DSC Italy

SCARLETEEL: Advancing Cloud Attack Chains

Register

Date

October 11, 2023

Time

6:30pm CEST

Location

Virtual

play_circle

Questions? Join the conversation on Discord channel #italiano-devsecon-discussions

About the event:

DSC Italy is excited to announce an upcoming event featuring Alessandro Braccio, DSC Italy Chapter Leader, and Alessandro Brucato, Senior Threat Research Engeneer, as speakers. Join us for an insightful session where we will delve into the SCARLETEEL operation, a relentless threat first uncovered by the Sysdig Threat Research Team in February 2023. SCARLETEEL is a formidable adversary, constantly evolving its strategies to extract sensitive data and intellectual assets from AWS cloud environments. During this talk, we will examine real-world examples of SCARLETEEL’s infiltration into an unsuspecting victim’s AWS account through a compromised Kubernetes container.

Additionally, we will explore the security landscape surrounding various AWS technologies, including Elastic Compute Cloud (EC2), Identity and Access Management (IAM), Lambda serverless functions, and their Terraform Infrastructure as Code (IaC) modules. Our aim is to provide invaluable defensive insights for each of these technologies, equipping you with the knowledge to fortify your defenses and thwart similar attacks in the future.

Event Details:

Speaker 1: 

Name: Alessandro Braccio

Bio: Alessandro Braccio is passionate about Product Security, in particular focus on the Application and Cloud Security field. His interests and expertise stem from DevSecOps, Cloud Security, IoT Security, OWASP Methodologies, Full-Stack Development and more! Over the last decade, he has worked as a Security Consultant, Security Engineer, Penetration Tester, Security Trainer and Full Stack Developer in a variety of companies and sectors. Currently, Alessandro works as a Senior Security Engineer at Arduino

Speaker 2:

Name: Alessandro Brucato

Bio: Alessandro is a threat research engineer at Sysdig with a background in penetration testing of web and mobile applications. His research includes cloud and container security, with a specific focus on supply chain attacks and cloud platform exploitation. While studying computer science and engineering at Politecnico di Milano, he participated in some bug bounty programs where he received rewards from several large companies. Alessandro is also a contributor to Falco, an incubation-level CNCF project.

Date: 11th October, 2023

Time: 6:30pm CEST

Location: Virtual

Join the Community!
If you haven’t joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity

Don’t miss this opportunity to gain valuable insights into the ever-evolving world of AWS security from Alessandro Braccio and Alessandro Brucato. Join us for an engaging and informative event that promises to enhance your knowledge and strengthen your defenses against cybersecurity threats.

 

 

Alessandro Braccio

Senior Security Engineer at Arduino

About Alessandro Braccio

Alessandro Braccio is passionate about Product Security, in particular focus on the Application and Cloud Security field. His interests and expertise stem from DevSecOps, Cloud Security, IoT Security, OWASP Methodologies, Full-Stack Development and more! Over the last decade, he has worked as a Security Consultant, Security Engineer, Penetration Tester, Security Trainer and Full Stack Developer in a variety of companies and sectors. Currently, Alessandro works as a Senior Security Engineer at Arduino

Alessandro Brucato

Senior Threat Research Engineer at Sysdig

About Alessandro Brucato

Alessandro is a threat research engineer at Sysdig with a background in penetration testing of web and mobile applications. His research includes cloud and container security, with a specific focus on supply chain attacks and cloud platform exploitation. While studying computer science and engineering at Politecnico di Milano, he participated in some bug bounty programs where he received rewards from several large companies. Alessandro is also a contributor to Falco, an incubation-level CNCF project.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close