all InfoSec news
Malicious Python Packages and Code Execution via pip download
Sept. 9, 2022, 11:30 p.m. |
Embrace The Red embracethered.com
I assumed that running pip install means anything could happen, but pip download seems a bit surprising.
Both seem useful for red teaming though.
Background This post from Yehuda Gelb named Automatic Execution of Code Upon Package Download on Python Package Manager which the Security Now! podcast pointed me towards.
The post highlights that just running pip download can compromise your …
More from embracethered.com / Embrace The Red
ChatGPT: Hacking Memories with Prompt Injection
1 week, 3 days ago |
embracethered.com
Pivot to the Clouds: Cookie Theft in 2024
2 weeks, 2 days ago |
embracethered.com
Bobby Tables but with LLM Apps - Google NotebookML Data Exfiltration
1 month, 2 weeks ago |
embracethered.com
HackSpaceCon 2024: Short Trip Report, Slides and Rocket Launch
1 month, 2 weeks ago |
embracethered.com
ASCII Smuggler - Improvements
2 months, 4 weeks ago |
embracethered.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC