Nick Frichette
@frichetten.com
Staff Security Researcher @datadoghq | DEF CON/Black Hat USA main stage speaker | he/him | OSCP OSWE | I turned hacking AWS into a career | Tweets are my own | Created https://hackingthe.cloud
Ah yes, the alloy known as '<span class="no-text-formatting">white gold</span>'
October 2, 2025 at 9:33 PM
Ah yes, the alloy known as '<span class="no-text-formatting">white gold</span>'
Today in weird things family members say about technology, this is “the weird internet frisbee”.
October 1, 2025 at 9:26 PM
Today in weird things family members say about technology, this is “the weird internet frisbee”.
New on @hackingthe.cloud! A great post by Federico Lucini on bypassing AWS Network Firewall egress filtering!
hackingthe.cloud/aws/post_exp...
hackingthe.cloud/aws/post_exp...
AWS Network Firewall Egress Filtering Bypass - Hacking The Cloud
Bypass AWS Network Firewall Egress Filtering using SNI spoofing and Host Header manipulation.
hackingthe.cloud
September 29, 2025 at 2:30 PM
New on @hackingthe.cloud! A great post by Federico Lucini on bypassing AWS Network Firewall egress filtering!
hackingthe.cloud/aws/post_exp...
hackingthe.cloud/aws/post_exp...
Are you interested in pushing the boundaries of Gen AI security? Do you want to join an accomplished team of researchers, software engineers, and hackers? Join us!
careers.datadoghq.com/detail/71207...
careers.datadoghq.com/detail/71207...
Senior Security Researcher - GenAI | Datadog Careers
We're building a platform that engineers love to use. Join us, and help usher in the future.
careers.datadoghq.com
September 23, 2025 at 6:44 PM
Are you interested in pushing the boundaries of Gen AI security? Do you want to join an accomplished team of researchers, software engineers, and hackers? Join us!
careers.datadoghq.com/detail/71207...
careers.datadoghq.com/detail/71207...
Shout out to @flekyy90.bsky.social for not one, but two new articles on Hacking the Cloud! If you're interesting in learning more persistence methods definitely check them out!
hackingthe.cloud/aws/post_exp...
hackingthe.cloud/aws/post_exp...
AWS CodeBuild GitHub Runner Persistence - Hacking The Cloud
Abusing the CodeBuild managed GitHub Actions runner integration to obtain long‑term access to an AWS environment.
hackingthe.cloud
September 22, 2025 at 2:00 PM
Shout out to @flekyy90.bsky.social for not one, but two new articles on Hacking the Cloud! If you're interesting in learning more persistence methods definitely check them out!
hackingthe.cloud/aws/post_exp...
hackingthe.cloud/aws/post_exp...
Added a new challenge coin to the display today, in recognition of my contributions to the AWS Vulnerability Disclosure Program. I’m excited to continue pushing the boundaries of AWS security and helping to build a more secure cloud!
September 18, 2025 at 7:04 PM
Added a new challenge coin to the display today, in recognition of my contributions to the AWS Vulnerability Disclosure Program. I’m excited to continue pushing the boundaries of AWS security and helping to build a more secure cloud!
@fwdcloudsec.org Europe 2025 was incredible! Amazing talks, amazing research, and amazing people. There is no other conference I would recommend for cloud security people. Looking forward to next year!
September 17, 2025 at 11:44 PM
@fwdcloudsec.org Europe 2025 was incredible! Amazing talks, amazing research, and amazing people. There is no other conference I would recommend for cloud security people. Looking forward to next year!
Good morning @fwdcloudsec.org! If you would like exclusive, limited edition, holographic stickers, come find me!
September 15, 2025 at 7:03 AM
Good morning @fwdcloudsec.org! If you would like exclusive, limited edition, holographic stickers, come find me!
Looking forward to seeing everyone in Berlin! Safe travels! @fwdcloudsec.org
September 13, 2025 at 1:06 PM
Looking forward to seeing everyone in Berlin! Safe travels! @fwdcloudsec.org
While not explicitly stated, I do want to stress: Cloud security people aggressively preach not storing long lived AWS access keys in CI/CD pipelines, and that you should instead use things like OIDC. However, that isn’t a silver bullet. In addition…
September 7, 2025 at 5:11 PM
While not explicitly stated, I do want to stress: Cloud security people aggressively preach not storing long lived AWS access keys in CI/CD pipelines, and that you should instead use things like OIDC. However, that isn’t a silver bullet. In addition…
Reposted by Nick Frichette
Thanks to folks including @frichetten.com for feedback about our Bedrock API key launch. We're listening. Yesterday, we updated Bedrock and IAM docs (see docs.aws.amazon.com/bedrock/late...) to clarify that these are service-specific credentials and how to prevent their use in your environment. 1/2
September 6, 2025 at 12:39 AM
Thanks to folks including @frichetten.com for feedback about our Bedrock API key launch. We're listening. Yesterday, we updated Bedrock and IAM docs (see docs.aws.amazon.com/bedrock/late...) to clarify that these are service-specific credentials and how to prevent their use in your environment. 1/2
For any security research leaders attending @fwdcloudsec.org EU, DM me. I’d love to meet with you and chat about your organizational structure! Who do you report to, how do you divide your teams, what are your success criteria, etc.
September 2, 2025 at 4:15 PM
For any security research leaders attending @fwdcloudsec.org EU, DM me. I’d love to meet with you and chat about your organizational structure! Who do you report to, how do you divide your teams, what are your success criteria, etc.
AWS’s commitment to this host name template is incredible. It’s everywhere!
August 29, 2025 at 1:34 PM
AWS’s commitment to this host name template is incredible. It’s everywhere!
Major shout out to @andoniaf.unicrons.cloud for adding three new privilege escalation techniques to the Hacking the Cloud catalog! Contributions like this make everything possible.
hackingthe.cloud/aws/exploita...
hackingthe.cloud/aws/exploita...
AWS IAM Privilege Escalation Techniques - Hacking The Cloud
Common techniques that can be leveraged to escalate privileges in an AWS account.
hackingthe.cloud
August 21, 2025 at 3:24 PM
Major shout out to @andoniaf.unicrons.cloud for adding three new privilege escalation techniques to the Hacking the Cloud catalog! Contributions like this make everything possible.
hackingthe.cloud/aws/exploita...
hackingthe.cloud/aws/exploita...
If you’re thinking of buying a house, please get two inspections. Or budget 2-5% for repairs that the inspectors miss. Or just don’t buy a house T_T
August 20, 2025 at 5:53 PM
If you’re thinking of buying a house, please get two inspections. Or budget 2-5% for repairs that the inspectors miss. Or just don’t buy a house T_T
Reposted by Nick Frichette
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer
by @frichetten.com
securitylabs.datadoghq.com/articles/enu...
by @frichetten.com
securitylabs.datadoghq.com/articles/enu...
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer | Datadog Security Labs
Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap.
securitylabs.datadoghq.com
August 20, 2025 at 7:33 AM
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer
by @frichetten.com
securitylabs.datadoghq.com/articles/enu...
by @frichetten.com
securitylabs.datadoghq.com/articles/enu...
Meet my enemy of the day. A piece of metal (razor blade) in my tire.
August 19, 2025 at 8:53 PM
Meet my enemy of the day. A piece of metal (razor blade) in my tire.
Old and busted: Cloud attackers making noisy List/Describe calls.
New hotness: Laundering enumeration calls through an AWS service silently.
Or at least, that used to work, until @datadoghq.com partnered with AWS to close this gap. Read more here:
securitylabs.datadoghq.com/articles/enu...
New hotness: Laundering enumeration calls through an AWS service silently.
Or at least, that used to work, until @datadoghq.com partnered with AWS to close this gap. Read more here:
securitylabs.datadoghq.com/articles/enu...
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer | Datadog Security Labs
Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap.
securitylabs.datadoghq.com
August 19, 2025 at 4:10 PM
Old and busted: Cloud attackers making noisy List/Describe calls.
New hotness: Laundering enumeration calls through an AWS service silently.
Or at least, that used to work, until @datadoghq.com partnered with AWS to close this gap. Read more here:
securitylabs.datadoghq.com/articles/enu...
New hotness: Laundering enumeration calls through an AWS service silently.
Or at least, that used to work, until @datadoghq.com partnered with AWS to close this gap. Read more here:
securitylabs.datadoghq.com/articles/enu...
If you're looking for a sci-fi book recommendation, I REALLY enjoyed Project Hail Mary. A few rough edges here and there but overall it was fantastic!
hardcover.app/books/projec...
hardcover.app/books/projec...
Nick Frichette's Review of Project Hail Mary by Andy Weir - Hardcover
Read Nick Frichette's review of Project Hail Mary by Andy Weir on Hardcover
hardcover.app
August 13, 2025 at 2:56 AM
If you're looking for a sci-fi book recommendation, I REALLY enjoyed Project Hail Mary. A few rough edges here and there but overall it was fantastic!
hardcover.app/books/projec...
hardcover.app/books/projec...
I’m skipping out on summer camp this year. Hope everyone has fun! Stay hydrated and shell responsibly! I’m in our New York office this week, and you could be too! We have over 170 open positions across engineering. careers.datadoghq.com/all-jobs/?pa...
August 5, 2025 at 1:17 PM
I’m skipping out on summer camp this year. Hope everyone has fun! Stay hydrated and shell responsibly! I’m in our New York office this week, and you could be too! We have over 170 open positions across engineering. careers.datadoghq.com/all-jobs/?pa...
It’s a month and a half away but I’m already super excited for @fwdcloudsec.org EU! If you’ll be there in Berlin, come find me for limited edition, holographic, @hackingthe.cloud stickers!
August 1, 2025 at 8:40 PM
It’s a month and a half away but I’m already super excited for @fwdcloudsec.org EU! If you’ll be there in Berlin, come find me for limited edition, holographic, @hackingthe.cloud stickers!
ec2-instance-connect:SendSSHPublicKey might be my on of my favorite API calls. Have privilege at the control plane and want to start popping boxes? I have a solution for you!
July 31, 2025 at 2:30 PM
ec2-instance-connect:SendSSHPublicKey might be my on of my favorite API calls. Have privilege at the control plane and want to start popping boxes? I have a solution for you!
After *checks notes* 18 years of running Linux on the desktop in one form or another, I’m going to give Mac a try.
July 30, 2025 at 1:33 AM
After *checks notes* 18 years of running Linux on the desktop in one form or another, I’m going to give Mac a try.
Reposted by Nick Frichette
It's kinda "good news / bad news."
Good news: No one at AWS (human or AI) merged in a dodgy PR, because...
Bad news: It was an exciting new exploited vulnerability in CodeBuild.
Good news: No one at AWS (human or AI) merged in a dodgy PR, because...
Bad news: It was an exciting new exploited vulnerability in CodeBuild.
July 26, 2025 at 1:54 AM
It's kinda "good news / bad news."
Good news: No one at AWS (human or AI) merged in a dodgy PR, because...
Bad news: It was an exciting new exploited vulnerability in CodeBuild.
Good news: No one at AWS (human or AI) merged in a dodgy PR, because...
Bad news: It was an exciting new exploited vulnerability in CodeBuild.
If there is anything to learn from the Q Developer incident it’s that you need to review your CI/CD pipelines for attack vectors. Who can submit PRs, what automation runs on them, how are you securing identities tied to them, etc.
July 26, 2025 at 2:21 PM
If there is anything to learn from the Q Developer incident it’s that you need to review your CI/CD pipelines for attack vectors. Who can submit PRs, what automation runs on them, how are you securing identities tied to them, etc.