Cybersecurity Research Papers
Master's degree candidates at SANS.edu conduct research that is relevant, has real world impact, and often provides cutting-edge advancements to the field of cybersecurity, all under the guidance and review of our world-class instructors.
Leveraging Large Language Models for Cross-Vendor Firewall Configuration Migration: A Comparative Case Study of Claude and ChatGPT
Research PaperDigital Forensics and Incident ResponseThis paper investigates how two current-generation large language models (LLMs) perform on a single, representative firewall migration task.
- 12 May 2026
Applying CIS Controls to AI Workflows
Research PaperDigital Forensics and Incident ResponseThis research provides guidance on using the CIS Controls in conjunction with AI-specific frameworks to build a robust information security program.
- 12 May 2026
- Brian Ventura
Autonomous Defense Induced Disruption: How AI-Driven Automated Response Can Be Manipulated to Disrupt Enterprise Operations
Research PaperArtificial IntelligenceThe research highlights the need for governance controls, privilege-aware safeguards, and system-level constraints to prevent autonomous containment from causing operational disruption.
- 12 May 2026
Your Sensitive Data Has Left the Chat: LLMs as Sensitive Data Detectors
Research PaperArtificial IntelligenceThis paper seeks to evaluate the hypothesis that language models, large and small, can perform well at sensitive data classification and to offer a solution for companies trying to detect contextually sensitive data in their AI workflows.
- 12 May 2026
A Forensic Study of Artifact Persistence in Containerd-Based Kubernetes Workloads
Research PaperDigital Forensics and Incident ResponseA container is a standard unit of software that packages code, including its dependencies, so the application runs quickly and reliably across computing environments.
- 12 May 2026
Untested: An Overlooked Link in the Software Supply Chain
Research PaperCyber DefenseThis research explores test code as an attack surface and takes a first step toward creating a tool to help analysts detect and mitigate malware lurking in test libraries.
- 16 Apr 2026
Sanitized in the Source: Removing Embedded Objects from PLC Projects with CDR
Research PaperIndustrial Control Systems SecurityThis research seeks to outline a methodology to sanitize supported PLC project files for security while also confirming their operational reliability.
- 16 Apr 2026
Cyber Risk Intelligence and Security Posture (CRISP): From Compliance to Threat-Informed Intelligence
Research PaperCyber DefenseThis paper presents CRISP (Cyber Risk Intelligence & Security Posture), a platform that automates the transformation of STIG compliance data into threat-informed security intelligence.
- 7 Apr 2026
Implementing Micro-Segmentation in a Legacy Enterprise Lab Network: A Zero Trust Approach to Reducing Lateral Movement, Improving Containment, and Controlling Operational Overhead
Research PaperDigital Forensics and Incident ResponseThis study evaluates micro-segmentation as a practical Zero Trust control in a Windows Active Directory lab that models common legacy dependencies (directory services, file services, a web tier, and a database tier).
- 24 Mar 2026
Assessing the Impact of Memory Acquisition on Key Windows Artifacts
Research PaperDigital Forensics and Incident ResponseThis research evaluates the impact of memory capture tools on data at rest, aiming to understand the degree of change that occurs to artifacts, measure differences based on tool selection, and inform best practices for live responders.
- 20 Mar 2026
Post-Exploitation: C2 Framework Effectiveness Against Advanced Audit Logging
Research PaperOffensive OperationsThis research paper examines the effectiveness of a sample of open-source Commandand-Control (C2) frameworks in evading advanced audit logging during postexploitation.
- 20 Mar 2026
Leveraging Generative AI for Password Cracking Efficiency Under Resource Constraints
Research PaperArtificial IntelligenceThe purpose of this research is to investigate whether generative AI can alleviate the hardware and financial burdens of password cracking (password recovery) while maintaining or even improving cracking success rates.
- 20 Mar 2026