Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
AleCx042465339dthere was a course in udemy in which a dude was showing pen testing using Python scripts and there are multiple books like that. Normally, learning said tools is a good way to understand the top view of how an attack would work, and people that are more experienced in the field eventually learn how to do those things by themselves with building tools etc.
Damn near all major tools are ooen sourced, so you can always refer to their code and documentacion, Kali Linux is very powerful at that since it comes with a lot of shit out of the box, keep using it, but look at the tools and their code themselves as well as them books and the udemy tutorial I mentioned, you can probably get it on discount for cheap at some point
To my mind hacking has always predominantly been the domain of script-kiddies. The majority never really advanced beyond punting, simple script exploits, phishing and canned malware. For every Charlie Miller, you have 20 Johnny Lee Miller-derivatives.
I think it's admirable to what to do and understand things from first principles. I do think your alignment is a little off.
Most pen testing and security work is more admin-like than engineer-like. It's a task of going on site and running the same spectrum of known holes and exploits and consulting on what clients and employers should be doing. The course seems spot on for testing practical pen testing. That's why distros like kali exist and companies like hak5 exist; roll up all the commonly used tools into an easy to leverage package.
The tools themselves are heavily vetted and do specific workloads, the details and implementation of which are already well defined. The people implementing the tools focus on a small space they specialize in.
Security research is the side of things that deals with discovering exploits. They're the ones that reverse engineer code, cpu instructions, etc looking for holes. They also have significantly more education on average, and it's a a competitive space that is results driven.
Tldr; If you're expecting more than that from a pen testing career, you're likely to be disappointed.