate with the security community in several ways. Here are just a few:

RSAC 2025 - "Critiquing Cloud Criminals: Ready for Smarter Cloud Attacks?", covering common OPSEC failures threat actors make when attacking cloud environments, how you can catch them, and how you can achieve the same thing stealthily.
Wild West Hackin' Fest: Mile High 2025 - I was the opening keynote speaker for the conference with "I Want You to Hack AWS: Cloud Penetration Testing for Traditional Hackers".
fwd:cloudsec EU 2024 - "Hidden Among the Clouds: A Look at Undocumented AWS APIs", a talk where I shared my research on finding thousands on undocumented AWS APIs.
DEF CON 32 - I spoke on the main stage of DEF CON 32, sharing my research on exploiting AWS service vulnerabilities for initial access. The talk was titled "Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access".
fwd:cloudsec NA 2024 - I gave a talk titled "Trust Me Bro: Preexisting Trust is the New Initial Access Vector" at fwd:cloudsec NA 2024.
Black Hat USA 2023 - I spoke on the main stage of Black Hat USA 2023 about my research into CloudTrail evasion.
Cloud Security Podcast: How to Escape Clusters in a Managed Kubernetes Cluster? - I was a guest on the Cloud Security Podcast talking about abusing managed Kubernetes clusters.
DEF CON Cloud Village 2023 - I gave a talk at the DEF CON Cloud Village titled "Evading Logging in the Cloud: Bypassing AWS CloudTrail".
Wiz: Top 16 cloud security experts you should follow in 2023 - I was included as a "top cloud security expert" in Wiz's yearly roundup.
fwd:cloudsec 2023 - Gave a talk titled "Evading Logging in the Cloud: Disrupting and Bypassing AWS CloudTrail", which was an overview of my research on AWS CloudTrail bypasses.
Cloud Securiy Podcast: Getting Started With Hacking AWS Cloud - I was a guest on the Cloud Security Podcast, discussing some of my security research.

Why Sponsor Me?
If you like any of the work I do, I would be very grateful for your sponsorship. Any amount helps me dedicate time to focus on my research or maintaining Hacking the Cloud.

• Current Sponsors: 0
• Past Sponsors: 0
• Total Sponsors: 0
• Minimum Sponsorship: $1.00

Featured Works

Active Sponsors

Past Sponsors

Sponsor Breakdown

• User: 1

Past Sponsorships

View All

Sponsorship Breakdown by Kind

• User: 1