Skip to main content

Who Needs a Pentest: Validating the Configuration of an EDR Solution Using the MITRE ATT&CK Framework

Is that EDR suite fully configured, and providing the expected protection? Do we have a scalable way to test the EDR solution's configuration without requiring a large team or a complete penetration test?

Download file

SANS_A_Fowler_Who_Needs_Pentest (PDF, 2.16MB)

7 Nov 2023
ByAdam Fowler
Share
All papers are copyrighted

No re-posting of papers is permitted

Related Content

Risk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP

Research Paper

Risk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP

  • 4 Jun 2026
  • Matt Bromiley

Bridging the Gap Between Threat Intelligence and Business Risk

Research Paper

The importance of the threat intelligence function has grown significantly over the years to become a cornerstone of any cybersecurity group.

  • 29 May 2026
  • Kevin Garvey

2026 SANS Cyber Threat Intelligence (CTI) Survey Insights

Research Paper

Every year, the SANS CTI Survey gets sharper. This year, it takes a step the field has needed for a while. For the first time, the 2026 survey includes a dedicated module for security executives, capturing responses from 67 CISOs and CSOs.

  • 15 May 2026
  • Rebekah Brown, Andreas Sfakianakis

Untested: An Overlooked Link in the Software Supply Chain

Research Paper

This research explores test code as an attack surface and takes a first step toward creating a tool to help analysts detect and mitigate malware lurking in test libraries.

  • 16 Apr 2026
  • Evan Ottinger

Cyber Risk Intelligence and Security Posture (CRISP): From Compliance to Threat-Informed Intelligence

Research Paper

This paper presents CRISP (Cyber Risk Intelligence & Security Posture), a platform that automates the transformation of STIG compliance data into threat-informed security intelligence.

  • 7 Apr 2026
  • Eric Kaden

Post-Exploitation: C2 Framework Effectiveness Against Advanced Audit Logging

Research Paper

This research paper examines the effectiveness of a sample of open-source Commandand-Control (C2) frameworks in evading advanced audit logging during postexploitation.

  • 20 Mar 2026
  • Benjamin Evans

Enhancing Linux Threat Detection: A Sysmon - Based Approach to Identifying Sandworm TTPs

Research Paper

Linux systems have become foundational across modern IT enterprises. Threat actors are increasingly targeting Linux systems, including well - known advanced persistent threats (APTs) such as Sandworm.

  • 20 Mar 2026
  • Joshua Keller

Open-Source National Security Infrastructure for Sweden’s National Security Apparatus

Research Paper

This paper investigates whether core IT infrastructure implemented using open-source software and infrastructure-as-code techniques can achieve compliance with selected information security requirements defined in Chapter 4 of PMFS 2022:1.

  • 18 Mar 2026
  • Fredrik Bolinder

Reducing Excessive Trust in the Web PKI Ecosystem

Research Paper

This research examines the possibility of developing an add-on for the open-source mitmproxy project to add drift detection for root Certification Authority (CA) certificates, incorporate policy-based controls over which CAs are allowed, and leverage an ensemble of existing technologies—some in novel ways—to reduce the level of trust placed in the public Web PKI.

  • 12 Mar 2026
  • Daymon McCartney

Configuring Windows 11 Workgroup Computers to CIS Windows 11 L1 and BitLocker Baseline Recommendations Using PowerShell DSC

Research Paper

Endpoints are often the first points of cyberattacks. Enterprises would often try to harden them according to established security baselines, such as those published by the Center for Internet Security (CIS).

  • 24 Feb 2026
  • Tan Gui De

Infrastructure as Code-Driven Group Policy Infrastructure: A Comprehensive Engine for Group Policy Architecture and Enforcement

Research Paper

This study introduces a PowerShell-based Infrastructure as Code (IaC) engine developed to automate the setup and enforcement of a STIG-compliant Group Policy framework.

  • 5 Dec 2025
  • Garland Brown

Enhancing Security Operations with Google Threat Intelligence

Research Paper

This product review examines how Google Threat Intelligence's extensive data sources, real-time insights, and investigative capabilities can elevate SecOps workflows and strengthen an organization’s defensive posture.

  • 24 Nov 2025
  • Dave Shackleford

Defending Vulnerable Populations Against Scams: Effectiveness of Browser Extensions in Mitigating Scammer Attack Chains

Research Paper

This research evaluates the effectiveness of a browser extension as a security control—Grandma’s Guardian—designed for simplicity and accessibility so that even non-technical home users can benefit from enterprise-grade protection.

  • 19 Nov 2025
  • Thomas Gorman

Structural Vulnerability: Autodesk Revit Server WAN Exposure Versus Cost of Autodesk Construction Cloud

Research Paper

Autodesk Revit Server, a critical collaboration tool in the architecture, engineering, and construction (AEC) industry, was designed to operate within trusted networks.

  • 7 Nov 2025
  • Joshua Hall

Building Scalable Detection-as-Code Pipelines with Agentic Validation and Refinement

Research Paper

The proposed DaC pipeline uses large language models (LLMs) for logic conversion, variant analysis, and simulation testing via Atomic Red Team, with queries executed against Splunk to measure true positives and false negatives.

  • 6 Nov 2025
  • Benjamin Opel

Isolated Trust: Zero Trust in Standalone Systems

Research Paper

The use of air-gapped, isolated systems remains an essential tool for organizations that require high confidentiality or integrity, including those in the government, industrial control systems, and the banking industry.

  • 6 Nov 2025
  • Brian Crowley

Interrogators: Attack Surface Mapping in an Agentic World

Research Paper

This research introduces the concept of AI agent interrogators and the open-source project Agent Interrogator, an opaque box interrogation framework designed to map the attack surface of agentic systems.

  • 23 Oct 2025
  • Michael Samson

Privacy Protections: Are Stronger Laws Changing What We Reveal?

Research Paper

As U.S. states enact privacy laws aimed at giving consumers more control over their personal data, little is known about whether privacy legislation influences individuals’ willingness to disclose their identity on public platforms.

  • 26 Sep 2025
  • Katie Christensen

"You Again": Fingerprinting and Tracking Mechanisms of Malicious Sites

Research Paper

Browsers provide many APIs for any visited site to perform stateful and stateless tracking, and legitimate websites utilize these capabilities. Yet little is widely known about what tracking, if any, malicious sites perform.

  • 26 Sep 2025
  • Erin Kuffel-Flato

Continuous Penetration Testing: Closing the Gaps Between Threat and Response

Research Paper

This paper examines how Sprocket Security leverages attack surface management (ASM) to provide defenders with much-needed visibility and control.

  • 5 Sep 2025
  • Chris Dale