I am really enjoying studying currently, and putting in around 10 hours a day 6 days a week.
Ethical hacking and penetration testing require a wide range of skills and knowledge.
Take SQL Injection attacks for example; This is a multilayer attack, where the attacker needs to understand various database queries (MS-SQL, MySQL, Oracle etc) and some scripting languages (PHP, ASP, Perl etc). If the attacker is also going to perform some form of command injection and get a remote administrative shell, they would also need to understand the configuration and capabilities of the web-server, and likely some advanced networking techniques (Windows, Linux, IIS, Apache, advanced use of various TCP tools such as FTP, TFTP, Netcat, inline file transfers etc).
It's lots of fun, but difficult to keep track of everything I am studying, which is why I have just updated my study plan again, at least so that I can keep track of what I have done so far:
I am trying to book up exams every month or so, so that I have specific targets to aim for as well.
I passed CEH and Security+ recently, but I found them too easy, so I will be looking to complete some tougher challenges over the next few of months.
I've just started CTP, which is one of the most challenging Penetration and Ethical Hacking courses available.
CTP covers advanced hacking techniques such as developing 0-day exploits, crafting your own custom shellcode, advanced web attacks, reconfiguring border routers to tunnel MITM attacks across the internet, avoiding Anti-virus, back-dooring existing executables, and bypassing new Windows protection mechanisms such as DEP and ASLR.
It will probably take me a while to get through the material ;o)