#pypi — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #pypi, aggregated by home.social.
-
Today's the day! Come on out for story time and good ideas when I share details on the Anatomy of a Phishing Campaign I handled for #PyPI around this time last year.
https://ep2026.europython.eu/session/anatomy-of-a-phishing-campaign
#EuroPython2026 #EP2026 #Python #OpenSource #SupplyChain #Security
-
Today's the day! Come on out for story time and good ideas when I share details on the Anatomy of a Phishing Campaign I handled for #PyPI around this time last year.
https://ep2026.europython.eu/session/anatomy-of-a-phishing-campaign
#EuroPython2026 #EP2026 #Python #OpenSource #SupplyChain #Security
-
RE: https://fosstodon.org/@europython/116783034135869682
Very excited to share stories, insights, recommendations at my first @europython
I'll also be attending the Packaging and Language Summits, as well as any other opportunities to increase awareness of #Python and #PyPI #OpenSource #SupplyChain #Security initiatives.
-
RE: https://fosstodon.org/@europython/116783034135869682
Very excited to share stories, insights, recommendations at my first @europython
I'll also be attending the Packaging and Language Summits, as well as any other opportunities to increase awareness of #Python and #PyPI #OpenSource #SupplyChain #Security initiatives.
-
[Перевод] Пакетным менеджерам пора ввести период охлаждения
Когда злоумышленник получает доступ к учетной записи мейнтейнера или захватывает заброшенный пакет, вредоносная версия может разойтись по тысячам проектов быстрее, чем ее успеют заметить. Один из способов снизить риск — ввести период охлаждения для зависимостей: не устанавливать новую версию пакета сразу после публикации, а ждать несколько дней, пока сообщество и вендоры безопасности успеют отреагировать. Публикуем перевод статьи Эндрю Несбитта о dependency cooldown и о том, как этот подход реализуют разные пакетные менеджеры и инструменты обновления зависимостей: npm, pnpm, Yarn, Bun, Deno, pip, uv, Poetry, Bundler, Cargo, Dependabot, Renovate и другие. Отдельно в материале рассматриваются различия между относительными интервалами и абсолютными датами, проблемы временных меток, исключения для обновлений безопасности и ограничения подхода в разных экосистемах.
https://habr.com/ru/companies/codescoring/articles/1044132/
#пакетные_менеджеры #зависимости #supply_chain_security #open_source #npm #PyPI #RubyGems #Dependabot #Renovate #dependency_cooldown
-
Glassworm smantellato: CrowdStrike abbatte la botnet che prendeva di mira gli sviluppatori attraverso npm, PyPI e GitHub
Il 26 maggio 2026, CrowdStrike, Google e Shadowserver Foundation hanno eseguito un takedown coordinato di Glassworm, botnet attivo da oltre un anno che infettava sviluppatori attraverso estensioni VSCode trojanizzate, pacchetti npm/Python malevoli e repository GitHub avvelenati. Il C2 sfruttava blockchain Solana, BitTorrent DHT e Google Calendar come canali di resilienza. -
Glassworm smantellato: CrowdStrike abbatte la botnet che prendeva di mira gli sviluppatori attraverso npm, PyPI e GitHub
Il 26 maggio 2026, CrowdStrike, Google e Shadowserver Foundation hanno eseguito un takedown coordinato di Glassworm, botnet attivo da oltre un anno che infettava sviluppatori attraverso estensioni VSCode trojanizzate, pacchetti npm/Python malevoli e repository GitHub avvelenati. Il C2 sfruttava blockchain Solana, BitTorrent DHT e Google Calendar come canali di resilienza. -
Glassworm smantellato: CrowdStrike abbatte la botnet che prendeva di mira gli sviluppatori attraverso npm, PyPI e GitHub
Il 26 maggio 2026, CrowdStrike, Google e Shadowserver Foundation hanno eseguito un takedown coordinato di Glassworm, botnet attivo da oltre un anno che infettava sviluppatori attraverso estensioni VSCode trojanizzate, pacchetti npm/Python malevoli e repository GitHub avvelenati. Il C2 sfruttava blockchain Solana, BitTorrent DHT e Google Calendar come canali di resilienza. -
Glassworm smantellato: CrowdStrike abbatte la botnet che prendeva di mira gli sviluppatori attraverso npm, PyPI e GitHub
Il 26 maggio 2026, CrowdStrike, Google e Shadowserver Foundation hanno eseguito un takedown coordinato di Glassworm, botnet attivo da oltre un anno che infettava sviluppatori attraverso estensioni VSCode trojanizzate, pacchetti npm/Python malevoli e repository GitHub avvelenati. Il C2 sfruttava blockchain Solana, BitTorrent DHT e Google Calendar come canali di resilienza. -
Glassworm smantellato: CrowdStrike abbatte la botnet che prendeva di mira gli sviluppatori attraverso npm, PyPI e GitHub
Il 26 maggio 2026, CrowdStrike, Google e Shadowserver Foundation hanno eseguito un takedown coordinato di Glassworm, botnet attivo da oltre un anno che infettava sviluppatori attraverso estensioni VSCode trojanizzate, pacchetti npm/Python malevoli e repository GitHub avvelenati. Il C2 sfruttava blockchain Solana, BitTorrent DHT e Google Calendar come canali di resilienza. -
🕵🏻♂️ [InfoSec MASHUP] 21/2026 - The Supply Chain Didn't Break. It Was Walked.
This week's issue reads like a case study in cascade failure. A malicious VS Code extension on one #GitHub employee's device leads to 3,800 internal repositories exfiltrated — by #TeamPCP, the same group that poisoned 170 npm and #PyPI packages last week. #Grafana gets breached via a token nobody rotated after the TanStack attack, itself a TeamPCP operation. A GitHub Action used by thousands of projects gets compromised and starts exfiltrating CI/CD credentials. And somewhere in a public GitHub spreadsheet, CISA contractor credentials — including #AWS GovCloud keys — sat waiting to be found.
These aren't four separate incidents. They're one incident with four manifestations. The supply chain isn't a vector anymore; it's the terrain. Developer tooling, CI/CD pipelines, third-party actions, tokens issued and forgotten — all of it is now actively mapped and exploited with a persistence that makes the traditional "patch and move on" response look quaint. The Verizon DBIR dropped this week noting that third-party compromise is surging. The week's news was already illustrating the point before the report landed.
→ Week #21/2026 also covers: fast16 predated #Stuxnet and corrupted nuclear simulations quietly, #Pwn2Own Berlin paid $1.3M for 47 bugs, and #Bluesky got hijacked for Russian propaganda.
Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-21-2026-the-supply-chain-didn-t-break-it-was-walked
If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI
-
🕵🏻♂️ [InfoSec MASHUP] 21/2026 - The Supply Chain Didn't Break. It Was Walked.
This week's issue reads like a case study in cascade failure. A malicious VS Code extension on one #GitHub employee's device leads to 3,800 internal repositories exfiltrated — by #TeamPCP, the same group that poisoned 170 npm and #PyPI packages last week. #Grafana gets breached via a token nobody rotated after the TanStack attack, itself a TeamPCP operation. A GitHub Action used by thousands of projects gets compromised and starts exfiltrating CI/CD credentials. And somewhere in a public GitHub spreadsheet, CISA contractor credentials — including #AWS GovCloud keys — sat waiting to be found.
These aren't four separate incidents. They're one incident with four manifestations. The supply chain isn't a vector anymore; it's the terrain. Developer tooling, CI/CD pipelines, third-party actions, tokens issued and forgotten — all of it is now actively mapped and exploited with a persistence that makes the traditional "patch and move on" response look quaint. The Verizon DBIR dropped this week noting that third-party compromise is surging. The week's news was already illustrating the point before the report landed.
→ Week #21/2026 also covers: fast16 predated #Stuxnet and corrupted nuclear simulations quietly, #Pwn2Own Berlin paid $1.3M for 47 bugs, and #Bluesky got hijacked for Russian propaganda.
Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-21-2026-the-supply-chain-didn-t-break-it-was-walked
If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI
-
This Week in Security: AI Generated Reports, More AI Generated Reports, GitHub Chaos, and More Linux Vulnerabilities
-
Dumb Ways for an Open Source Project to Die
A good chunk of the most-depended-on open source packages are dead, and there are a lot of different ways for a project to end up that way.
#opensource #maintainers #supplychain #pypi #python
https://nesbitt.io/2026/05/19/dumb-ways-for-an-open-source-project-to-die.html
@pythonbytes @mkennedy -
Dumb Ways for an Open Source Project to Die
A good chunk of the most-depended-on open source packages are dead, and there are a lot of different ways for a project to end up that way.
#opensource #maintainers #supplychain #pypi #python
https://nesbitt.io/2026/05/19/dumb-ways-for-an-open-source-project-to-die.html
@pythonbytes @mkennedy -
Now that the keynote is over, here are the open spaces that you can check out after the security update and the first talks after lunch. The job fair and poster sessions are also happening and I would recommend checking those out if you're interested.
Starting at 10:00 AM:
Room 102A: #Conda x #PyPI: Building Bridges That Actually Hold
Room 102B: Scroll Lock Zine
Room 102C: The Python Developers Survey: What Would YOU Ask?
Room 202C: Financial Data with Python -
Checkmarx nel mirino di TeamPCP: l’immagine Docker ufficiale di KICS trojanizzata per esfiltrare i segreti dell’infrastruttura
Per la seconda volta in due mesi, il gruppo TeamPCP ha violato la supply chain di Checkmarx, pubblicando immagini Docker trojanizzate del security scanner KICS ed estensioni VS Code maligne capaci di rubare token cloud, credenziali GitHub e chiavi SSH. Il payload mcpAddon.js, consegnato tramite runtime Bun da un commit retrodatato, punta a trasformare ogni pipeline CI/CD in un punto di esfiltrazione. -
Checkmarx nel mirino di TeamPCP: l’immagine Docker ufficiale di KICS trojanizzata per esfiltrare i segreti dell’infrastruttura
Per la seconda volta in due mesi, il gruppo TeamPCP ha violato la supply chain di Checkmarx, pubblicando immagini Docker trojanizzate del security scanner KICS ed estensioni VS Code maligne capaci di rubare token cloud, credenziali GitHub e chiavi SSH. Il payload mcpAddon.js, consegnato tramite runtime Bun da un commit retrodatato, punta a trasformare ogni pipeline CI/CD in un punto di esfiltrazione. -
Checkmarx nel mirino di TeamPCP: l’immagine Docker ufficiale di KICS trojanizzata per esfiltrare i segreti dell’infrastruttura
Per la seconda volta in due mesi, il gruppo TeamPCP ha violato la supply chain di Checkmarx, pubblicando immagini Docker trojanizzate del security scanner KICS ed estensioni VS Code maligne capaci di rubare token cloud, credenziali GitHub e chiavi SSH. Il payload mcpAddon.js, consegnato tramite runtime Bun da un commit retrodatato, punta a trasformare ogni pipeline CI/CD in un punto di esfiltrazione. -
Checkmarx nel mirino di TeamPCP: l’immagine Docker ufficiale di KICS trojanizzata per esfiltrare i segreti dell’infrastruttura
Per la seconda volta in due mesi, il gruppo TeamPCP ha violato la supply chain di Checkmarx, pubblicando immagini Docker trojanizzate del security scanner KICS ed estensioni VS Code maligne capaci di rubare token cloud, credenziali GitHub e chiavi SSH. Il payload mcpAddon.js, consegnato tramite runtime Bun da un commit retrodatato, punta a trasformare ogni pipeline CI/CD in un punto di esfiltrazione. -
Checkmarx nel mirino di TeamPCP: l’immagine Docker ufficiale di KICS trojanizzata per esfiltrare i segreti dell’infrastruttura
Per la seconda volta in due mesi, il gruppo TeamPCP ha violato la supply chain di Checkmarx, pubblicando immagini Docker trojanizzate del security scanner KICS ed estensioni VS Code maligne capaci di rubare token cloud, credenziali GitHub e chiavi SSH. Il payload mcpAddon.js, consegnato tramite runtime Bun da un commit retrodatato, punta a trasformare ogni pipeline CI/CD in un punto di esfiltrazione. -
Как опубликовать Python-пакет в PyPI с помощью Poetry
Как создать и подготовить пакет к публикации с помощью Poetry и обойти подводные камни которые могут помешать это сделать.
-
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems -
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems -
🐍 Oh look, another #PyPI mess! The telnyx package was hijacked, but don't worry, there's an AI-powered #security buzzword salad waiting to save us all. Just sprinkle a bit of "realtime visibility" and "continuous pentests" and voilà, instant safety illusion! 🚀🙄
https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm #Hijack #AI #RealtimeVisibility #ContinuousPentests #HackerNews #ngated -
🐍 Oh look, another #PyPI mess! The telnyx package was hijacked, but don't worry, there's an AI-powered #security buzzword salad waiting to save us all. Just sprinkle a bit of "realtime visibility" and "continuous pentests" and voilà, instant safety illusion! 🚀🙄
https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm #Hijack #AI #RealtimeVisibility #ContinuousPentests #HackerNews #ngated -
🐍 Oh look, another #PyPI mess! The telnyx package was hijacked, but don't worry, there's an AI-powered #security buzzword salad waiting to save us all. Just sprinkle a bit of "realtime visibility" and "continuous pentests" and voilà, instant safety illusion! 🚀🙄
https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm #Hijack #AI #RealtimeVisibility #ContinuousPentests #HackerNews #ngated -
🐍 Oh look, another #PyPI mess! The telnyx package was hijacked, but don't worry, there's an AI-powered #security buzzword salad waiting to save us all. Just sprinkle a bit of "realtime visibility" and "continuous pentests" and voilà, instant safety illusion! 🚀🙄
https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm #Hijack #AI #RealtimeVisibility #ContinuousPentests #HackerNews #ngated -
🐍 Oh look, another #PyPI mess! The telnyx package was hijacked, but don't worry, there's an AI-powered #security buzzword salad waiting to save us all. Just sprinkle a bit of "realtime visibility" and "continuous pentests" and voilà, instant safety illusion! 🚀🙄
https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm #Hijack #AI #RealtimeVisibility #ContinuousPentests #HackerNews #ngated -
🚀 Mein erstes Paket ist live! 🛰️
Ich habe gerade toybox-calc veröffentlicht – ein kleines CLI-Tool für Funkamateure, um die optimale Länge des Strahlers für die Comet HFJ-350M (Toy Box) Antenne zu berechnen.Jetzt verfügbar auf:
📦 PyPI: pip install toybox-calc
🏔️ AUR (Arch Linux): pikaur -S python-toybox-calc
Inklusive i18n Support (DE/EN/JA) und ANSI-Farben fürs Terminal. Vy 73 de DO3EET! 📻#HamRadio #Amateurfunk #Python #ArchLinux #AUR #PyPI #OpenSource #HFJ350M #ToyBox #POTA #SOTA #Linux
-
🚀 Mein erstes Paket ist live! 🛰️
Ich habe gerade toybox-calc veröffentlicht – ein kleines CLI-Tool für Funkamateure, um die optimale Länge des Strahlers für die Comet HFJ-350M (Toy Box) Antenne zu berechnen.Jetzt verfügbar auf:
📦 PyPI: pip install toybox-calc
🏔️ AUR (Arch Linux): pikaur -S python-toybox-calc
Inklusive i18n Support (DE/EN/JA) und ANSI-Farben fürs Terminal. Vy 73 de DO3EET! 📻#HamRadio #Amateurfunk #Python #ArchLinux #AUR #PyPI #OpenSource #HFJ350M #ToyBox #POTA #SOTA #Linux
-
🚀 Mein erstes Paket ist live! 🛰️
Ich habe gerade toybox-calc veröffentlicht – ein kleines CLI-Tool für Funkamateure, um die optimale Länge des Strahlers für die Comet HFJ-350M (Toy Box) Antenne zu berechnen.Jetzt verfügbar auf:
📦 PyPI: pip install toybox-calc
🏔️ AUR (Arch Linux): pikaur -S python-toybox-calc
Inklusive i18n Support (DE/EN/JA) und ANSI-Farben fürs Terminal. Vy 73 de DO3EET! 📻#HamRadio #Amateurfunk #Python #ArchLinux #AUR #PyPI #OpenSource #HFJ350M #ToyBox #POTA #SOTA #Linux
-
Mein immer-noch-nicht-fertiges Python-Programm kann jetzt richtige Releases, so mit wheel und git tag und so.
Ich befehle "set -l release_name Trains; and just release patch" und es macht den Rest, so dass am Ende ein Release entsteht (z.b. sowas https://code.c-base.org/infuanfu/teilchensammler-cli/releases/tag/v0.4.5) und auch auf den Package Index hochgelordet wird (https://code.c-base.org/infuanfu/-/packages/pypi/teilchensammler-cli/0.4.5)
Hier mein release script: https://code.c-base.org/infuanfu/teilchensammler-cli/src/tag/v0.4.5/justfile#L70-L84
#python #textual #release #teilchen #package #pypi #just #uv
--
aus dem #ICE1006 gesendet -
Mein immer-noch-nicht-fertiges Python-Programm kann jetzt richtige Releases, so mit wheel und git tag und so.
Ich befehle "set -l release_name Trains; and just release patch" und es macht den Rest, so dass am Ende ein Release entsteht (z.b. sowas https://code.c-base.org/infuanfu/teilchensammler-cli/releases/tag/v0.4.5) und auch auf den Package Index hochgelordet wird (https://code.c-base.org/infuanfu/-/packages/pypi/teilchensammler-cli/0.4.5)
Hier mein release script: https://code.c-base.org/infuanfu/teilchensammler-cli/src/tag/v0.4.5/justfile#L70-L84
#python #textual #release #teilchen #package #pypi #just #uv
--
aus dem #ICE1006 gesendet -
Another great #FOSDEM talk from Michael Winser at @openssf / #AlphaOmega about the terrible economics of package registries like #NPM #maven #PyPi #RubyGems #crates
https://fosdem.org/2026/schedule/event/8WJKEH-package-registry-economics/
Some charts from different registries are at https://go.xwind.io/registry-research-report
The slide below is a take on some of the common "solutions" that people come up with for funding registries (also applicable to non-registry products with large numbers of downloads) and what might happen if you choose them
-
Another great #FOSDEM talk from Michael Winser at @openssf / #AlphaOmega about the terrible economics of package registries like #NPM #maven #PyPi #RubyGems #crates
https://fosdem.org/2026/schedule/event/8WJKEH-package-registry-economics/
Some charts from different registries are at https://go.xwind.io/registry-research-report
The slide below is a take on some of the common "solutions" that people come up with for funding registries (also applicable to non-registry products with large numbers of downloads) and what might happen if you choose them
-
Another great #FOSDEM talk from Michael Winser at @openssf / #AlphaOmega about the terrible economics of package registries like #NPM #maven #PyPi #RubyGems #crates
https://fosdem.org/2026/schedule/event/8WJKEH-package-registry-economics/
Some charts from different registries are at https://go.xwind.io/registry-research-report
The slide below is a take on some of the common "solutions" that people come up with for funding registries (also applicable to non-registry products with large numbers of downloads) and what might happen if you choose them
-
Another great #FOSDEM talk from Michael Winser at @openssf / #AlphaOmega about the terrible economics of package registries like #NPM #maven #PyPi #RubyGems #crates
https://fosdem.org/2026/schedule/event/8WJKEH-package-registry-economics/
Some charts from different registries are at https://go.xwind.io/registry-research-report
The slide below is a take on some of the common "solutions" that people come up with for funding registries (also applicable to non-registry products with large numbers of downloads) and what might happen if you choose them
-
Another great #FOSDEM talk from Michael Winser at @openssf / #AlphaOmega about the terrible economics of package registries like #NPM #maven #PyPi #RubyGems #crates
https://fosdem.org/2026/schedule/event/8WJKEH-package-registry-economics/
Some charts from different registries are at https://go.xwind.io/registry-research-report
The slide below is a take on some of the common "solutions" that people come up with for funding registries (also applicable to non-registry products with large numbers of downloads) and what might happen if you choose them
-
Malicious updates were published to official #dYdX trading packages on #npm and #PyPI, delivering a wallet stealer and remote access malware.
Malware was published via compromised maintainer accounts:
#SoftwareSupplyChainSecurity
👇
https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html -
Malicious updates were published to official #dYdX trading packages on #npm and #PyPI, delivering a wallet stealer and remote access malware.
Malware was published via compromised maintainer accounts:
#SoftwareSupplyChainSecurity
👇
https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html -
Malicious updates were published to official #dYdX trading packages on #npm and #PyPI, delivering a wallet stealer and remote access malware.
Malware was published via compromised maintainer accounts:
#SoftwareSupplyChainSecurity
👇
https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html -
Malicious updates were published to official #dYdX trading packages on #npm and #PyPI, delivering a wallet stealer and remote access malware.
Malware was published via compromised maintainer accounts:
#SoftwareSupplyChainSecurity
👇
https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html -
Malicious updates were published to official #dYdX trading packages on #npm and #PyPI, delivering a wallet stealer and remote access malware.
Malware was published via compromised maintainer accounts:
#SoftwareSupplyChainSecurity
👇
https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html -
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules