Just trying to understand the phrase "malware analysis evasion and counter-evasion" (https://dl.acm.org/doi/10.1145/3150376.3150378) is like evaluating a formula with nested negations. "malware" (bad!), "analysis" (good!), "evasion" (bad!) "and counter-evasion" (and also good!)

Do security researchers ever get confused as to whether they're the good guys or the bad guys?

@lindsey simple answer: to develop a strong defense you must understand offense along with most likely attack vectors. Usually, those that write and talk about it are the "good guys" ;)

@lindsey @at it’s a “think like a thief” situation. You have to think the evil stuff is cool and beautiful from a technical standpoint or you won’t be able to understand it well enough to shut it down.

@lindsey yes.

@lindsey Yes, very much so. Lots of them end up working on systems designed to keep you from using your own computer the way you want to or to protect the systems used to commit war crimes and genocide, etc.

@0xabad1dea

The title of one of the presentations I currently do is "Think like a hacker".

Precisely because if you don't, you're not securing the right things ...

@lindsey @at

People keep expecting the torment nexus to be clearly labelled. Instead, the label reads "phishing protection" or "stop the scammers" or other generic good things.

It's on you to think about what you're building, and whether it can be used as a component of a torment nexus.

Sometimes, things that can be used for good can also be used to harm people, and in this adversarial world, it probably means that they will be.

CC: @lindsey@recurse.social

@lindsey

There is plenty of cat-and-mouse in the field, and most of us on the defense side of things tend to build awareness of offensive techniques so that we can counter them and better protect people. That's even true of many of the people working in offensive security, like vulnerability research, red teaming, penetration testing, etc. The goal there is to harden systems to better protect the people using them.

That said, there are plenty of people out there doing offensive work for the wrong reasons, harming others along the way. Otherwise we defenders wouldn't be employed. There are plenty of malware authors and operators out there.

My experience is that the folks doing harmful work tend to not suffer from much confusion or agonize over the harms they are causing on account of their enormous egos, overconfidence, greed, and lack of empathy.