>>1067726 (OP)
>buffer overflows, write my own exploits
Read these in order, Art of exploitation by Jon erikson (a very condensed book, has intro to c and basic buffer overflows etc.), use the knowledge on eg. doing the exploitation challenges done by "Live overflow" youtube guy.
Art of software Security Assesment, (thicc book, it's about finding real vulnerabilities in real source code, C language obscurities, basic intro in security related context to file permissions, ipc, UNIX and windows, etc.)
Now comes the hard part, read actual source code and try to find vulnerabilities. The sooner you start the better. This is excruciatingly boring when you don't find anything and will make you feel like doing it less and less, prepare to spend hundreds of hours in exchange for nothing.
Once you inevitably get bored of reading source code try fuzzing, recommend afl/winafl because it can find real vulnerabilities once you spend enough time making so that the binary doesn't insta crash and does 100+ cycles a second instead of 2. Recommended book, Open source fuzzing tools or Fuzzing brute force vulnerability discovery, they overlap a lot.
Worthy mentions: A bug hunters diary (real examples of vulns in real software)
Web application hackers handbook (web app hacking obviously, old but still good read for basic understanding)
Blogs and other posts are useful once you have base foundation of knowledge. Google for them or browse infosec twitter etc.
Ethical hacking/ kali linux stuff is a meme.>>1067726