Brought to you by Michael and Brian - take a Talk Python course or get Brian's pytest book

#309: When Malware PoC's are Themselves Malware

Published Wed, Nov 9, 2022, recorded Tue, Nov 8, 2022
Watch this episode on YouTube
Play on YouTube
Watch the live stream replay

About the show

Sponsored by Microsoft for Startups Founders Hub.

Michael: #0: Python Bytes is 6 years old this week. Thank you! 🎉

Michael #1: Malicious proof-of-concepts are exposing GitHub users to malware and more

  • The paper
  • They found that of the 47,313 GitHub repositories they had downloaded and checked, 4,893 (10.3%) were malicious.
  • In some the attackers were trying to plant malware on users’ machines, while in others, they tried to open backdoors using CobaltStrike, for example
  • Ignoring this problem can cause damage that ranges from infecting yourself as [a] user, to infecting your company and likely your customers as well if it’s a more sophisticated attack,” El Yadmani warned.
  • Languages
    • Ruby 379
    • Go 400
    • JavaScript 548
    • Shell 652
    • C++ 962
    • Java 1071
    • C 1686
    • Python 8305
    • Undetected 31858
  • Example Python exfile script included in the paper

Brian #2: The great Mastodon experiment

Michael #3: Gitpod and the traveling dev

  • Gitpod is an open-source Kubernetes application for ready-to-code developer environments that spins up fresh, automated dev environments for each task, in the cloud, in seconds.
  • Gitpod is paid, but there are decent free tiers
  • Features
  • Run a desktop or browser based version of VS Code or any JetBrains IDE and customise it to your individual needs - from themes to extensions, you have full control.

Brian #4: Color in the terminal

  • pytest-check currently doesn’t use color
    • but a little red for failures would be good (and was requested via an issue)
  • I could use rich, but maybe that’s a slightly larger hammer than I need for this job
  • Maybe raw escape sequences like print('\033[31m' + 'some red text')
    • kinda gross
    • won’t work out of the box on Windows.
  • But colorama can fix Windows.
    • It just recently added just_fix_windows_console(), which apparently works better than init() in that it can be called multiple times without blowing up.
    • Includes easier to read codes for some basic colors, so this works:
      from colorama import just_fix_windows_console
          from colorama import Fore, Style
          print(Fore.RED + 'some red text')
          print('back to normal now')



  • Simon Willison wrote What to blog about, which includes
    • TIL (today I learned) posts that don’t need to be full tutorials
    • Projects you’ve built
  • I’d like to include
    • Projects in progress
    • Bug fixes or feature additions where you needed to learn a bit of something beforehand
      • Example: I should write up “Adding red to pytest-check”



Want to go deeper? Check our projects