Skip to content
View Frichetten's full-sized avatar
🖋️
"Pen" Testing
🖋️
"Pen" Testing

Sponsors

@egre55

Block or report Frichetten

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Frichetten/README.md

My name is Nick Frichette and I'm a Staff Security Researcher, primarily focused on cloud, web application, and CI/CD exploitation. Previously, I worked as a Penetration Tester and Team Lead for a large financial services company. In addition, I'm the creator and primary maintainer of Hacking the Cloud, an encyclopedia of the techniques that offensive security professionals can use against cloud environments.

Aside from that, I'm fortunate to be a part of the AWS Community Builders Program.

This GitHub profile contains a bunch of stuff, and some of it is "good". You can find most of my research at my blog.

Vulnerability Research

I conduct security research both, professionally and as a hobby. My primary focus is on AWS and web application security.

Community Involvement

I'm involved/participate with the security community in several ways. Here are just a few.

Certifications

OSCP OSWE
GXPN GPEN
AWS Certified Security Specialist

Pinned Loading

  1. Hacking-the-Cloud/hackingthe.cloud Hacking-the-Cloud/hackingthe.cloud Public

    An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

    Dockerfile 1.8k 219

  2. CVE-2019-5736-PoC CVE-2019-5736-PoC Public archive

    PoC for CVE-2019-5736

    Go 642 164

  3. CVE-2020-11108-PoC CVE-2020-11108-PoC Public

    PoCs for CVE-2020-11108; an RCE and priv esc in Pi-hole

    Python 27 9

  4. aws_stealth_perm_enum aws_stealth_perm_enum Public

    Research on the enumeration of IAM permissions without logging to CloudTrail

    Python 60 8

  5. SneakyEndpoints SneakyEndpoints Public

    Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints

    HCL 113 12

  6. ssm-agent-research ssm-agent-research Public

    This is a custom SSM agent which is sorta functional

    Python 17 7