Skip to main content

Inside the Five Most Dangerous New Attack Techniques

For nearly two decades, SANS and RSAC™ have collaborated to explore the latest attack techniques and share knowledge that equips defenders with the tools they need to stay ahead of adversaries.

This e-book represents the next evolution of that effort. Here, we take the five key topics presented from the keynote stage and expand them into four full-length chapters. The chapters provide context, case studies, and actionable recommendations for enterprises defending against the most pressing challenges in cybersecurity today. Written by leading SANS instructors and authors—each a recognized expert in their field—these chapters combine technical depth with practical guidance that organizations can put to work immediately.

For deeper insights into each topic, unlock the individual white papers here

Download file

SANS-RSAC-ebook-2025 (PDF, 10.59MB)

8 Dec 2025
ByHeather Barnhart, Rob T. Lee, Joshua Wright, Tim Conway
Share
All papers are copyrighted

No re-posting of papers is permitted

Related Content

Sanitized in the Source: Removing Embedded Objects from PLC Projects with CDR

Research Paper

This research seeks to outline a methodology to sanitize supported PLC project files for security while also confirming their operational reliability.

  • 16 Apr 2026

Implementing Micro-Segmentation in a Legacy Enterprise Lab Network: A Zero Trust Approach to Reducing Lateral Movement, Improving Containment, and Controlling Operational Overhead

Research Paper

This study evaluates micro-segmentation as a practical Zero Trust control in a Windows Active Directory lab that models common legacy dependencies (directory services, file services, a web tier, and a database tier).

  • 24 Mar 2026

Assessing the Impact of Memory Acquisition on Key Windows Artifacts

Research Paper

This research evaluates the impact of memory capture tools on data at rest, aiming to understand the degree of change that occurs to artifacts, measure differences based on tool selection, and inform best practices for live responders.

  • 20 Mar 2026

Leveraging Generative AI for Password Cracking Efficiency Under Resource Constraints

Research Paper

The purpose of this research is to investigate whether generative AI can alleviate the hardware and financial burdens of password cracking (password recovery) while maintaining or even improving cracking success rates.

  • 20 Mar 2026

ICS Asset Inventory: Passive, or Active? Siemens S7-1200 PLCs

Research Paper

This research builds on previous research to determine what information can and cannot be gleaned solely from passive traffic analysis, specifically for a Siemens S7-1200 PLC.

  • 12 Mar 2026

Reducing Excessive Trust in the Web PKI Ecosystem

Research Paper

This research examines the possibility of developing an add-on for the open-source mitmproxy project to add drift detection for root Certification Authority (CA) certificates, incorporate policy-based controls over which CAs are allowed, and leverage an ensemble of existing technologies—some in novel ways—to reduce the level of trust placed in the public Web PKI.

  • 12 Mar 2026

Detecting AI Pickling

Research Paper

This study examines whether static analysis is a dependable "certification gate" for ingesting third-party, pickle-based AI model artifacts from open-source model hubs into a trusted internal registry.

  • 12 Mar 2026

How Many LLMs Does it Take to Classify a Suspicious Email?

Research Paper

This study examines the accuracy, reliability, and operational behavior of three widely available LLMs using a dataset of 2000 human-written emails containing both legitimate and suspicious messages.

  • 12 Mar 2026

Autonomous Threat Emulation and Detection Using Agentic AI

Research Paper

Traditional threat emulation frameworks struggle to capture the dynamic and adaptive behaviours of modern Advanced Persistent Threats (APTs), leaving defenders reliant on static tests that quickly become obsolete.

  • 10 Mar 2026

Evaluating Configurations for Reducing Problematic Emotional Engagement in Enterprise LLM Deployments: Implications for Insider Threat Risk

Research Paper

The risks of Large Language Models (LLMs) include triggering psychological drivers associated with malicious insider threat behavior. This study utilized AWS Bedrock to demonstrate that specific system-level configurations and guardrails can effectively mitigate these risks by reducing problematic human-AI engagement.

  • 2 Mar 2026

From Ambiguity to Action: A Forensic Framework for Differentiating ClickFix Payloads

Research Paper

The "ClickFix" social engineering technique, which leverages fake CAPTCHA or browser update lures to trick users into executing a malicious PowerShell script, presents a critical challenge for incident responders.

  • 24 Feb 2026

Protecting OT’s Inherent Front-End Vulnerabilities: Legacy SQL Dependencies in Building Automation Systems Through the Lens of the SANS ICS Five Critical Controls

Research Paper

This research presents a practical method for building a Software Bill of Materials (SBOM) for BAS front ends, augmenting it with Shodan exposure analysis, classifying it in a risk heat map, and mitigating using the SANS ICS Five Controls, with an emphasis on Risk-Based Vulnerability Management and Defensible Architecture.

  • 9 Feb 2026

Digital Forensics and Incident Response in the Cloud: Addressing GCP Challenges

Research Paper

Many digital forensics and incident response (DFIR) practitioners, as well as aspiring cybersecurity analysts, often gravitate towards AWS and Azure as their first forays into cloud security.

  • 16 Jan 2026

Marketing or Added Value? The Truth About Purpose-Built Detection and Response for Containers

Research Paper

With the rise of Cloud Detection and Response (CDR), this paper dives deeper into the added value and gaps of these solutions compared to the traditional pillar, Endpoint Detection and Response (EDR).

  • 5 Dec 2025

No-Cost Detection of Endpoint Hard Drive Removal

Research Paper

This paper analyzes low-cost detection methods, using existing hard drive counters from Self-Monitoring, Analysis, and Reporting Technology (S.M.A.R.T.) and the Windows Registry, for their fidelity in detecting hard drive removal.

  • 19 Nov 2025

Measuring Malware Obfuscation: Evaluating CNN- Based Detection for Real-World Resilience

Research Paper

This study examined how layered obfuscation affects image-based convolutional neural network (CNN) detectors and introduces a novel, reproducible framework for measuring obfuscation itself.

  • 19 Nov 2025

Autonomous Endpoint Management: Next-Gen Endpoint Visibility Fueling SecOps and IT Ops with AI

Research Paper

This First Look outlines how Tanium’s single-agent architecture and AI-powered capabilities empower teams to operate from a shared source of truth, reduce operational overhead, and achieve measurable ROI.

  • 10 Nov 2025
  • Matt Bromiley

Code Modularity as a Heuristic for Malware Design

Research Paper

Malware targeting industrial control systems (ICS) and critical infrastructure often exhibits a modular architecture, using a central loader to execute interchangeable payload modules.

  • 7 Nov 2025

Structural Vulnerability: Autodesk Revit Server WAN Exposure Versus Cost of Autodesk Construction Cloud

Research Paper

Autodesk Revit Server, a critical collaboration tool in the architecture, engineering, and construction (AEC) industry, was designed to operate within trusted networks.

  • 7 Nov 2025

Scrutinizing A Web-Based LLM in Private Browsing Mode: An Analysis of Memory Artifacts and Privacy Implications

Research Paper

Using web-based LLMs such as ChatGPT has changed the web browsing landscape to become part of the typical everyday experience.

  • 7 Nov 2025