Christian Frichot is an Aussie hacker currently living in San Francisco Perth, Australia


I'm an Australian application security nerd who is currently working for Atlassian. I've previously worked remotely for SafeStack, HashiCorp, and in San Francisco for Cruise Automation, Salesforce, LinkedIn and co-founded Asterisk Information Security in Perth, Australia.

What is this website? Well, I realised I didn't like my about.me page very much, and impulse bought this domain a while back. So, here's my new vanity landing page thingo.

I've been involved in a few open source security projects and have also presented at a number of conferences. You can read more about these things in the ... things section.

Outside of my professional interests in application security and hacking, I'm also interested in a number of other areas of modern computing, particularly development/operations practices, web-scale/cloud computing and automation. I've been known to dabble in Golang, Ruby, JavaScript and Python, but like most things I'm passionate about, I seem to have a love/hate relationship with each of these languages. The same goes for my opinions on most operating systems (both desktop & mobile). I guess this is what keeps things interesting.

Oh - and I'm a (n)vim user

Before I was into computers though I spent a large portion of my life focused on music, particularly on the drums. This time was spent playing in a number of cover bands, studying Jazz Performance for a while at WAAPA, and playing in a number of original, Perth bands. Including Mélange, Grenade Baby Lemonade, Red Delicious, BLAST Furnace, and even doing a few shows drumming with Nathan Gaunt.

Outside of family, music and computers I'm into a bunch of regular (somewhat geeky) hobbies. BBQing, travelling, reading, writing, and gaming (console, PC, tabletop whatever).

I used to blog quite a bit, but then a few years ago deleted my old self-hosted (on AWS) wordpress and shifted to a Jekyll powered blog on github pages. During the process I went through and removed the archives - which dated back to the early 2000s I think.

Things I'm involved in

I guess this section should be called projects, except I find I don't stick to things indefinitely.

I'm one of the co-authors (alongside Wade and Michele) of the Browser Hacker's Handbook. Published by Wiley, and released in 2014, I was super fortunate to be invited to help out with the project by Wade back in 2012-ish. The book wouldn't have come together without the help of so many other people though, and it's through everyones involvement I feel like I helped with something pretty amazing.

The reason I got invited to help with the book was due to my involvement with the Browser Exploitation Framework (aka: BeEF). Similarly, I was fortunate to get asked to help out with the BeEF project by Wade a number of years back, and through contributions to this project, I've been able to meet a number of brilliant people. It's funny to think about how contributing to a piece of OSS could impact your life so much, but it's fair to say that this has made me a better developer, communicator and security professional.

I'm also the creator of hcltm. A tool for AppSec and DevOps practitioners that want to standardise on modular threat modelling using HashiCorp's HCL language.


2010 - Barcamp (Australia). Web Security Slides

2011 - Australian Information Security Association (AISA) Techday (Australia). Defending Web Applications Slides. Presented with the wonderful David Taylor

2012 - OWASP AppSec APAC (Australia). Shakes Hooves with BeEF Slides

2014 - Kiwicon (NZ). Hooked-Browser Mesh-Networks with WebRTC. OR, BeEF for Vegetarians Slides

2015 - DEFCON (USA). Hooked-Browser Mesh-Networks with WebRTC YouTube and Slides

2016 - CactusCon (USA). WTF is Browser Hacking? Slides

2016 - Blackhat Arsenal (USA). A refresher on BeEF

2017 - BSides SF (USA). Dormant DOMination YouTube

2017 - Australian Cyber Security Centre Conference (Australia). (App)Sec from the Trenches

2017 - NCC Open Forum (USA). Dormant DOMination

2018 - Kiwicon (NZ). Getting Shells from JavaScript: offensive JavaScript techniques for red teamers (with Dylan Ayrey)

2019 - BSides SF (USA). Offensive JavaScript for Red Teamers (or anyone really) (with Dylan Ayrey) YouTube

2021 - BSides SF (Remote). Offensive JavaScript Techniques for Red Teamers (or anyone really) updated (with Dylan Ayrey) YouTube

2021 - CyberWest Summit (Australia). Getting started with Threat Modelling

2023 - The Application Security Podcast (Remote). Threat Modeling with hcltm YouTube

2023 - PerthSec (Australia). Threat Modelling: 14 years in the making


"Engineers are all basically high-functioning autistics who have no idea how normal people do stuff." -Cory Doctorow

How to contact me

I used to think that my technical skills were one of the most important skills I had. As I've gotten older, I realise that my ability to communicate is much more important.

"Empathy is a tool for building people into groups, for allowing us to function as more than self-obsessed individuals." -Neil Gaiman