If you want to pursue penetration testing, the best approach is to start with OffSec courses like Penetration Testing with Kali Linux (PEN-200), as it’s an excellent starting point. Additionally, you should become familiar with Linux systems because you'll often need to use them or target them in your work.
To achieve the goals you've described, there are two main paths:
- The Long Path: This route takes more time but results in becoming a highly professional penetration tester with a deeper understanding.
- The Short Path: This is quicker and will help you become a good penetration tester; however, you may feel that something is missing or incomplete in your knowledge and skills.
For the approach you've outlined, you need to:
- Learn Linux from Scratch:
Start by mastering basic Linux commands and gradually progress to understanding Linux comprehensively. Don’t just focus on Debian or Kali Linux. Learn about Linux infrastructure, its operation on servers, VPS environments, and personal machines. Explore various distributions like Arch Linux to gain a broader perspective.
- Improve Your Python Skills:
Since you already have some basic Python knowledge, work on enhancing your skills professionally. Python is crucial in penetration testing, so mastering it will significantly benefit you.
- PEN-200 and Advanced Courses:
Once you have a solid foundation in Linux and Python, you can move on to courses like PEN-200 and other penetration testing courses. OffSec and other organizations, like F-Sec, offer specialized training tailored to penetration testing.
The Long Path:
Let’s now talk about the long path. For this approach, you should start by learning C or C++. While both languages are similar, C++ offers more advanced features. Since you already know the basics of Python and understand programming fundamentals, you can directly switch to C++. Begin by learning C++ and working on some projects to apply your knowledge.
Next, focus on networking. In this path, you need to become an expert in networking—not just basic concepts, but an in-depth understanding of advanced networking principles. Once you’ve mastered networking, you can use your skills to create tools, automate tasks, and explore other practical applications.
Afterward, you can dive into penetration testing, starting with OffSec’s courses. A good starting point is
PEN-200. After completing PEN-200, move on to
PEN-210, which focuses on foundational wireless network attacks. At this stage, your networking knowledge will be invaluable as you explore the darker, offensive side of networking.
From there, you can progress to
PEN-300, which covers advanced techniques such as sophisticated evasion strategies, breaching defenses, and more complex mechanisms.
By following this structured path, you will gain a deep understanding of programming, networking, and penetration testing. After completing these steps, you will have the skills of a highly capable penetration tester and can decide on your next steps based on your interests and goals.
