Submit to your local DSC chapter CFPSubmit now!


SCARLETEEL: Advancing Cloud Attack Chains with Alessandro Braccio and Alessandro Brucato

with Alessandro Braccio, Alessandro Brucato


Are you interested in understanding how financially motivated threat actors infiltrate Amazon Web Services ( AWS ) to steal credentials, and intellectual property and perform Cryptojacking attacks? Great! this webinar is for you! In this engaging session, presented by the DevSecCon Italy’s chapter leader, Alessando Braccio and Alessandro Brucato, Senior Threat Engineer, delve into the relentless SCARLETEEL operation, first unearthed by the Sysdig Threat Research Team in February 2023.

SCARLETEEL stands as a tenacious adversary, continually refining its strategies to successfully siphon sensitive data and intellectual assets from AWS cloud environments. We will immerse ourselves in real-world instances of how this operation infiltrated an unsuspecting victim’s AWS account through a compromised Kubernetes container.

Furthermore, they explore the security landscape surrounding various AWS technologies such as Elastic Compute Cloud (EC2), Identity and Access Management (IAM), Lambda serverless functions, and their Terraform Infrastructure as Code (IaC) modules. For each technology, they provide invaluable defensive insights to fortify your defenses and thwart future attacks of a similar nature.

Join the community!

If you haven’t joined the Discord community, please do so! You can find us on Discord at:

**This event was held in Italian**


Alessandro Braccio

Senior Security Engineer at Arduino

About Alessandro Braccio

Alessandro Braccio is passionate about Product Security, in particular focus on the Application and Cloud Security field. His interests and expertise stem from DevSecOps, Cloud Security, IoT Security, OWASP Methodologies, Full-Stack Development and more! Over the last decade, he has worked as a Security Consultant, Security Engineer, Penetration Tester, Security Trainer and Full Stack Developer in a variety of companies and sectors. Currently, Alessandro works as a Senior Security Engineer at Arduino

Alessandro Brucato

Senior Threat Research Engineer at Sysdig

About Alessandro Brucato

Alessandro is a threat research engineer at Sysdig with a background in penetration testing of web and mobile applications. His research includes cloud and container security, with a specific focus on supply chain attacks and cloud platform exploitation. While studying computer science and engineering at Politecnico di Milano, he participated in some bug bounty programs where he received rewards from several large companies. Alessandro is also a contributor to Falco, an incubation-level CNCF project.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy