Sorry it's a bit long, skip to the tl;dr if you don't want to hear what I've done. I've been looking around at trying to find a good framework for what is a solid learning path for those starting off in the security realm of computing. I'll give you an idea of what I've done and what I'd like to achieve before asking a few questions. To begin with I reviewed a ton of video's on SecurityTube (awesome resource) including overviews of WLAN, Router Attacks, Metasploit, String Vulnerabilities, Assembly language etc etc. I feel from that I got a pretty solid overview of Metasploit and it's fundamentals along with possibilities with wireless, and an introduction to the other areas. From here I've read a heap of books including -
- Backtrack 4 - Assuring Security by Penetration Testing
- Lots of Certified Ethical Hacking Material
- Metasploit - The Penetration Testers Guide
- Google Hacking for Penetration Testers
- The Basics of Hacking and Penetration Testing
- Backtrack 5 - Wireless Penetration Testing
I'm also in the process of reading
- The Web Application Hacker's Handbook
- TCP/IP Illustrated
- Grey Hat Hacking - The Ethical Hacker's Handbook
On my "To Read" list after I finish the above
- The Shellcoders Handbook
- The Database Hackers Handbook
- The Debian Administrators Handbook
- Hacking Exposed Series
Here is my problem -
Throughout all this I feel as though I've been picking up small pieces of knowledge, but I haven't gained really useful skills in any one single area. I feel as though I've done a broad sweep of pen testing and security, but now I have to make a choice as to where to drill down and learn really in depth, but there are so many choices. Exploit Writing. WLAN Security. Network Security. Web Applications. Reverse Engineering. Programming Languages. OS / Protocol Knowledge. Social Engineering. I don't know what are the best 'practical' skills to have as in which have the most real world use if I ever do wish to go into the pen testing industry one day. Can Web Application security ever really be learnt without an indepth knowledge of network security? etc etc.
Summary & TL;DR - I'm really really hoping there is a well thought out justification for a structured learning approach to security in general. This would look along the lines of - "You should learn ruby in depth first as it will allow you to execute these type of scripts against web servers. Once you can do that learn web servers in depth so you can gain access via these methods, and possibly then look into network security after so you can understand how you can pivot further into networks."
As you can see by the books I'm reading, I'm more than happy to learn. I'm more than happy to read a TON, I'm more than happy to accept it will be a path of many months / years before I get competent at what I'm doing, but I'd love to have a justification for the direction I'm taking rather than "Hmmm, getting a bit bored of WLAN password cracking, time to read on indepth shellcode exploits" which I fear will get me nowhere in the long run.
- Thanks if you made it all the way through.