My Journey into Python Programming

A Curious Introduction

Starting fairly early in my career as a desktop analyst I was exposed mostly as a consumer to custom programming/scripting. "Back then" this mostly consisted of batch files primarily built for backing up and restoring a user's profile. One day as I was training and studying to obtain several different Microsoft certifications I decided to view the batch file in Notepad. This was the first time I was directly exposed to "code".

Certain things made sense as the batch file had some clear "variables" used. Understanding at the time with the use of context clues a variable is simply a way to provide pointers to other 'bits' of information.

@echo off
setlocal

rem Check if the batch file is running from the C drive
if /I "%~d0"=="C:" (
    echo This batch file should not be run from the C drive.
    exit /b
)

set /p username=Enter your username: 

echo User: %username%
echo Batch file directory: %~dp0

pause

While there were certain elements, such as the peculiar string '%~dp0,' that made no sense at the time. Having a bit of a defeated moment, I closed Notepad and was left with the below-realized outcomes.

  • 'This is cool'

  • 'This is complicated'

  • 'I need to ask more questions'

These statements marked the beginning of a learning journey that has continued for the past 15 years. Interestingly, my exploration of new topics often commences with these very same sentiments.

Below is an example of what I was able to create in 2007-ish as an expanded version of the backup batch file, that changed my life.

Learning To Crawl

Thankfully in 2008'ish I was a member of a tight-knit and supportive team I was able to go and ask questions from some of my early mentors to learn more. They took the time to explain and share as much as they could with this young, "still-in-school" curious mind. With enough guidance and starting to understand I can make changes to do a "test" without breaking anything.

I started to tweak, and tinker and eventually was able to modify and improve the backup batch file. This was officially my first time creating anything from a development standpoint. I had no idea at the time how any of this would impact me years later, but as always if you are curious and the topic is interesting it warrants more time and attention.

Still at the same organization and a few promotions later, I was now a member of the SCCM team. This role as with the former, presented me with a new technology I had not been directly exposed to in my career journey. Though I could still use my "Open With Notepad" method, I was looking at code within a '.au3' file, it was no longer a batch file. But while reviewing it I saw similarities to batch files, I saw variables, print statements, user interaction steps, etc. While there were similar there were glaring differences there were loops, wait timers, and importing of additional logic.

Now in an even deeper ocean but somehow learning how to thrash about without drowning, I ended up in the same spot after closing Notepad.

  • 'This is cool'

  • 'This is complicated'

  • 'I need to ask more questions'

Again several people made themselves available and for the next 6 months if the SCCM administrator created a new application package install, that was facilitated with AutoIT I was right there to learn and grow.

After months of mostly reading and understanding, I started to decide to try and write my programs. What can I automate to make my life as an application analyst easier? What additional logic can I add to improve debugging or status messages for technicians waiting for installs to complete? These are the questions and challenges I used to write my first application using AutoIt as the scripting language of choice.

I used this language exclusively for the next 6 years and managed to create all sorts of programs that have more than returned the cost of development.

  • Application to deploy and configure a Splunk universal forwarder to enable and ship sysmon and all system logs on an impacted host. You can view an example function below.

  • Full-on triage response script that covered all known Windows forensics artifacts at the time and contained additional binaries to capture even more advanced data (MFT, USN, etc).

    • Think KAPE but in 2010
  • Login Scripts

  • SCCM Client Repair

Through the acquisition of these newfound skills, I've positioned myself in a rather intriguing vertical. In the realm of problem-solving, I've observed that many can readily identify issues. Among them, a select few can propose viable solutions. Within this group, there is an even smaller subset who possess the ability to construct the necessary solutions.

I've comfortably nestled into this last category, where I not only recognize problems and outline pathways for enhancements but also possess the skillset to roll up my sleeves and construct solutions. This unique blend of problem identification, solution formulation, and hands-on development has proven to be an immensely valuable asset in my career.

Why Python?

Having achieved several years of success in programming and scripting, I made the strategic decision to broaden my skillset in 2017. I opted to set AutoIT aside and embarked on a journey to learn Python. This choice was prompted by Python's ubiquity in various cybersecurity classes, vendor documentation, and the many Splunk applications I was actively working with during that time of my career.

While it was no issue for me to recreate anything in AutoIT at this point, no job postings were looking for anyone with AutoIT skills. So what the market demands you must supply.

Why did I choose Python over something like Powershell? Well, this decision was made during a period when Powershell was just beginning to gain momentum from my perspective. My 'security classes' primarily revolved around command-line operations and the majority of the tools and scripts were based on Bash, Python, Perl, and operated from Linux systems. Consequently, even though I could have easily replicated tasks in Powershell, my daily work environment was predominantly Linux-based, and I was more immersed in the Linux world.

Learning Python

Now, if you've been following along with this blog, you'll recall that I had no formal development training. Everything I had created until that point had been driven by the projects or problems my team and I were currently facing, where practical solutions were needed. All of my learning has been through platforms like YouTube, Google searches, and collaborating with colleagues.

Given my top-down entry into programming, I had used many programming concepts without having a complete understanding of them. Therefore, transitioning to a more formal language like Python posed a bit of a challenge. Concepts like integers and floats, strings, and the mysterious world of "classes" were all new and required me to dive deeper into the fundamentals.

Unfortunately unlike the early stages of my career, I did not have an immediate supporting cast to lean on and walk me through this development journey in 2017. So this was my first time purchasing a programming book to help with learning. The book I decided to purchase was "Learn Python 3 the Hard Way". This book lived in my backpack for every business trip, existed on my desk during office hours, and rested next to my comfy chair at home.

By the end of the book and completing the labs and lessons, I knew something special was happening because I was able to read and understand the code of others. And once I started to understand I was able to find improvements that could be made. It was at this time I was ready to start writing my own Python applications. My first 'major' application was a security tool to check the domain reputation of any domain against several OSINT resources. The data was then captured and returned to the CLI or exported to an Excel file.

As with my introduction to AutoIT I immediately sought to improve processes while learning. I was also able to determine my style of learning is 100% project-based, I am okay with not understanding something initially because I know with enough iterations I will be able to eventually get the 'light bulb' to 'light up'. I am okay with writing something ugly and 'messy' because I understand I am learning, so while I can be brutally honest I have learned to have grace and compartmentalize my progress.

Where am I now?

I find myself in an excellent position with the language now, and I'm eager to continue expanding my skill set by eventually adding more languages under my belt. The number of projects and applications I've worked on has grown to the point where it's hard to keep track of them all.

My journey is a relentless pursuit of curiosity, a continuous challenge to push the boundaries of my understanding. This recursive learning and improvement cycle remains the driving force behind my development journey.

Some of the stacks and technologies I have worked with in conjunction with my Python scripts are:

  • MongoDB

  • Docker

  • Terraform

  • Ansible

  • Streamlit

  • Django

  • Serverless Application

  • FastAPI

  • Asyncio

Where am I heading?

I've placed a strong emphasis on deepening my knowledge of computer science fundamentals by learning from online instructors who can truly teach, rather than just delivering content into a microphone. I'm striving to grasp concepts like design patterns, shared code spaces, the intricacies of abstraction and representation, and logarithmic time complexity. I follow content creators like ArjanCodes, Mcoding

I've moved beyond the stage of merely writing code for functionality (unless it is a one-off script). My focus is on writing code that is not only functional but also secure, efficient, easily readable, and maintainable. It's about ensuring that the code I produce is of the highest quality, going beyond the straightforward implementation to make it truly outstanding.

TLDR:

I started scripting/programming in 2008 officially, just modifying batch files. This then progressed to creating applications in a program called Autoit. While looking for employment most of the cyber security roles mentioned have scripting/programming experience with Python. Though I did not have the same group of associates I could learn from as I did early in my career, my journey to Python was facilitated by the same three questions that have driven me throughout my career.

  • 'This is cool'

    • This is interesting and useful for my career in Cyber Security.
  • 'This is complicated'

    • This is something I think I can understand but I need additional help understanding.
  • 'I need to ask more questions'

    • Asking questions as I run into roadblocks.

I used a project-driven development style to continue to challenge myself and help facilitate new topics I am learning. This learning was assisted with concepts explained and taught to me in a programming book. I am now focused on teaching others that are intrested in learning and solidifying computer science fundamentals.