Skip to main content

Exploring Infostealer Malware Techniques on Automotive Head Units

Automotive vehicles have become exponentially more computerized in the last decade, and automakers continue to add new functionality and integrations to these systems. While most research focuses on the safety features of autonomous and semi-autonomous vehicle capabilities, there is little research regarding the data collected by these systems and whether this data is of interest to threat actors.

Download file

SANS-D_Mazzella_Exploring_Infostealer_Malware_Techniques_on_Automotive_Head_Units (PDF, 62.95MB)

1 Mar 2024
ByDaniel Mazzella
Share
All papers are copyrighted

No re-posting of papers is permitted

Related Content

Untested: An Overlooked Link in the Software Supply Chain

Research Paper

This research explores test code as an attack surface and takes a first step toward creating a tool to help analysts detect and mitigate malware lurking in test libraries.

  • 16 Apr 2026

Cyber Risk Intelligence and Security Posture (CRISP): From Compliance to Threat-Informed Intelligence

Research Paper

This paper presents CRISP (Cyber Risk Intelligence & Security Posture), a platform that automates the transformation of STIG compliance data into threat-informed security intelligence.

  • 7 Apr 2026

Implementing Micro-Segmentation in a Legacy Enterprise Lab Network: A Zero Trust Approach to Reducing Lateral Movement, Improving Containment, and Controlling Operational Overhead

Research Paper

This study evaluates micro-segmentation as a practical Zero Trust control in a Windows Active Directory lab that models common legacy dependencies (directory services, file services, a web tier, and a database tier).

  • 24 Mar 2026

Assessing the Impact of Memory Acquisition on Key Windows Artifacts

Research Paper

This research evaluates the impact of memory capture tools on data at rest, aiming to understand the degree of change that occurs to artifacts, measure differences based on tool selection, and inform best practices for live responders.

  • 20 Mar 2026

Enhancing Linux Threat Detection: A Sysmon - Based Approach to Identifying Sandworm TTPs

Research Paper

Linux systems have become foundational across modern IT enterprises. Threat actors are increasingly targeting Linux systems, including well - known advanced persistent threats (APTs) such as Sandworm.

  • 20 Mar 2026

Open-Source National Security Infrastructure for Sweden’s National Security Apparatus

Research Paper

This paper investigates whether core IT infrastructure implemented using open-source software and infrastructure-as-code techniques can achieve compliance with selected information security requirements defined in Chapter 4 of PMFS 2022:1.

  • 18 Mar 2026

Configuring Windows 11 Workgroup Computers to CIS Windows 11 L1 and BitLocker Baseline Recommendations Using PowerShell DSC

Research Paper

Endpoints are often the first points of cyberattacks. Enterprises would often try to harden them according to established security baselines, such as those published by the Center for Internet Security (CIS).

  • 24 Feb 2026

From Ambiguity to Action: A Forensic Framework for Differentiating ClickFix Payloads

Research Paper

The "ClickFix" social engineering technique, which leverages fake CAPTCHA or browser update lures to trick users into executing a malicious PowerShell script, presents a critical challenge for incident responders.

  • 24 Feb 2026

Digital Forensics and Incident Response in the Cloud: Addressing GCP Challenges

Research Paper

Many digital forensics and incident response (DFIR) practitioners, as well as aspiring cybersecurity analysts, often gravitate towards AWS and Azure as their first forays into cloud security.

  • 16 Jan 2026

Inside the Five Most Dangerous New Attack Techniques

Research Paper

This e-book represents the next evolution of that effort. Here, we take the five key topics presented from the keynote stage and expand them into four full-length chapters.

  • 8 Dec 2025
  • Heather Barnhart, Rob T. Lee, Joshua Wright, Tim Conway

Infrastructure as Code-Driven Group Policy Infrastructure: A Comprehensive Engine for Group Policy Architecture and Enforcement

Research Paper

This study introduces a PowerShell-based Infrastructure as Code (IaC) engine developed to automate the setup and enforcement of a STIG-compliant Group Policy framework.

  • 5 Dec 2025

SANS 2025 Detection and Response Survey Webcast and Forum

Research Paper

As cyber threats grow in complexity and frequency, organizations' strategies for detection and response must continuously evolve. The SANS 2025 Detection and Response Survey white paper delves into the current state of cybersecurity operations, questioning whether the heavy emphasis on endpoint detection is creating new blind spots.

  • 26 Nov 2025
  • Josh Lemon

Defending Vulnerable Populations Against Scams: Effectiveness of Browser Extensions in Mitigating Scammer Attack Chains

Research Paper

This research evaluates the effectiveness of a browser extension as a security control—Grandma’s Guardian—designed for simplicity and accessibility so that even non-technical home users can benefit from enterprise-grade protection.

  • 19 Nov 2025

Measuring Malware Obfuscation: Evaluating CNN- Based Detection for Real-World Resilience

Research Paper

This study examined how layered obfuscation affects image-based convolutional neural network (CNN) detectors and introduces a novel, reproducible framework for measuring obfuscation itself.

  • 19 Nov 2025

Scrutinizing A Web-Based LLM in Private Browsing Mode: An Analysis of Memory Artifacts and Privacy Implications

Research Paper

Using web-based LLMs such as ChatGPT has changed the web browsing landscape to become part of the typical everyday experience.

  • 7 Nov 2025

Building Scalable Detection-as-Code Pipelines with Agentic Validation and Refinement

Research Paper

The proposed DaC pipeline uses large language models (LLMs) for logic conversion, variant analysis, and simulation testing via Atomic Red Team, with queries executed against Splunk to measure true positives and false negatives.

  • 6 Nov 2025

Isolated Trust: Zero Trust in Standalone Systems

Research Paper

The use of air-gapped, isolated systems remains an essential tool for organizations that require high confidentiality or integrity, including those in the government, industrial control systems, and the banking industry.

  • 6 Nov 2025

Adversary-Aware IOC Retention: Analyzing Time-to-Live Patterns by Threat Actor Attribution

Research Paper

After analyzing hundreds of IOCs across three unique Advanced Persistent Threats (APTs) from disparate regions, it can be confirmed that not only do threat actors cycle their IOCs at different rates, but those rates can be tracked. This paper introduces an enhanced decay model incorporating a threat actor variable that accounts for these differences in sophistication and hygiene.

  • 23 Oct 2025

Breaking Time: Methods, Artifacts, and Forensic Detection of Timestomping on FAT32, Ext3, and Ext4 File Systems

Research Paper

This paper explores the diverse methods used to timestomp files on FAT, Ext3, and Ext4 file systems, focusing on how adversaries adapt their approaches based on available system access and permissions.

  • 23 Oct 2025

Breaking Through Deception: Addressing Barriers in the Adoption of Cyber Deception Technologies

Research Paper

Despite the increasing sophistication of cyber threats and the need for organizations to employ innovative defense strategies, cyber deception technologies, tools designed to mislead attackers and gain a defensive advantage, remain significantly underutilized across organizational cybersecurity programs.

  • 23 Oct 2025