Features

Interacting with CSAPP's data set involves using Streamlit

Streamlit is used to host a local web app on your machine that provides a user interface with the data set.

Before installing CSAPP, you can demo the user interface with a sample of the data set on Streamlit.io --> csapp-adamcysec.streamlit.app

Knowledge Prerequisites

To use this tool effectively, you may need to have:

  • a basic understanding of Python

  • be familiar with how PyPI.org functions

  • know code techniques adversaries implement in malicious packages

  • understand how adversaries trick users into downloading their malicious package

  • a basic understanding of data analysis

  • be able to write a simple SQL query

Threat Hunting For Malicious Packages

Start by installing CSAPP locally, follow the Getting set up instructions.

Read through the Web App Walkthrough to get familiar with the user interface.

Read through Malicious Package Techniques to understand what attackers are doing.

Run some of the SQL queries documented, Useful SQL Queries.

Start Analyzing Python Packages

Did you know PyPI will remove packages that don't contain malware? Read up on what PyPI considers an invalid package in PyPI's Terms of Use.

PreviousWhy??Nextpypi_data_harvest.py

Last updated