Hello everyone! I have been working in IT for a few years and have maintained various certifications including A , Net , Sec , CCNA, MCSA Server 2012R2, and recently C|EH. Lately I have been primarily working as an instructor and not too much in the field. I would say I am very good on theory (regarding my certs, not programming) but weak on coding. I aim to learn more about penetration testing and that is the extent I want to get out of learning coding, as far as my immediate goals, if that makes sense!

I feel confident with security best practices (defense) and Active Directory, but I really want to go beyond being a script kiddie.

Any guidance would be appreciated. Also if there are any sources recommended for learning, I'll gladly listen. I have been running through Sololearn(dot)com the past couple days going through HTML, Javascript, and PHP. I have a couple of pdf books for Python, which is what I plan to primarily focus on. I plan to learn some Ruby in the future, when I get more comfortable with coding in other languages. So far the lessons are easy to understand and digest; I was able to get a lot done between 3 languages in 2 days. However, I'm now wondering where to go from here, as I learned only the bare-bones basics. I have been working on Python now, happy that I'll be able to understand my Firebug outputs just a little better now, but still got some work to do for sure.

I have struggled in the past with the logic of coding :/ and failed to remain consistent. I have never taken any formal classes and am self taught in my other areas. I need to give myself practice every day and motivation. I plan on getting it done now that I have a little free time in the mornings.

My goal this year is to feel confident in purchasing the OSCP course and passing the exam. I have read a couple reviews from people who passed that claimed they had little to no coding experience prior to the class. I would rather be prepared and knowledgeable as possible. I am somewhat familiar with msfconsole (you don't actually learn it for C|EH surprisingly) and I know it's a matter of knowing what modules to load and setting up remote exploits (at least from the exercises I've done in my own lab) but it seems having a knowledge of programming is required for getting the most out of it.

That being said, I do have a virtual lab using VirtualBox with resources like Metasploitable, DVWA, Vulnerable Windows boxes, Kali, and a couple other things. I am still learning to make the most of my environment. Things I need to work on include SQL injections. I am weak on Database coding bigtime. I have used msfconsole to run various vulnerabilities I have researched, and I have also used the web interface on Windows to exploit an outdated java browser extension. I feel comfortable with nmap and various tools for password cracking, persistent backdoors, etc. My C|EH studies have my familiar with this but no programming. I can pick out versions from banner grabbing and certain slivers from code outputs but if I try to explain it to myself out loud, I find I don't understand a good deal of what I see more often than I'd like to admit.

Any advice is greatly appreciated!