Skip to main content

Search

Request Info Apply Now

Undergraduate Certificates
Begin or advance your cybersecurity career at any age with our hands-on certificate programs.
Bachelors Degree
Transfer your credits to SANS.edu and become one of the most job-ready candidates in cybersecurity.
Graduate Certificates
Gain job-specific skills in highly technical certificate programs designed for working professionals.
Master’s Degree
Take your InfoSec career to the highest levels—developing both hands-on technical skills and the ability to lead.
Single Courses
Start with a course, advance to a cybersecurity certificate or degree
All Academic Programs
Explore hands-on undergraduate and graduate programs for every stage of your cybersecurity career.

Featured Program

Hands typing on a laptop

Applied Cybersecurity Certificate (ACS)

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Why SANS.edu?
How To Apply
Tuition & Funding

Join us for a free online info session to learn more.

Resources for Veterans

Learn how to get the most from your Veterans Education Benefits.

Women in Cybersecurity

Empowering women to thrive in cybersecurity.

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Research Overview
Learn how SANS.edu research is strengthening the field of cybersecurity.
Cybersecurity Research Papers
Explore real-world solutions to pressing issues across AI, cloud security, digital forensics and more.
Internet Storm Center
Discover the world's largest global cyber threat detection network.

Featured Research

Research Review Journal Volume 5

Explore the latest research from SANS.edu graduate students—professionals on the front lines of cybersecurity—tackling today’s toughest threats across AI, cloud security, digital forensics, zero trust, malware detection, and more.

Download the Journal

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

About Us
Students
Alumni
- Alumni Resources Alumni Resources
- Alumni Outcomes Report Alumni Outcomes Report

Launch Your Cyber Career

Let SANS.edu guide you on a proven path to success.

Sentinels Referral Program

Get recognized for your impact on the SANS.edu community.

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Search

Request Info Apply Now

Cyber Research Papers
/Exploring Infostealer Malware Techniques on Automotive Head Units

Cyber Research Papers

Exploring Infostealer Malware Techniques on Automotive Head Units

Automotive vehicles have become exponentially more computerized in the last decade, and automakers continue to add new functionality and integrations to these systems. While most research focuses on the safety features of autonomous and semi-autonomous vehicle capabilities, there is little research regarding the data collected by these systems and whether this data is of interest to threat actors.

SANS-D_Mazzella_Exploring_Infostealer_Malware_Techniques_on_Automotive_Head_Units (PDF, 62.95MB)

1 Mar 2024

ByDaniel Mazzella

Share

All papers are copyrighted

No re-posting of papers is permitted

Related Content

Know Your Blind Spots: Better Visibility Through EDR Policy Hardening

Endpoint Detection and Response (EDR) tools identify, detect, and respond to anomalous behavior.

9 Jun 2026
Joshuah Williams

Risk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP

Risk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP

4 Jun 2026
Matt Bromiley

Bridging the Gap Between Threat Intelligence and Business Risk

The importance of the threat intelligence function has grown significantly over the years to become a cornerstone of any cybersecurity group.

29 May 2026
Kevin Garvey

2026 SANS Cyber Threat Intelligence (CTI) Survey Insights

Every year, the SANS CTI Survey gets sharper. This year, it takes a step the field has needed for a while. For the first time, the 2026 survey includes a dedicated module for security executives, capturing responses from 67 CISOs and CSOs.

15 May 2026
Rebekah Brown, Andreas Sfakianakis

Applying CIS Controls to AI Workflows

This research provides guidance on using the CIS Controls in conjunction with AI-specific frameworks to build a robust information security program.

12 May 2026
Brian Ventura

A Forensic Study of Artifact Persistence in Containerd-Based Kubernetes Workloads

A container is a standard unit of software that packages code, including its dependencies, so the application runs quickly and reliably across computing environments.

12 May 2026
Ahmed Alharbi

Untested: An Overlooked Link in the Software Supply Chain

This research explores test code as an attack surface and takes a first step toward creating a tool to help analysts detect and mitigate malware lurking in test libraries.

16 Apr 2026
Evan Ottinger

Cyber Risk Intelligence and Security Posture (CRISP): From Compliance to Threat-Informed Intelligence

This paper presents CRISP (Cyber Risk Intelligence & Security Posture), a platform that automates the transformation of STIG compliance data into threat-informed security intelligence.

7 Apr 2026
Eric Kaden

Implementing Micro-Segmentation in a Legacy Enterprise Lab Network: A Zero Trust Approach to Reducing Lateral Movement, Improving Containment, and Controlling Operational Overhead

This study evaluates micro-segmentation as a practical Zero Trust control in a Windows Active Directory lab that models common legacy dependencies (directory services, file services, a web tier, and a database tier).

24 Mar 2026
Dennis Ankrah

Assessing the Impact of Memory Acquisition on Key Windows Artifacts

This research evaluates the impact of memory capture tools on data at rest, aiming to understand the degree of change that occurs to artifacts, measure differences based on tool selection, and inform best practices for live responders.

20 Mar 2026
Russell Devine

Enhancing Linux Threat Detection: A Sysmon - Based Approach to Identifying Sandworm TTPs

Linux systems have become foundational across modern IT enterprises. Threat actors are increasingly targeting Linux systems, including well - known advanced persistent threats (APTs) such as Sandworm.

20 Mar 2026
Joshua Keller

Open-Source National Security Infrastructure for Sweden’s National Security Apparatus

This paper investigates whether core IT infrastructure implemented using open-source software and infrastructure-as-code techniques can achieve compliance with selected information security requirements defined in Chapter 4 of PMFS 2022:1.

18 Mar 2026
Fredrik Bolinder

Configuring Windows 11 Workgroup Computers to CIS Windows 11 L1 and BitLocker Baseline Recommendations Using PowerShell DSC

Endpoints are often the first points of cyberattacks. Enterprises would often try to harden them according to established security baselines, such as those published by the Center for Internet Security (CIS).

24 Feb 2026
Tan Gui De

From Ambiguity to Action: A Forensic Framework for Differentiating ClickFix Payloads

The "ClickFix" social engineering technique, which leverages fake CAPTCHA or browser update lures to trick users into executing a malicious PowerShell script, presents a critical challenge for incident responders.

24 Feb 2026
James Chisolm-Williams

Digital Forensics and Incident Response in the Cloud: Addressing GCP Challenges

Many digital forensics and incident response (DFIR) practitioners, as well as aspiring cybersecurity analysts, often gravitate towards AWS and Azure as their first forays into cloud security.

16 Jan 2026
Mark Nakamura

Infrastructure as Code-Driven Group Policy Infrastructure: A Comprehensive Engine for Group Policy Architecture and Enforcement

This study introduces a PowerShell-based Infrastructure as Code (IaC) engine developed to automate the setup and enforcement of a STIG-compliant Group Policy framework.

5 Dec 2025
Garland Brown

Defending Vulnerable Populations Against Scams: Effectiveness of Browser Extensions in Mitigating Scammer Attack Chains

This research evaluates the effectiveness of a browser extension as a security control—Grandma’s Guardian—designed for simplicity and accessibility so that even non-technical home users can benefit from enterprise-grade protection.

19 Nov 2025
Thomas Gorman

Measuring Malware Obfuscation: Evaluating CNN- Based Detection for Real-World Resilience

This study examined how layered obfuscation affects image-based convolutional neural network (CNN) detectors and introduces a novel, reproducible framework for measuring obfuscation itself.

19 Nov 2025
Michael Reglein

Scrutinizing A Web-Based LLM in Private Browsing Mode: An Analysis of Memory Artifacts and Privacy Implications

Using web-based LLMs such as ChatGPT has changed the web browsing landscape to become part of the typical everyday experience.

7 Nov 2025
Chris Kosmas

Building Scalable Detection-as-Code Pipelines with Agentic Validation and Refinement

The proposed DaC pipeline uses large language models (LLMs) for logic conversion, variant analysis, and simulation testing via Atomic Red Team, with queries executed against Splunk to measure true positives and false negatives.

6 Nov 2025
Benjamin Opel

Cybersecurity is all we teach, and nobody does it better.

Research
Resources
Learn More

Privacy Policy
Terms and Conditions
Admissions
Do Not Sell/Share My Personal Information
Cookie Notice

© 2026 The Escal Institute of Advanced Technologies, Inc. d/b/a SANS Institute.

Our Terms and Conditions detail our trademark and copyright rights. Any unauthorized use is expressly prohibited.

SANS Institute
Internet Storm Center