Who Needs a Pentest: Validating the Configuration of an EDR Solution Using the MITRE ATT&CK Framework
Is that EDR suite fully configured, and providing the expected protection? Do we have a scalable way to test the EDR solution's configuration without requiring a large team or a complete penetration test?
SANS_A_Fowler_Who_Needs_Pentest (PDF, 2.16MB)
7 Nov 2023Related Content
Infrastructure as Code-Driven Group Policy Infrastructure: A Comprehensive Engine for Group Policy Architecture and Enforcement
Research PaperThis study introduces a PowerShell-based Infrastructure as Code (IaC) engine developed to automate the setup and enforcement of a STIG-compliant Group Policy framework.
- 5 Dec 2025
Enhancing Security Operations with Google Threat Intelligence
Research PaperThis product review examines how Google Threat Intelligence's extensive data sources, real-time insights, and investigative capabilities can elevate SecOps workflows and strengthen an organization’s defensive posture.
- 24 Nov 2025
- Dave Shackleford
Defending Vulnerable Populations Against Scams: Effectiveness of Browser Extensions in Mitigating Scammer Attack Chains
Research PaperThis research evaluates the effectiveness of a browser extension as a security control—Grandma’s Guardian—designed for simplicity and accessibility so that even non-technical home users can benefit from enterprise-grade protection.
- 19 Nov 2025
Structural Vulnerability: Autodesk Revit Server WAN Exposure Versus Cost of Autodesk Construction Cloud
Research PaperAutodesk Revit Server, a critical collaboration tool in the architecture, engineering, and construction (AEC) industry, was designed to operate within trusted networks.
- 7 Nov 2025
Building Scalable Detection-as-Code Pipelines with Agentic Validation and Refinement
Research PaperThe proposed DaC pipeline uses large language models (LLMs) for logic conversion, variant analysis, and simulation testing via Atomic Red Team, with queries executed against Splunk to measure true positives and false negatives.
- 6 Nov 2025
Isolated Trust: Zero Trust in Standalone Systems
Research PaperThe use of air-gapped, isolated systems remains an essential tool for organizations that require high confidentiality or integrity, including those in the government, industrial control systems, and the banking industry.
- 6 Nov 2025
Interrogators: Attack Surface Mapping in an Agentic World
Research PaperThis research introduces the concept of AI agent interrogators and the open-source project Agent Interrogator, an opaque box interrogation framework designed to map the attack surface of agentic systems.
- 23 Oct 2025
Privacy Protections: Are Stronger Laws Changing What We Reveal?
Research PaperAs U.S. states enact privacy laws aimed at giving consumers more control over their personal data, little is known about whether privacy legislation influences individuals’ willingness to disclose their identity on public platforms.
- 26 Sep 2025
"You Again": Fingerprinting and Tracking Mechanisms of Malicious Sites
Research PaperBrowsers provide many APIs for any visited site to perform stateful and stateless tracking, and legitimate websites utilize these capabilities. Yet little is widely known about what tracking, if any, malicious sites perform.
- 26 Sep 2025
The Mimic Octopus: Weaponizing File Corruption and Recoverability to Bypass Antivirus and Email Filtering
Research PaperThis paper investigates a novel tactic in phishing operations where threat actors intentionally corrupt document and archive files, such as DOCX, DOCM, PDF, and ZIP , to evade antivirus (AV) and email filtering systems.
- 3 Sep 2025
Evaluating Zero Trust Network Access: A Framework for Comparative Security Testing
Research PaperEvaluating Zero Trust Network Access: A Framework for Comparative Security Testing
- 11 Jul 2025
AI-Driven Insecurity: Assessing Security Gaps in AI Generated IT Guidance
Research PaperThe increasing reliance on AI-generated technical guidance for IT system configuration introduces significant security risks. This study assesses these risks through a case study: setting up an Apache web server on a Rocky Linux system using instructions from seven AI models.
- 13 May 2025
From Crash to Compromise: Unlocking the Potential of Windows Crash Dumps in Offensive Security
Research PaperThis research explores how offensive security practitioners can incorporate crash dump analysis into their workflows to extract sensitive data such as plaintext credentials, encryption keys, and files from memory.
- 9 May 2025
- SANS Institute
SIEM Detection Logic Conversion with LLMs
Research PaperThis research explores how Large Language Models (LLMs) and automation scripts can expedite the translation of detection logic between SIEMs, converting detections in minutes instead of hours.
- 2 May 2025
Validating the Effectiveness of MITRE Engage and Active Defense
Research PaperThis research examines the impact of Active Defense compared to a traditional security posture when an adversary employs common tactics and techniques to identify high-value targets or exfiltrate sensitive data.
- 29 Mar 2025
Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components
Research PaperThe number of open-source software components, as well as the number of existing security...
- 26 Mar 2025
Strolling Through the STIG
Research PaperThe CKL file has become the unofficial common language amongst the Department of Defense activities...
- 7 Mar 2025
Building Resilient IoT Devices: Binary Hardening with Yocto and Clang
Research PaperThis paper addresses the critical need for enhanced security in Internet of Things (IoT) devices by evaluating the implementation of binary hardening techniques using Clang security features within the Yocto build environment.
- 3 Mar 2025
Identifying Advanced Persistent Threat Activity Through Threat-Informed Detection Engineering: Enhancing Alert Visibility in Enterprises
Research PaperAdvanced Persistent Threats (APTs) are among the most challenging to detect in enterprise...
- 20 Feb 2025
Persistence Busters: High Impact Methods for Adversary and Threat Detection
Research PaperThis research investigates the top persistence techniques targeting Windows systems as documented in the MITRE ATT&CK framework and how to detect them.
- 7 Feb 2025