1/2 Over the past few weeks I've used the EMBER2024 model to try and figure out how to make implants less likely to be hit by ML. I wrote about the process here: https://t.co/9ys82E53cL
Under-the-hood, Ember uses LightGBM to score a sample from 0 to 1. I added this functionality into Citadel so any binaries added to the framework are now summarised and scored as well as the rest of the Citadel analysis. Read it here: https://t.co/jxxbFJkMNM
Last summer we spent some time collecting both benign and malicious applications. We picked it back up and put together a preliminary exploration of that dataset: https://t.co/KbuOMroAV9
Last summer we spent some time collecting both benign and malicious applications. We picked it back up and put together a preliminary exploration of that dataset: https://t.co/KbuOMroAV9
🧵 @MichaelJRanaldo and I have been accepted to talk @Steel_Con! We'll be going over our long and ongoing statistical analysis of goodware, malware, and "winware". Each category has its own and distinct features/nuances.
🧵1/2 In this blog I wanted to talk about some of the logging and modelling enhancements we've made to connect disparate tools together to produce enrichment models. Ultimately, this allows us to create objects for everyday objects (i.e. users, computers, domains, etc).