I came back from another FOR610[1] session last week in London. One essential piece of advice I provide to my pupils is to monitor “unusual” API requests. In the Windows environment, Microsoft presents a multitude of API requests for developers. The mere use of an API in a program doesn’t necessarily indicate the presence of harmful code, yet occasionally, some of them may stray from their intended purpose. A principle I follow when hunting for malicious scripts is to look for instances of the ctypes[2] library. This library enables Python to invoke functions within DLLs or shared libraries.