👋 Hi there! My name is Nick Frichette. I'm a Cloud Security Researcher specializing in offensive security in AWS. I publish research on AWS attack techniques, as well as 0day vulnerabilities I find.

In my free time, I'm the creator and primary maintainer of Hacking the Cloud, an open-source encyclopedia of offensive security techniques that can be used in cloud environments.

Vulnerability Research

Here are some examples of research I've conducted as well as notable vulnerabilities I have found.

• Non-Production Endpoints as an Attack Surface in AWS
• Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover
• Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research
• Cross-Tenant Confused Deputy Vulnerability in AWS AppSync
• AWS CloudTrail bypass for specific IAM actions
• XSS in the AWS Console
• Enumerate AWS API Permissions without Logging to CloudTrail
• Intercept SSM Agent Communications
• CVE-2020-11108: How I Stumbled into a Pi-Hole RCE+LPE
• CVE-2020-15511: Account Takeover in Terraform Enterprise

Community Involvement

I'm involved/participate with the security community in several ways. Here are just a few:

• fwd:cloudsec NA 2024 - I gave a talk titled "Trust Me Bro: Preexisting Trust is the New Initial Access Vector" at fwd:cloudsec NA 2024.
• Black Hat USA 2023 - I spoke on the main stage of Black Hat USA 2023 about my research into CloudTrail evasion.
• Cloud Security Podcast: How to Escape Clusters in a Managed Kubernetes Cluster? - I was a guest on the Cloud Security Podcast talking about abusing managed Kubernetes clusters.
• DEF CON Cloud Village 2023 - I gave a talk at the DEF CON Cloud Village titled "Evading Logging in the Cloud: Bypassing AWS CloudTrail".
• Wiz: Top 16 cloud security experts you should follow in 2023 - I was included as a "top cloud security expert" in Wiz's yearly roundup.
• fwd:cloudsec 2023 - Gave a talk titled "Evading Logging in the Cloud: Disrupting and Bypassing AWS CloudTrail", which was an overview of my research on AWS CloudTrail bypasses.
• Cloud Securiy Podcast: Getting Started With Hacking AWS Cloud - I was a guest on the Cloud Security Podcast, discussing some of my security research.
• SANS Pentest Hackfest 2022 - Gave a talk at the main track on "What I Wish I Knew Before Pentesting AWS Environments" (slides).
• Screaming in the Cloud #226 - Corey Quinn - I was a guest on the Screaming in the Cloud podcast, hosted by Corey Quinn. We talked about offensive security in AWS, AWS security research, and more.
• Research in the News - My research has been featured in multiple well-known newsletters including CloudSecList, tl;dr sec, and Bug Bytes.
• ShellCon 2020 - Gave a talk (Hacking AWS - TTPs for the Cloud) at the Main Track of ShellCon 2020. Covered the tactics and techniques a penetration testing or red team can leverage when attacking AWS infrastructure.

Why Sponsor Me?

If you like any of the work I do, I would be very grateful for your sponsorship. Any amount helps me dedicate time to focus on my research or maintaining Hacking the Cloud.