Sign up to save your podcasts
Or
Share Replay - Hacking AWS in Good Faith with Nick Frichette
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Replay - Hacking AWS in Good Faith with Nick Frichette
On this Screaming in the Cloud Replay, we’re taking you back to our chat with Nick Frichette. He’s the maintainer of hackingthe.cloud, and holds security and solutions architect AWS certifications, and in his spare time, he conducts vulnerability research at Hacking the Cloud. Join Corey and Nick as they talk about the various kinds of cloud security researchers and touch upon offensive security, why Nick decided to create Hacking the Cloud, how AWS lets security researchers conduct penetration testing in good faith, some of the more interesting AWS exploits Nick has discovered, how it’s fun to play keep-away with incident response, why you need to get legal approval before conducting penetration testing, and more.
Show Highlights
(0:00) Intro
(0:42) The Duckbill Group sponsor read
(1:15) What is a Cloud Security Researcher?
(3:49) Nick’s work with Hacking the Cloud
(5:24) Building relationships with cloud providers
(7:34) Nick’s security findings through cloud logs
(13:05) How Nick finds security flaws
(15:31) Reporting vulnerabilities to AWS and “bug bounty” programs
(18:41) The Duckbill Group sponsor read
(19:24) How to report vulnerabilities ethically
(21:52) Good disclosure programs vs. bad ones
(28:23) What’s next for Nick
(31:27) Where you can find more from Nick
About Nick Frichette
Nick Frichette is a Staff Security Researcher at Datadog, specializing in offensive security within AWS environments. His focus is on discovering new attack vectors targeting AWS services, environments, and applications. From his research, Nick develops detection methods and preventive measures to secure these systems. Nick’s work often leads to the discovery of vulnerabilities within AWS itself, and he collaborates closely with Amazon to ensure they are remediated.
Nick has also presented his research at major industry conferences, including Black Hat USA, DEF CON, fwd:cloudsec, and others.
Links
- Hacking the Cloud: https://hackingthe.cloud/
- Determine the account ID that owned an S3 bucket vulnerability: https://hackingthe.cloud/aws/enumeration/account_id_from_s3_bucket/
- Twitter: https://twitter.com/frichette_n
- Personal website:https://frichetten.com
Original Episode
https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/hacking-aws-in-good-faith-with-nick-frichette/
Sponsor
The Duckbill Group: duckbillgroup.com
View all episodes
By Corey Quinn
4.7
9292 ratings
On this Screaming in the Cloud Replay, we’re taking you back to our chat with Nick Frichette. He’s the maintainer of hackingthe.cloud, and holds security and solutions architect AWS certifications, and in his spare time, he conducts vulnerability research at Hacking the Cloud. Join Corey and Nick as they talk about the various kinds of cloud security researchers and touch upon offensive security, why Nick decided to create Hacking the Cloud, how AWS lets security researchers conduct penetration testing in good faith, some of the more interesting AWS exploits Nick has discovered, how it’s fun to play keep-away with incident response, why you need to get legal approval before conducting penetration testing, and more.
Show Highlights
(0:00) Intro
(0:42) The Duckbill Group sponsor read
(1:15) What is a Cloud Security Researcher?
(3:49) Nick’s work with Hacking the Cloud
(5:24) Building relationships with cloud providers
(7:34) Nick’s security findings through cloud logs
(13:05) How Nick finds security flaws
(15:31) Reporting vulnerabilities to AWS and “bug bounty” programs
(18:41) The Duckbill Group sponsor read
(19:24) How to report vulnerabilities ethically
(21:52) Good disclosure programs vs. bad ones
(28:23) What’s next for Nick
(31:27) Where you can find more from Nick
About Nick Frichette
Nick Frichette is a Staff Security Researcher at Datadog, specializing in offensive security within AWS environments. His focus is on discovering new attack vectors targeting AWS services, environments, and applications. From his research, Nick develops detection methods and preventive measures to secure these systems. Nick’s work often leads to the discovery of vulnerabilities within AWS itself, and he collaborates closely with Amazon to ensure they are remediated.
Nick has also presented his research at major industry conferences, including Black Hat USA, DEF CON, fwd:cloudsec, and others.
Links
- Hacking the Cloud: https://hackingthe.cloud/
- Determine the account ID that owned an S3 bucket vulnerability: https://hackingthe.cloud/aws/enumeration/account_id_from_s3_bucket/
- Twitter: https://twitter.com/frichette_n
- Personal website:https://frichetten.com
Original Episode
https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/hacking-aws-in-good-faith-with-nick-frichette/
Sponsor
The Duckbill Group: duckbillgroup.com
More shows like Screaming in the Cloud
View all
Hanselminutes with Scott Hanselman
377 Listeners
Software Engineering Radio - the podcast for professional software developers
272 Listeners
The Changelog: Software Development, Open Source
284 Listeners
The Cloudcast
152 Listeners
Thoughtworks Technology Podcast
40 Listeners
Software Engineering Daily
621 Listeners
AWS Podcast
201 Listeners
CoRecursive: Coding Stories
189 Listeners
Techmeme Ride Home
941 Listeners
Kubernetes Podcast from Google
181 Listeners
Practical AI
192 Listeners
AWS Morning Brief
77 Listeners
The Stack Overflow Podcast
62 Listeners
Oxide and Friends
47 Listeners
The Pragmatic Engineer
53 Listeners