#309: When Malware PoC's are Themselves Malware

Published Wed, Nov 9, 2022, recorded Tue, Nov 8, 2022

Watch the live stream replay

About the show

Sponsored by Microsoft for Startups Founders Hub.

Michael: #0: Python Bytes is 6 years old this week. Thank you! 🎉

Michael #1: Malicious proof-of-concepts are exposing GitHub users to malware and more

The paper
They found that of the 47,313 GitHub repositories they had downloaded and checked, 4,893 (10.3%) were malicious.
In some the attackers were trying to plant malware on users’ machines, while in others, they tried to open backdoors using CobaltStrike, for example
Ignoring this problem can cause damage that ranges from infecting yourself as [a] user, to infecting your company and likely your customers as well if it’s a more sophisticated attack,” El Yadmani warned.
Languages
- Ruby 379
- Go 400
- JavaScript 548
- Shell 652
- C++ 962
- Java 1071
- C 1686
- Python 8305
- Undetected 31858
Example Python exfile script included in the paper

Brian #2: The great Mastodon experiment

Context should be obvious re Twitter news.
A lot of Python people have kept in touch via Twitter.
A lot are now experimenting with Mastadon,
What I did
- asked Twitter people which server to use, then just picked fosstodon.org, but there are many servers
- This is me: @brianokken@fosstodon.org
- Michael got in too: https://fosstodon.org/@mkennedy
- just started using it, following people, trying iOS clients, etc.
Now I’m ready for some tutorials, and here’s a list that looks decent:
- An Increasingly Less-Brief Guide to Mastodon
- Everything I know about Mastodon
  - A hastily written guide for data science folks trying to navigate the fediverse.
- Mastodon is just blogs - Simon Willison is running his own server.
- Eight Mastodon apps for iPhone - I’m currently trying like 4, but you can also just log into your sever and do everything there.
- Fedi.Tips and their Beginners Start Here page

Michael #3: Gitpod and the traveling dev

Gitpod is an open-source Kubernetes application for ready-to-code developer environments that spins up fresh, automated dev environments for each task, in the cloud, in seconds.
Gitpod is paid, but there are decent free tiers
Features
Run a desktop or browser based version of VS Code or any JetBrains IDE and customise it to your individual needs - from themes to extensions, you have full control.

Brian #4: Color in the terminal

pytest-check currently doesn’t use color
- but a little red for failures would be good (and was requested via an issue)
I could use rich, but maybe that’s a slightly larger hammer than I need for this job
Maybe raw escape sequences like print('\033[31m' + 'some red text')
- kinda gross
- won’t work out of the box on Windows.
But colorama can fix Windows.
- It just recently added just_fix_windows_console(), which apparently works better than init() in that it can be called multiple times without blowing up.
- Includes easier to read codes for some basic colors, so this works:
```
from colorama import just_fix_windows_console
    from colorama import Fore, Style
    just_fix_windows_console()

    print(Fore.RED + 'some red text')
    print(Style.RESET_ALL)
    print('back to normal now')
```

Extras

Brian:

Simon Willison wrote What to blog about, which includes
- TIL (today I learned) posts that don’t need to be full tutorials
- Projects you’ve built
I’d like to include
- Projects in progress
- Bug fixes or feature additions where you needed to learn a bit of something beforehand
  - Example: I should write up “Adding red to pytest-check”

Michael:

Beanie reorg: There is no sync version here more. Please use Bunnet instead
https://twitter.com/nicholdav/status/1589643652598759424 ?
PyCon Days Breakdown
Been playing with GeForce now, really impressive. Meanwhile, why is google still selling stadia?
New video: A Walrus Meets a Python - What is the := Walrus Operator?
New video: Python GC Settings - Change This and Go 20% Faster!

Joke:

Full transcript