Recommendations

[i486pc]

I am starting study about ethical hacking and I am looking for ideas, tips

Like for example batter study Delphi, C, C# instead python, I understand that our path is turn one FullStack 

I understand that the best hackers are those that dev your own tools, but which one do you guys pick to lear Kali or BlackArch and why, please

thanks so much all for your time & for helping me

[dark_pyrro]

It doesn't really matter where you begin if you don't know what you want to focus on when it comes to cybersec. Just like in AiW; "If you don't know where you're going, any road will take you there." It's such a large area of expertise that you have to focus on certain areas, you will most likely not be able to cover all of it anyway. Also select topics to develop knowledge in from any tech environments that the potential customers and engagements are most likely to be using.

I think that the very base of things is to be good at the tech itself (and the business supported by the tech used). If you don't know OS:es, scripting, programming, networking, AD, etc. etc. chances are that you won't be very good at doing cybersec related stuff. You have to understand all the "layers" to be successful. Don't start with the "hacking" perspective. Start with using computers and what surrounds them. That's what you need to learn to be good at cybersec things.

Kali, BlackArch, or whatever doesn't really matter as I see it. Some things will be a bit easier for sure since tools are available/installed, but you could use almost any OS/distro and add what's needed at each given moment. I most often use Kali when I feel the need for it, but is it because it's the best distro...? I haven't evaluated that at all and I don't feel that there's any need for it. Just spin up anything and use it.

Selecting a programming language to learn just to create tools isn't something that I think you should focus on at this stage. If you've reached the point when you are skilled at such a level that you are developing your own tools, you know by your own experience what to use and that situation is not what you are in right now. Leave that for the future (if you ever need to get there).

 

You also have a dedicated thread that is pinned to the top of this section of the forums that deals with the subject

 

 

[digininja]

How you get started depends on what you are interested in, if you favour web app testing, then I'd suggest learning one or two web app languages to the point you can develop a basic app and deploy it on a fresh machine, that way you'll get an understanding of everything from the OS upwards.

If you are more interested in networking, build some networks. Look at CCNA or the courses offered by the GNS3 team.

Same for mobile, reverse engineering, exploit dev, or any other area. Learn the fundamentals first, then look at learning how to test it.

This is a much slower and less sexy way to do things, but it gives you a much better understanding so you'll end up progressing much faster once you get into it.

As for which OS, I prefer Debian and installing all the tools I need from scratch. That way I know that they actually work and how the work. I've seen pre-installed tools on Kali and similar platforms that just don't work but testers who don't know what they do and how to know if they work or not just use them and are oblivious to the fact they aren't working. If you install a tool yourself and test it, you'll know much more about what it is doing so will know what it is telling you rather than just reading the output and dropping it in a report.