How To Learn Python Roadmap
Programming is a massive field, and while I’m a developer in my day job and love teaching programming, I don’t want to teach you programming as part of Hopper’s Roppers. There are a lot of other people online who are focused on programming exclusively so you should learn from them… but hey, there’s no rush.
This is my brief post on what I think is the best way to learn Python to the level required for security and CTFs. If you are interested in how to learn C, the language of hackers, check out this post.
Codecademy Python 2
This is going to take a while, but Codecademy Python is the best way I’ve found to learn a first programming language. In fact, it was the place I learned Python back in high school.
One of the coolest things about Codecademy is it is all done in an online editor and will let you progress with the appropriate hints. While you are working through this, use the amazing PythonTutor Visualization anytime you are trying to understand what is going on behind the scenes with your code. It’s super helpful and will help you understand debugging in a visual manner.
NOTE: Codecademy Free teaches the slightly outdated Python 2 language, instead of the more recent Python 3. If you want to pay Codecademy, do it, I’m all about internet educators getting paid. This is not really a problem, the language is basically the same and what we are worried about is you learning how programming works, not exact syntax. Once you know Python 2, 3 is just a few steps different.
The world has moved on to Python 3, so you can build the skill of mentally translating syntax and learning a new language on the fly, a critical part of being a developer. Plus security people are notorious for not updating their projects to newer versions of languages, so you’ll run into plenty of
Keep us updated in the #python channel in Slack on your progress and for help.
If you get bored… just move on. Codecademy can kind of drag, and if you’re bored, just keep moving. I promise you’ll be fine without it for now, you’ll just have to learn Python for real eventually.
No boredom, no drudgery!
Automate the Boring Stuff
If you want to get good at practical programming, you should go and complete all of the exercises in Automate the Boring Stuff (https://automatetheboringstuff.com/) in Python 3. Once you have done that you will be capable of just about any scripting task in Python if you have the time to do your research and work through it.
For now, I just want you to work through Chapters 9-12 of the Automate the Boring Stuff curriculum. We skip the first few chapters, but you generally have learned them from Codecademy already. If you’re having trouble with Chapter 9 (you probably will), step back a few chapters and work through them until you feel comfortable moving forward.
For the first thing on ATBS you should work through Chapter 9 and write code that will automagically create and modify files on the hard drive for you.
https://automatetheboringstuff.com/2e/chapter9
Networking Projects (In Python):
Python is a beautiful language for doing networking projects, and the Networking for Hackers course has an entire section on it. If you haven’t done that course yet, do it. I guarantee you don’t know networking as well as you think you do.
Projects Worth Doing (in Python):
Once you have worked through a few chapters of ATBS, it’s time to do some interesting and security related projects. I want to be very clear, I don’t really believe in good development practices and reading about how to program. I believe in throwing code into the editor, hitting compile (or run for Python) and seeing what happens. Do that enough times with complicated enough projects and you’ll be able to do anything you need to, and way faster than someone who is taking their time.
I’ve compiled a list of great projects here but I’ll break a few of them out. I recommend you go back to them after you’ve completed https://www.roppers.org/courses/security because they are practical applications of security tools and principles.
First up is Black Hat Python by Justin Seitz. I worked with him a little on a project once, and he was very nice to a college kid playing out of his league. This book has a little bit of everything and plenty of code examples on things like writing network sniffers, stealing email credentials, and bruteforcing directories to crafting mutation fuzzers, investigating virtual machines, and creating stealthy trojans. Violent Python by TJ O’Connor (met him once too) is also great if you’re looking for similar projects.
Similar to BHP is Gray Hat Python by Justin again. It’s a bit lower into the weeds with a bit more of a reverse engineering focus, but it has some badass stuff in there. If you work through this book you’ll be able to do just about anything with Python.
There are also a few build your own hardware projects in that Projects Worth Doing link that are a ton of fun. Hardware is an entirely different beast… that’s why I made my brother get a Computer Engineering degree so I never had to learn any of it.
Teach Yourself Computer Science
If you want to learn Computer Science properly, I recommend you work through https://github.com/ossu/computer-science/blob/master/README.md. It’s a fairly comprehensive education. I’m not big into Computer Science, I believe in getting things done quick and dirty, but hey, some people like that stuff.
Computer science is wildly outside of the scope of this site, so I’d prefer if you stuck around, but the entire point of learning is following what you are interested in. No hard feelings if you go, just promise to come back!
Recommend you start at this course, as you already have some python experience. https://github.com/ossu/computer-science/blob/master/README.md#introduction-to-programming
Programming is something that takes a lifetime to get good at, so don’t worry about being good at it for a while. Focus on making things that work just well enough to get the job done.