Bloomington, IL

Nick Frichette

Elite
@Frichetten

Staff Security Researcher | Cloud Chaos Causer

CVE-2019-5736-PoC. PoC for CVE-2019-5736

658

SneakyEndpoints. Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints

121

aws_stealth_perm_enum. Research on the enumeration of IAM permissions without logging to CloudTrail

60

aws-api-models. A collection of documented and undocumented AWS API models

55

gitlab-runner-research. Research on abusing GitLab Runners

32

CVE-2020-11108-PoC. PoCs for CVE-2020-11108; an RCE and priv esc in Pi-hole

27

aws_api_shapeshifter. A small library to alter AWS API requests; Used for fuzzing research

22

ssm-agent-research. This is a custom SSM agent which is sorta functional

17

tools. A collection of pen-testing/hacking scripts. Various uses.

13

Specter. Specter is a prototype cryptocurrency developed to help people learn about Blockchain Technology.

10

aws-api-model-converter. Take undocumented APIs in the AWS Console and convert them to usable models for the AWS CLI.

9

enumate_iam_using_bucket_policy. Tool to enumerate IAM Users and Roles by Abusing S3 Bucket Policies

8

meltdown-spectre-poc. This is a combination of several different projects. It is intended to understand what the Meltdown and Spectre exploits are capable of.

8

deserialization_stuff. Research on deserialization attacks in Python and PHP

5

FriendlyExitNode. The source/config of the Friendly Exit Node project.

5

selfhosted-shodan-gather. Side project to catalog various selfhosted services on the internet using Shodan; Gather metrics on usage over time

5

Dungeons-and-Agents. Make Codex or Claude Code act as a virtual dungeon master for D&D 5e.

5

hackingthe.cloud. An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

4

Linux-From-Scratch. A repository holding everything I used to complete Linux From Scratch 8.2 (http://linuxfromscratch.org)

4

crs. Random tools to make research/testing easier

3

sigv4-signing-examples. Original SIGv4 Signing Examples

3

open-cvdb. An open project to list all publicly known cloud vulnerabilities and CSP security issues

3

SPA-Directory-Enumerator. Tool to perform directory enumeration of single page web applications

2

TrailDiscover. An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and security implications

2

Cut-Out-C2. Covert command and control system for Red-Team Operations

2

appID-2-acctID. Resolve an AWS Amplify App ID to AWS Account ID

2

Bulldog-2-The-Reckoning. A vulnerable (on purpose) Node.js web application to teach about application security. A sequel to Bulldog.

2

Image-Difference-Finder. A program to find the differences in "spot the differences" pictures

2

easyPoll. A effective and simple polling tool for any environment

2

plagiarism-examples. This repo contains a list of examples of plagiarism from HackTricks.

1

Fallout_Terminal_Hacker. An Android application that solves the hackable terminal puzzles of the Fallout franchise using OCR and Probability Analysis.

1

Frichetten. Read Me :)

1

aws_certified_solutions_architect_notes. Notes for AWS Certified Solutions Architect Studying

1

Tor-Docker-Proxy. Another Tor installation in a Docker container.

1

Bulldog. The source code to a Vulnerable (on purpose) VM

1

WiFiReader. Identifies nearby WiFi signals

1

normalize_aws_api. A quick script to normalize the AWS API into a single json file

1

GoEncryptTheCloud. Using Go, encrypt files and move them to the cloud (S3)

1
38
Apply