Cybersecurity Research Papers
Master's degree candidates at SANS.edu conduct research that is relevant, has real world impact, and often provides cutting-edge advancements to the field of cybersecurity, all under the guidance and review of our world-class instructors.
Inside the Five Most Dangerous New Attack Techniques
Research PaperCloud Security, Digital Forensics and Incident Response, Cybersecurity Leadership, Artificial Intelligence, Industrial Control Systems SecurityContainers are at the frontline of modern organizations. Protecting them is of utmost importance as they support critical business processes. The popular shift-left security approach for containers is adding value for short-lived containers; however, as containers persist over time, runtime security becomes essential to limit the impact of any successful attack.
- 8 Dec 2025
- Heather Barnhart, Rob T. Lee, Joshua Wright, Tim Conway
Infrastructure as Code-Driven Group Policy Infrastructure: A Comprehensive Engine for Group Policy Architecture and Enforcement
Research PaperCyber DefenseThis study introduces a PowerShell-based Infrastructure as Code (IaC) engine developed to automate the setup and enforcement of a STIG-compliant Group Policy framework.
- 5 Dec 2025
Marketing or Added Value? The Truth About Purpose-Built Detection and Response for Containers
Research PaperCloud SecurityContainers are at the frontline of modern organizations. Protecting them is of utmost importance as they support critical business processes. The popular shift-left security approach for containers is adding value for short-lived containers; however, as containers persist over time, runtime security becomes essential to limit the impact of any successful attack.
- 5 Dec 2025
SANS 2025 Detection and Response Survey Webcast and Forum
Research PaperCyber DefenseAs cyber threats grow in complexity and frequency, organizations' strategies for detection and response must continuously evolve. The SANS 2025 Detection and Response Survey white paper delves into the current state of cybersecurity operations, questioning whether the heavy emphasis on endpoint detection is creating new blind spots.
- 26 Nov 2025
- Josh Lemon
Eliminate Endpoint Blind Spots: Real-Time Security and Governance with Autonomous AI
Research PaperCybersecurity InsightsTanium’s Autonomous Endpoint Management (AEM) offers a new path forward. AEM combines real-time visibility with artificial intelligence and automation, allowing organizations to safely manage their enterprise at scale while remaining continuously updated through live data.
- 25 Nov 2025
- Jonathan Risto
Enhancing Security Operations with Google Threat Intelligence
Research PaperOffensive OperationsThis product review examines how Google Threat Intelligence's extensive data sources, real-time insights, and investigative capabilities can elevate SecOps workflows and strengthen an organization’s defensive posture.
- 24 Nov 2025
- Dave Shackleford
No-Cost Detection of Endpoint Hard Drive Removal
Research PaperArtificial IntelligenceThis paper analyzes low-cost detection methods, using existing hard drive counters from Self-Monitoring, Analysis, and Reporting Technology (S.M.A.R.T.) and the Windows Registry, for their fidelity in detecting hard drive removal.
- 19 Nov 2025
Defending Vulnerable Populations Against Scams: Effectiveness of Browser Extensions in Mitigating Scammer Attack Chains
Research PaperCyber DefenseThis research evaluates the effectiveness of a browser extension as a security control—Grandma’s Guardian—designed for simplicity and accessibility so that even non-technical home users can benefit from enterprise-grade protection.
- 19 Nov 2025
Measuring Malware Obfuscation: Evaluating CNN- Based Detection for Real-World Resilience
Research PaperDigital Forensics and Incident ResponseThis study examined how layered obfuscation affects image-based convolutional neural network (CNN) detectors and introduces a novel, reproducible framework for measuring obfuscation itself.
- 19 Nov 2025
New-to-Cyber Field Manual: How to Break In, Build Skills, and Find Your Path in Cybersecurity
Research PaperCybersecurity and IT EssentialsNew-to-Cyber Field Manual: How to Break In, Build Skills, and Find Your Path in Cybersecurity
- 11 Nov 2025
- SANS Institute
Autonomous Endpoint Management: Next-Gen Endpoint Visibility Fueling SecOps and IT Ops with AI
Research PaperCloud SecurityThis First Look outlines how Tanium’s single-agent architecture and AI-powered capabilities empower teams to operate from a shared source of truth, reduce operational overhead, and achieve measurable ROI.
- 10 Nov 2025
- Matt Bromiley
Code Modularity as a Heuristic for Malware Design
Research PaperIndustrial Control Systems SecurityMalware targeting industrial control systems (ICS) and critical infrastructure often exhibits a modular architecture, using a central loader to execute interchangeable payload modules.
- 7 Nov 2025