So I've been reading a bit on the OWASP homepage and also bought the "Coding for Penetration Testers" book and I'm working myself through it, trying to get an overview of how things are done. The more I read though, the more difficult and confused I get when trying to choose where to invest my time and put my focus.
I've been reading about socket programming with python in the book, and read a low-level introduction article on how sockets are implemented in C, linked by the python docs. I've come to realize that I find all this low level stuff really exciting, and I'm tired of using high level language libraries, without knowing how stuff really works.
I did a bit of Googleing and found that C/C++ is often used for doing exploits and shellcode. So do you guys think it would be beneficial for a newbie like me learn how to implement network shells, making payloads etc, in a low level language like C? Or would that be a waste of time? Is C programming a useful and often required skill/tool when working as a penetration tester, especially now that web application security seems to become more and more popular?