I am currently trying to learn cyber security, specifically pentesting. I also do blue team things now and then, but not too often. I’ve started about 2 years ago with programming in python, later golang. I feel like I am decent in both. However when it comes to pentesting and security in general. It doesn’t feel like I’m doing progress whatsoever. I know about theoretical Linux, networking, programming and that stuff, but when it comes to the hands on tasks, I fail miserably. I know know how HTTP works, but can’t do easy Hack the Box CTFs without a complete writeup (not just little hints). I solved a few CTFs on different platforms with the help of writeups because I thought I just lacked the creative thinking part, but I don’t see any progress. And when I feel like doing CTFs, I quickly loose motivation because I don’t get anything done. Can anyone relate? How can I overcome this?
Read, reproduce, understand. Think of how the programmer was solving a problem and left a problem. Did they probably didn’t understand the problems. The synthetic challenges are often a skill to themselves.
Re attention span, consider different expectations. Professional product engagements are often 2 ftes/2 weeks. Getting a few good findings out in that time is the goal.
Sometimes they run out of time on a thread they are looking at. Sometimes they pull on a thread only to find out there’s no way from here. Sometimes years later there’s an insight that x could work.
Building up that last skill is what makes you more effective. Find someone to bounce ideas off of that’s in the learning curve with you.