Hello everyone...
I'm hoping there's a few professionals lurking about the place. I'm in need of some advice. Without exhausting this thread with my background, I'm a fairly experienced, self-taught, programmer. Back in the 2000's I was able to work professionally programming company specific software and got my feet wet. I now work professionally as a PLC tech and my hobbies include embedded projects for fun.
Having said that...
I must live under a rock because I really had no idea there was such a position as 'ethical hacker'. I started looking into it and took a couple of online courses to sort of get a understanding of what the job is and learned all the basic 'attacks'. It left me scratching my head though. The classes I've taken thus far have left me with the feeling I've taken more of a 'intro to photoshop' class than a hacking class. The classes seemed like I was learning to step on the shoulders of another's effort than learning to actually become so adept that I myself could find and exploit a weakness.
Then I stumbled across the derogatory term 'script kiddie'. That term very much described the path I was taking. I was learning the defined action of the attacks, but still know very little as to what is actually being done other than some very rudimentary condensed description from the teachers.
Then while browsing other forums and comments, it seems like these tools are what professional pentesters are using. Software like Nexpose seem very powerful for discovering vulnerabilities in a network. So again, I feel like I'm not quite sure where to go on from here... but I have a couple ideas.
I decided to (attempt) to learn Lisp and further, micro lisp on an esp32. I've taken an assembly language course that really helped in understanding what's going on at the hardware level. Lisp seemed like a great next step language for rapidly building testing software for discovering a vulnerability. As cryptic as it seems to me still, I really like how the REPL works in Emacs and how quickly code becomes action. My thought is that there would be a great advantage to working with a smaller microcontroller and push lisp through it. My hope is that by moving code through hardware and further dissecting and understanding network traffic, I'll understand hacking better in general. It's merely speculative and maybe not the best decision and that's why I've come to bug those who know better. I'm looking for a solid self-learning path. I'm happy in my career and really just want to add this to my portfolio. Any advice would be very much appreciated.
Adv Reply
Bookmarks