Skip to main content

SANS 2025 CTI Survey Webcast & Forum: Navigating Uncertainty in Today’s Threat Landscape

This paper explores results from the SANS 2025 CTI Survey, with insights into how cybersecurity professionals are navigating the ever-evolving landscape of cyber threat intelligence.

Download file

SANS-2025-CTI-Survey-Brown (PDF, 4.06MB)

20 May 2025
ByRebekah Brown, Andreas Sfakianakis
Share
All papers are copyrighted

No re-posting of papers is permitted

Related Content

Leveraging Large Language Models for Cross-Vendor Firewall Configuration Migration: A Comparative Case Study of Claude and ChatGPT

Research Paper

This paper investigates how two current-generation large language models (LLMs) perform on a single, representative firewall migration task.

  • 12 May 2026

Applying CIS Controls to AI Workflows

Research Paper

This research provides guidance on using the CIS Controls in conjunction with AI-specific frameworks to build a robust information security program.

  • 12 May 2026
  • Brian Ventura

A Forensic Study of Artifact Persistence in Containerd-Based Kubernetes Workloads

Research Paper

A container is a standard unit of software that packages code, including its dependencies, so the application runs quickly and reliably across computing environments.

  • 12 May 2026

Implementing Micro-Segmentation in a Legacy Enterprise Lab Network: A Zero Trust Approach to Reducing Lateral Movement, Improving Containment, and Controlling Operational Overhead

Research Paper

This study evaluates micro-segmentation as a practical Zero Trust control in a Windows Active Directory lab that models common legacy dependencies (directory services, file services, a web tier, and a database tier).

  • 24 Mar 2026

Assessing the Impact of Memory Acquisition on Key Windows Artifacts

Research Paper

This research evaluates the impact of memory capture tools on data at rest, aiming to understand the degree of change that occurs to artifacts, measure differences based on tool selection, and inform best practices for live responders.

  • 20 Mar 2026

From Ambiguity to Action: A Forensic Framework for Differentiating ClickFix Payloads

Research Paper

The "ClickFix" social engineering technique, which leverages fake CAPTCHA or browser update lures to trick users into executing a malicious PowerShell script, presents a critical challenge for incident responders.

  • 24 Feb 2026

Digital Forensics and Incident Response in the Cloud: Addressing GCP Challenges

Research Paper

Many digital forensics and incident response (DFIR) practitioners, as well as aspiring cybersecurity analysts, often gravitate towards AWS and Azure as their first forays into cloud security.

  • 16 Jan 2026

Measuring Malware Obfuscation: Evaluating CNN- Based Detection for Real-World Resilience

Research Paper

This study examined how layered obfuscation affects image-based convolutional neural network (CNN) detectors and introduces a novel, reproducible framework for measuring obfuscation itself.

  • 19 Nov 2025

Structural Vulnerability: Autodesk Revit Server WAN Exposure Versus Cost of Autodesk Construction Cloud

Research Paper

Autodesk Revit Server, a critical collaboration tool in the architecture, engineering, and construction (AEC) industry, was designed to operate within trusted networks.

  • 7 Nov 2025

Scrutinizing A Web-Based LLM in Private Browsing Mode: An Analysis of Memory Artifacts and Privacy Implications

Research Paper

Using web-based LLMs such as ChatGPT has changed the web browsing landscape to become part of the typical everyday experience.

  • 7 Nov 2025

Adversary-Aware IOC Retention: Analyzing Time-to-Live Patterns by Threat Actor Attribution

Research Paper

After analyzing hundreds of IOCs across three unique Advanced Persistent Threats (APTs) from disparate regions, it can be confirmed that not only do threat actors cycle their IOCs at different rates, but those rates can be tracked. This paper introduces an enhanced decay model incorporating a threat actor variable that accounts for these differences in sophistication and hygiene.

  • 23 Oct 2025

Breaking Time: Methods, Artifacts, and Forensic Detection of Timestomping on FAT32, Ext3, and Ext4 File Systems

Research Paper

This paper explores the diverse methods used to timestomp files on FAT, Ext3, and Ext4 file systems, focusing on how adversaries adapt their approaches based on available system access and permissions.

  • 23 Oct 2025

Breaking Through Deception: Addressing Barriers in the Adoption of Cyber Deception Technologies

Research Paper

Despite the increasing sophistication of cyber threats and the need for organizations to employ innovative defense strategies, cyber deception technologies, tools designed to mislead attackers and gain a defensive advantage, remain significantly underutilized across organizational cybersecurity programs.

  • 23 Oct 2025

Privacy Protections: Are Stronger Laws Changing What We Reveal?

Research Paper

As U.S. states enact privacy laws aimed at giving consumers more control over their personal data, little is known about whether privacy legislation influences individuals’ willingness to disclose their identity on public platforms.

  • 26 Sep 2025

Forensic Investigation of Bluetooth-Based Credit Card Skimmers

Research Paper

Hidden Bluetooth Low Energy (BLE) credit skimmers are a growing threat to credit card fraud. Criminals can set up practical and inexpensive systems built on top of modules, such as the HM-19, to collect and transmit stolen data covertly across wireless channels.

  • 3 Sep 2025

SANS 2025 Security Awareness Report

Research Paper

Now in its 10th year, the SANS Security Awareness Report remains the definitive, practitioner-built resource for understanding and managing the human side of cybersecurity.

  • 12 Aug 2025
  • Lance Spitzner

Be a DLP Hero: How to Quickly Deliver Value from Your DLP Program and Set It Up for Future Success

Research Paper

Download this paper and learn how to launch or strengthen your data loss prevention (DLP) program.

  • 3 Jun 2025
  • Kevin Garvey

Resiliency and Business Continuity in the Cloud Era

Research Paper

In this white paper, Dave Shackleford unpacks today’s evolving cloud threat landscape.

  • 21 May 2025
  • Dave Shackleford

Collaborative Mobile App Security Development and Analysis

Research Paper

In this tactical, insight-rich review, Jeroen Beckers shares how to overcome mobile app security challenges and modernize your testing with Corellium’s virtual device platform—built for real-world conditions and faster results.

  • 19 May 2025
  • Jeroen Beckers

Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?

Research Paper

In February 2024, after building trust over two years with project maintainers by making a significant volume of legitimate contributions, GitHub user "JiaT75" self-merged a version of the XZ Utils project containing a highly sophisticated well-disguised backdoor targeting sshd processes running on systems with the backdoored package installed.

  • 13 May 2025
  • SANS Institute