#309: When Malware PoC's are Themselves Malware
About the show
Sponsored by Microsoft for Startups Founders Hub.
Michael: #0: Python Bytes is 6 years old this week. Thank you! 🎉
- The paper
- They found that of the 47,313 GitHub repositories they had downloaded and checked, 4,893 (10.3%) were malicious.
- In some the attackers were trying to plant malware on users’ machines, while in others, they tried to open backdoors using CobaltStrike, for example
- Ignoring this problem can cause damage that ranges from infecting yourself as [a] user, to infecting your company and likely your customers as well if it’s a more sophisticated attack,” El Yadmani warned.
- Ruby 379
- Go 400
- Shell 652
- C++ 962
- Java 1071
- C 1686
- Python 8305
- Undetected 31858
- Example Python exfile script included in the paper
Brian #2: The great Mastodon experiment
- Context should be obvious re Twitter news.
- A lot of Python people have kept in touch via Twitter.
- A lot are now experimenting with Mastadon,
- What I did
- Now I’m ready for some tutorials, and here’s a list that looks decent:
- An Increasingly Less-Brief Guide to Mastodon
- Everything I know about Mastodon
- A hastily written guide for data science folks trying to navigate the fediverse.
- Mastodon is just blogs - Simon Willison is running his own server.
- Eight Mastodon apps for iPhone - I’m currently trying like 4, but you can also just log into your sever and do everything there.
- Fedi.Tips and their Beginners Start Here page
Michael #3: Gitpod and the traveling dev
- Gitpod is an open-source Kubernetes application for ready-to-code developer environments that spins up fresh, automated dev environments for each task, in the cloud, in seconds.
- Gitpod is paid, but there are decent free tiers
- Run a desktop or browser based version of VS Code or any JetBrains IDE and customise it to your individual needs - from themes to extensions, you have full control.
Brian #4: Color in the terminal
- pytest-check currently doesn’t use color
- but a little red for failures would be good (and was requested via an issue)
- I could use rich, but maybe that’s a slightly larger hammer than I need for this job
- Maybe raw escape sequences like
print('\033[31m' + 'some red text')
- kinda gross
- won’t work out of the box on Windows.
- But colorama can fix Windows.
- It just recently added
just_fix_windows_console(), which apparently works better than
init()in that it can be called multiple times without blowing up.
- Includes easier to read codes for some basic colors, so this works:
from colorama import just_fix_windows_console from colorama import Fore, Style just_fix_windows_console() print(Fore.RED + 'some red text') print(Style.RESET_ALL) print('back to normal now')
- It just recently added
- Simon Willison wrote What to blog about, which includes
- TIL (today I learned) posts that don’t need to be full tutorials
- Projects you’ve built
- I’d like to include
- Projects in progress
- Bug fixes or feature additions where you needed to learn a bit of something beforehand
- Example: I should write up “Adding red to pytest-check”
- Beanie reorg: There is no sync version here more. Please use Bunnet instead
- https://twitter.com/nicholdav/status/1589643652598759424 ?
- PyCon Days Breakdown
- Been playing with GeForce now, really impressive. Meanwhile, why is google still selling stadia?
- New video: A Walrus Meets a Python - What is the := Walrus Operator?
- New video: Python GC Settings - Change This and Go 20% Faster!