Structural Vulnerability: Autodesk Revit Server WAN Exposure Versus Cost of Autodesk Construction Cloud
Autodesk Revit Server, a critical collaboration tool in the architecture, engineering, and construction (AEC) industry, was designed to operate within trusted networks.
SANS_Structural_Vulnerability_Joshua_Hall_110625 (PDF, 5.46MB)
7 Nov 2025Related Content
Reducing Excessive Trust in the Web PKI Ecosystem
Research PaperThis research examines the possibility of developing an add-on for the open-source mitmproxy project to add drift detection for root Certification Authority (CA) certificates, incorporate policy-based controls over which CAs are allowed, and leverage an ensemble of existing technologies—some in novel ways—to reduce the level of trust placed in the public Web PKI.
- 12 Mar 2026
- Daymon McCartney
Privacy Protections: Are Stronger Laws Changing What We Reveal?
Research PaperAs U.S. states enact privacy laws aimed at giving consumers more control over their personal data, little is known about whether privacy legislation influences individuals’ willingness to disclose their identity on public platforms.
- 26 Sep 2025
- Katie Christensen
Forensic Investigation of Bluetooth-Based Credit Card Skimmers
Research PaperHidden Bluetooth Low Energy (BLE) credit skimmers are a growing threat to credit card fraud. Criminals can set up practical and inexpensive systems built on top of modules, such as the HM-19, to collect and transmit stolen data covertly across wireless channels.
- 3 Sep 2025
- John Passaro
A Pebble In the Ocean: Maximizing Log Fidelity In Container Environments
Research PaperLog fidelity is crucial for Incident Response Teams to investigate and contain cyber incidents but can be difficult to optimize in containerized environments.
- 17 Apr 2025
- Zach Salva
Unveiling the Dependency on Network Telemetry: Optimizing Lateral Movement Detection
Research PaperThis study investigates the dependency on network and endpoint telemetry for identifying lateral movement attacks, focusing on the Remote Services technique from MITRE ATT&CK.
- 17 Jan 2025
- Kyu Jin Therrien
Beyond Detection: Using Real Phishing Data to Gauge Security Training Program Success
Research PaperThis paper defines one method of network security monitoring in an organization to find these existing indicators.
- 7 Jan 2025
- Cory Keller
Revolutionizing Enterprise Security: The Exciting Future of Passkeys Beyond Passwords
Research PaperAs digital threats grow increasingly sophisticated, traditional password-based authentication systems are proving inadequate, leaving enterprises vulnerable to phishing, credential stuffing, and other cyberattacks.
- 23 Dec 2024
- Rich Greene
Protecting the Poor: A Deep Dive into EBT Skimming and Solutions to Combat It
Research PaperThis paper examines why EBT cards are vulnerable to skimming and explores potential preventive measures.
- 23 Dec 2024
- Anthony Vespa
Revolutionizing ISO 27001 Audit Evidence Collection: Steampipe as the Ultimate Tool
Research PaperIn the current landscape of increasing regulations, cyber breaches, and business risks, information...
- 5 Dec 2024
- Franklyn Camejo
The Open-Source Trap: Unraveling Open-Source Threats in the Software Supply Chain
Research PaperThe risk to the software supply chain is increasingly clear, as breaches like SolarWinds, Equifax,...
- 5 Dec 2024
- Clayton Boozell
Hook, Line, and Sinker: The Best Free Tools to Catch Phishing
Research PaperPhishing has become a widespread threat that organizations and IT security teams face daily. As...
- 5 Dec 2024
- Corrina Taylor
SANS 2024 State of ICS/OT Cybersecurity
Research PaperThis white paper, SANS Certified Instructor Jason Christopher explores the growing trends in cyber...
- 9 Oct 2024
- SANS Institute
Shining a Light on AI: Ensuring Vendor Transparency in Data Sourcing and Delivery
Research PaperAmidst the proliferation of AI solutions, the focus lies in evaluating transparency, undisclosed...
- 29 Jan 2024
- Brian P. Mohr
Assessing Operational Technology: Using the ONG-C2M2 Model and CIS Controls to Assess Operational Technology (OT) Environments
Research PaperMost small to medium-sized organizations rely heavily on CIS Controls (Center for Internet Security,...
- 20 Dec 2023
- Don Dragoo
Who Needs a Pentest: Validating the Configuration of an EDR Solution Using the MITRE ATT&CK Framework
Research PaperIs that EDR suite fully configured, and providing the expected protection? Do we have a scalable way...
- 7 Nov 2023
- Adam Fowler
Really, How Bad Do Routers Have It?
Research PaperIn recent years, the United States government has warned the public that state-sponsored cyber...
- 22 Feb 2023
- Jesse Schibilia
"Think Different" About Compliance: Is Effective, Automated macOS Configuration Achievable with NIST's macOS Security Compliance Project?
Research PaperInformation security compliance within the Apple macOS ecosystem is an especially challenging...
- 21 Dec 2022
- T. Boone Berlin
Inoculating the Masses: Evaluating Cybersecurity Awareness Training
Research PaperLike a disease, cybercrime is spreading across the world. The sums of money lost to these criminals...
- 22 Sep 2022
- Shay Christensen
Risk Prioritization: An Examination of Published Exploitability Ratings
Research PaperBusinesses struggle to prioritize the remediation of vulnerabilities in their environment. One...
- 27 Jan 2022
- Anthony Switzer
Building an Intelligent, Automated Tiered Phishing System: Matching the Message Level to User Ability
Research PaperPhishing campaigns and the procedures to run them have remained unchanged since the dawn of the...
- 12 Jan 2022
- Geoffrey Parker
