Ok… this is essentially a rant.
You have been warned.
First, some definitions.
offensive security is the art of exploiting a system. It is an art, with a good part of knowledgeable science mixed in.
something taught by an accredited proctor, you usually pay for these.
These are articles, videos, or blogs online or in print that teach you a bit about a piece of technology. These can be from industry folks or random strangers.
This is similar to a tutorial but is usually more focused. It will take you from one spot to the next. These can be from random professionals or less professional randoms.
Now, the rant.
If you learn a piece of offsec from a tutorial, course, or walkthrough you are not actually learning anything except how to follow instructions. It is important to know how to follow instructions, but it does not make you a security professional. Hell, it doesn’t get you in the same game as a professional. Skip them as often as you can. Learn the technology, the tooling, the syntax, how things fit together in a whole picture, how each piece moves with the others. Learn these, and you are on the path.
But how? How can you go from knowing nothing to writing your own tools, exploiting complex systems, and making money as a professional? By reading. Read man pages. Read documentation. Read code. Read everything. Hell, even read the tutorials, but not for knowledge, but how other people are doing what you want to be doing. Remember where you found pieces of information, learn to index, not rote memorization. You will not go far if you do not know how to do these things.
Do not learn how to do things from others. Learn how to do things yourself. Establish a pattern for HOW you learn. Maybe that involves a walkthrough for a new piece of tech from time to time. But know every line that you type, how it works, how it executes, what it means. Don’t follow blind. For blind offsec professionals are not useful.
If you have read this far, you are on the right path. That is a start. I know that it is sometimes tempting to take a shortcut, to just have someone walk you through a piece of technology, resist this temptation. Learn HOW to learn. Understand what you are doing on an intimate level, better than your own soul. Do not fear things that are hard, or fear things that you do not understand, for hard and complex things are this whole industry, all of it.
Learn, do not be told. Read, do not be told. Index, do not be told. No one will tell you how to do this job in the end. Do. Not. Be. Told.