There are two schools of thought when it comes to advanced penetration testing: 1) becoming an expert of tools...
and methods and 2) becoming an expert of the vulnerabilities and exploit code. Both are valid pursuits intellectually and professionally, and they are not necessarily mutually exclusive. But diving into exploit code clearly requires knowledge of programming.
Since the question stated that you are more interested in knowledge than a certificate/certification, one course popped into my head immediately. I would recommend the InfoSec Institute's Advanced Ethical Hacking Course taught by Jack Koziol. In the course he not only covers the tools and methods such as SQL Injection, sniffing SSL encrypted sessions and Metasploit, but he also covers the code end of the equation with reverse engineering and writing your own exploit code. In addition, there is an option to sit for the Certified Expert Penetration Tester (CEPT) exam (not to be confused with the more well known cert from Mile2 CPTE), but the CEPT barely registers a blip on the security credential scene, so this is completely optional. If knowledge is your reward, Jack is your man.
Related Q&A from Donald C. Donzal
Learn what certifications channel partners value with this expert advice from Don Donzal, and make sure you gain recognition and meet with success.continue reading
Can a former black hat ever really reform? Don Donzal tackles tough ethical questions in this expert response, suggesting community service and ...continue reading
If you are trying to decide between taking the CEH and the CNDA exams, get advice here. You may even be able to turn your CEH credential into a CDNA ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.