Hello, welcome to the Friday, April 30th, 2021 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

And Python as a programming language is certainly gaining followers rapidly over the last few years, but also, well, for malicious

purposes, it is being used more and more, in particular on the Windows platform, which

of course traditionally hasn't really been using Python that much. Python tended to be more sort of of a Unix tool.

So Xavier came across a malicious Python script that actually interacted with the dotnet framework.

So very Windows specific. It used the Python.net library. and with that was able to do some of the more

lower-level things using dot net instead of having to resort to native Python in order

to accomplish them.

Now one way that this script that Xavier found uses.net is the assembly create instance method.

That particular dot net method is used in order to inject code into the Windows services.

However, Xavi was sadly not able to fully decrypt the code because the encryption key or decryption key is supposed to be provided on the command line and given that Xavi had just a sample, didn't know what command line argument it was used with.

Well, he wasn't able to decrypt that.

If anybody has any ideas, I'm sure KSavie would love to hear.

And then we got yet another vulnerability in a critical tool used by software developers

to manage dependencies.

This time, no, it's not NPM and Node.js. This time it is

PHP and Composer. Composer is a tool to automatically resolve dependencies and install

related packages. And now at the core of Composer is Packages, a website that essentially contains an index of

all of the packages being offered via Composer, but you can also run your own instance of

packages if you should prefer to do so. As Composer resolves dependencies and downloads additional code, it will, for

example, call utilities like Git in order to retrieve the code, and of course it will provide

...