I’ve been programming for several years, mostly self taught. Some of my skills were obtained through college or other academic means. I’m generally a curious person and tend to find amusement in learning stuff, I generally like to be challenged. I’ve recently started taking a look at cybersecurity and decided to take a look at CTFs from begginner to medium level in vulnhub. As I didn’t have that much knowledge or couldn’t find any reliable way of learning every type of attack that you could perform I’d just go through a bunch of walkthroughs and get more or less an idea of what tools I’d need. I went over TCP/UDP protocols as I forgot how they operated and that was probably the best part of all of it. From my perspective most of the attacks were: scanning/gathering information -> try A -> if A doesn’t work try B -> if B doesn’t work try C… etc.

I get that they are meant to tech you the basics but it’d be good to know where I’m going. 10 years ago when I learnt C I could more or less infer how graphics were drawn given the information that I was given, I could somewhat theorize how to make a videogame, I’m not getting that sense thus far when it comes to pentesting. I’ve mostly tried web pentesting as I’m working in that field but something tells me that I’d have more fun if I started trying to “crack” software, looking at security measures, reverse engineering, wrestling with assembly instruction to see what’s going on…etc.

I know that I have a very naive picture of the whole thing but I couldn’t find any way to prove this notion wrong unless you get to quite high levels and… Idk try actively to find zero days? Sounds fun but prohibitively hard atm.

I’d like to be proven wrong. Ty in advance.

TL;DR: I want to know more or less how a more advanced hacking experience looks like and if it’s something similar to trying A then B then C… basically spamming known vulnerabilities until one clicks. I don’t need super specific stuff. Sharing a story would help. Ty!