SCARLETEEL: Advancing Cloud Attack Chains

Explore the sophisticated SCARLETEEL operation targeting Amazon Web Services (AWS) in this 59-minute webinar presented by DevSecCon Italy's chapter leader Alessandro Braccio and Senior Threat Engineer Alessandro Brucato. Gain insights into how financially motivated threat actors infiltrate AWS environments to steal credentials and intellectual property, and perform cryptojacking attacks. Examine real-world examples of how SCARLETEEL compromised a victim's AWS account through a Kubernetes container. Dive deep into the security aspects of AWS technologies, including Elastic Compute Cloud (EC2), Identity and Access Management (IAM), Lambda serverless functions, and their Terraform Infrastructure as Code (IaC) modules. Learn valuable defensive strategies to strengthen your cloud security posture and prevent similar attacks in the future.