Programming, not software engineering, is a vital task for anyone that works within the infosec industry. If you want to advance in your role as a pentester , red teamer , incident responder, or threat intel analyst you need to be able to at least write basic programs.

A great way to start is to think of a simple idea and google your way through it. Simple means VERY simple. Like search a directory for files containing a unique word. Or parsing a file and printing different characteristics or metadata of that file.

If you need inspiration here are two extremely simple programs used to first learn Go and Python:

Bin2Hex takes an input file of shellcode (just bytes) and outputs a file in an escaped hex format (like this \40). Its less than 100 lines of code, but for someone learning the language from scratch it was a good project. It demonstrates some basic tasks which are good to know in programming and while working in infosec: reading/transforming bytes, parsing files, writing files, using command line flags.

Steganize takes a picture, and secret text, and hides that data into a jpg file. Again, some characteristics of this program that make it an ideal way to learn the language: read input, parse files, write files, use command line flags. This program is about a hundred lines of actual code.

So some advise to any junior analyst looking to advance their career and learn programming

Think of a simple idea that has these attributes:

  • Is very simple
  • Uses command line arguments
  • Reads data, transforms it, and writes it

The key point is the last one. You have to be excited about the project because it will be a long difficult slog to complete a program with no prior knowledge of that programming language, or programming in general. Once you have your idea write it down on a piece of paper. Describe the input, the output, and what they command line flags should be. Use this information to guide you in writing your program. Then google your way through writing your program. Step by step. “python how to print a string” , “rust how to read standard input” , “golang how to write a file”

As you progress you will get familiar with the language, its syntax, and conventions.

One your finish your program consider open sourcing it. Even if you are not satisfied with it and plan to improve it later.

As you become more experienced you will start to understand how to read technical documentation, evaluate libraries, and write your own APIs. Then years later you can look back at your project and see how far you’ve come.

If you have questions feel free to reach out on Twitter

Good luck!