Posts

The Python Packaging Ecosystem remains fairly stable in the broad scope of open source package distribution, but they are not immune to sustained attacks either. One threat actor group has evolved from simple nuissance to a sustained stream of spam and malware utilizing GitHub staging and direct targeting of userbases for the distribution of malicious programs.

Discord is the most populated live chat interaction platform on the internet. Let’s take some time to discuss how we could use that to engage open source communities and enterprise user bases more effectively, and discuss some of the public perceptions that surround Discord.

Looking deeper into PyArmor obfuscated malware utilizing tools such as Process Monitor and Wireshark, and hooking third party libraries to gain access to web requests and encrypted data.

To those that may or may not know, Vipyr Security was recently invited to discuss what a malicious package reporting API might look like with the Python Software Foundation and Python Packaging oversight entities.

Open source security is something fairly important to me.