Question
-
Topic
-
Tips for a noob in the field of ethical hacking
So as the subject title suggests i am a beginner when it comes to cyber security, hacking and pentesting. My goal is to learn ethical hacking. I understand that the term “hacking” cannot be defined properly as it includes many subjects. I don’t necessarily want to earn money through this as i already have a job which pays well, so i don’t care about what companies want, i want to be able to one day be able to hack into remote machines and find my own vulnerabilities now before you tell me that it is illegal, i know, im not trying to do anything illegal, i just want to have the knowledge, out of curiosity.
Having said all that i have gone through two udemy courses on this subject. They gave me valuable knowledge about tools like kali linux, cracking passwords using dictionaries, nmap, nessus port scanning etc. But they teach how to use them but never how they work and why they work. All of them involved hacking into intentionally vulnerable systems like metasploit and old versions of windows 7 and 10 with known vulnerabilities.
They never satisfied me, i know that if a vulnerability is taught online it means its known and patched and in order to actually hack i need to find my own vulnerabilities.
I have watched many YouTube videos they all say that programming is a bonus but not necessary for ethical hackers? How though? How can you find wholes in a code if you don’t know how to understand them? I know C(i guess intermediate level, i know structs, pointers and how to access peripheral and cpu registers)
So i decided that i want to build a super simple OS for a Microcontroller unit just to see how and OS works behind the scene so that hopefully i can break other OSes in the future. Do you guys think it is a good idea?
I am also studying CCNA official cert guide to learn networking, i already know the basics and everyone says that hackers only need to know the basics of of networking? But again why?Do you guys think i need to learn ccna networking before moving to pentest+?i just don’t understand how im supposed to break a network if i dont understand how exactly they work.
As u can see im so confused and need help to come up with a road map, im learning so many things in parallel and am confused.
Thanks in advance