"Hello there"
My name is Nick Frichette and I'm a Senior Security Researcher, primarily focussed on cloud, web application, and CI/CD exploitation. Previously, I worked as a Penetration Tester and Team Lead for a large financial services company. In addition, I'm the creator and primary maintainer of Hacking the Cloud, an encyclopedia of the techniques that offensive security professionals can use against cloud environments.
Aside from that, I'm fortunate to be a part of the AWS Community Builders Program and I also support the Tor project through my Tor nodes.
This GitHub profile contains a bunch of stuff, and some of it is "good". You can find most of my research at my blog.
Vulnerability Research
In my off time I do security research, primarily focused on AWS.
- XSS in the AWS Console
- Enumerate AWS API Permissions without Logging to CloudTrail
- Intercept SSM Agent Communications
- CVE-2020-11108: How I Stumbled into a Pi-Hole RCE+LPE
- CVE-2020-15511: Account Takeover in Terraform Enterprise
Community Involvement
I'm involved/participate with the security community in several ways. Here are just a few.
- Screaming in the Cloud #226 - Corey Quinn - I was a guest on the Screaming in the Cloud podcast, hosted by Corey Quinn. We talked about offensive security in AWS, AWS security research, and more.
- Research in the News - My research has been featured in multiple well-known newsletters including CloudSecList, tl;dr sec, and Bug Bytes.
- ShellCon 2020 - Gave a talk (Hacking AWS - TTPs for the Cloud) at the Main Track of ShellCon 2020. Covered the tactics and techniques a penetration testing or red team can leverage when attacking AWS infrastructure.
Certifications
| OSCP | OSWE |
| GXPN | GPEN |
| AWS Certified Security Specialist | HashiCorp Terraform Certified Associate |