MalwareGroup

1/ Some thoughts on the way ML gets talked about in security: Most security problems are not machine learning problems. Like encryption, dual-factor authentication, taint analysis, or hand-crafted IOCs, machine learning is just one of many security tools.

I saw a developer today. No company swag hoodie. No stickers on their laptop. No mechanical keyboard. No Windows or macOS. He just sat there. Typing away in vim IDE running on Arch Linux and older ThinkPad. Like a psychopath.

Since 2015, cumulative @awscloud revenue is ~$100 B. Analysts suggest that as much as half of that is from the private / venture backed industry, so I estimate as much as ~$50 billion from our ecosystem has gone to @amazon since 2015https://twitter.com/eliotwb/status/1222607348755120128 …

1\ Surprisingly, you could build a very mediocre PE malware detector with a single PE feature: the PE compile timestamp. In fact, I built a little random forest detector that uses only the timestamp as its feature that gets 62% detection on previously unseen malware at a 1% FPR.

Developers sitting in meetings and fixing CSS bugs all day: "Funny how I get paid for this" Developers working on open-source software that thousands of companies and developers depend on: "Funny how I don't get paid for this"