
Why do I feel like a script kiddie? - justwhitepixels
Hello, I&#x27;m currently 22 years old and I&#x27;m prepping to go to an university to get a degree in computer engineering. I&#x27;ve studied IT (Networking, HTML, CSS, XML, SQL, PHP ) for 4 years and 1 year of cybersecurity (Done 1 pentest, forensic analysis, SIEM + IDS + Firewall configs) but whenever I&#x27;m in the internships and I am working on projects for my classes, I feel like it&#x27;s all about following a few tutorials or docs online and that&#x27;s about it.<p>It&#x27;s particularly infuriating in the pentesting regard, I feel like I just use the tools given to me by Kali on a very surface level, but whenever I try to dig deeper into them to learn how to, for example, create a reverse shell based on a CVE, I get stuck on terminology I don&#x27;t understand and&#x2F;or can&#x27;t find info about, and it&#x27;s hard to do research on.<p>It&#x27;s really tough finding motivation to find out more about the tools I use (i.e. metasploit, nessus, nmap, hydra, etc...) when I can only understand the surface level of pentesting, particularly when Nessus&#x2F;OpenVas tells you of a CVE that&#x27;s &quot;easy&quot; to exploit but I can&#x27;t do.<p>Is there anything you recommend I learn or do? How can I get into a mindset where I can dedicate time to do research? 
I really feel like I&#x27;m simply using tools without much thought even when I try to be through.
======
nineteen999
> create a reverse shell based on a CVE

If you're talking about exploiting buffer overflows etc, it is pretty much
imperative to learn C at the very least, and probably some assembly as well.
So many of these type of exploits are in C code, and exploitable programs (not
infrequently including the OS itself) written in C are so pervasive, so you'd
need to have a good understanding of it.

It's worth noting that even many experienced C programmers don't pursue this
kind of research; it takes a special kind of mindset and focus to read enough
source code in context to recognize where the program may read untrusted input
from the network, neglect to bounds check/sanitize it, etc.

Most C programmers I know are busy trying to write code, not exploit it, and
the better ones are also kept busy trying to ensure they are not making the
kind of mistakes that lead to remote exploits (or patching them), since it is
so "get it wrong" in C.

------
_Microft
Change the title to "Ask HN: Why do I feel like a script kiddie?" to make it
more clear that you are not submitting an article for discussion but asking
the audience a question.

