First time poster here, so if I post something incorrectly please let me know.
A little about me -
I’m currently working in a helpdesk position providing basic support. I have a decent amount of knowledge when it comes to the basics such as basic networking, linux command line use, the linux file system as well as Windows, and I also know python to a competent level. I’ve done TCM’s basic network pentesting course and done some entry pathways on try hack me and hack the box.
My main question -
I’m wondering what I should focus on learning next. I’ve been learning C and ASM and doing basic stack overflows and format string vulnerabilities and I really enjoy this, but I’m wondering if it’s what I should be focused on. Will I ever be good enough given how many mitigations are in place today to be able to create real 0days? given that even the basics of this are complicated to me. And even if I am is there many ethical ways to do this for a living?
My other idea is to get focused on web/higher level exploitation as this seems to be fairly useful in todays scene. I’ve messed with the basics of burpsuite and done some portswigger topics. Is this a more fruitful and useful path to go down?
Also as a secondary question, my work allows me to complete a SANS course of my choice. I was wondering if anyone has recommendations. I was looking at either going down the SEC560 > SEC660 > SEC760 path, or the SEC542 > SEC642 path.
Any tips or advise would be great, thanks!
Binary exploitation or Web exploitation for a fairly new hacker? and SANS course recommendations.