The answer of 1st question you raise is that, programming is an essential thing for Ethical hacking, as a hacker can write it’s own proof of concept, have better understanding of how things works, etc
But as you mentioned, you have a good experience of c# .net, these programming languages are not my favourite programming languages,
as if you want to automate any stuff, or want to code your own hacking tools, then python is perfect for that, i know C-lang, and having knowledge of low level lang, is very important according to me, but i mostly code in python,
Because it takes very less lines & time to code in python, and you don’t have to waste you le time in writing program, rather you more focus on problem solving
It would not take you more than 1-2 months because you have a good experience of programming.
And there is nothing to skip, which an absolute beginner cannot
Ans(2) : there are various fields in Ethical hacking like:
- Web Application pentesting & hacking
- iOS & Android pentesting
- Malware analysis & reverse engineering
- Network hacking & wireless attacks
- Digital forensics, etc
I suggest you to learn whole CEH curriculum first, according to me, it is foundation course, and will you a idea of all the fields, then learn more in particular field in which you are more interested.
For example, if you are interested in web pentesting & hacking, then start learning basic fundamentals of penetration testing, and various types of vulnerability like:
SQL injection, xss, unvalidated redirects, broken session & authentication management, command injection, insecure captcha, insecure Direct Object reference, heartbleed, unrestricted file upload, LFI & RFI, OWASP top 10 vulnerability etc.
And same goes for other fields also, such as in wireless hacking, learn about basic networking,
MITM attacks such as ARP cache poising, DHCP starvation, DNS spoofing,etc,
WEP hacking attacks such as Caffee Latte, Hirte , korek ChopChop, fake auth, fragmentation attack etc,
WPA & WPA2 hacking, iOT device vulnerability etc
Hope you get an idea about what i am trying to say.
Ans(3) Go for CEH first, as it’s course curriculum is foundation according to me, just suggesting to learn whole curriculum, not forcing to go for CEH certification.
Then go for OSCP, as it is more hands on, CEH is quite focused on theory and concepts,
These are the basics skills which you should know to go for OSCP:
- BASH scripting
- Python (will be + point for you)
- Working knowledge of Linux & it’s commands
- Basic web application attacks
Rest whole material is provided by then, there PWK course is excellent,
They starts with Kali Linux basics, and a really good line of abrahim Lincoln is written in its 1st module i.e.
“If i have 6 hours to cut down a tree, then i would spent my 3 hrs in sharping my axe”
Ans(4) absolutely not, In CEH mostly tools are used which are already in the market, as by learning programming you will able to automate any stuff, but what to automate, and what to do using programming skill, this will only clear by using existing tools and then getting inspired from the tools to make your own tools.
Tools will just going to help you, at the end you have to think and do.
Tools can’t take decision, they can just show you some security issues, or can trigger and exploit that issue, etc
Hope my answers are helpful