Beginners start here..
R
How to Hack?
The basics. A good understanding of Linux, networking, some coding experience(Bash, Python, C, PHP, Ruby etc..), also being familiar and using some tools like Metasploit and vulnerability scanners. Active Directory is a must, as in most corporate environments it just exists. Below is a simple outline, it may not be right for you, but it may point you in the right direction.
Step 1 The Basics
Start with a home lab setup, make sure you're comfortable with the various operating systems, Linux, Mac and Windows. Learn the basics and fundamentals of networking. Now is a good time to make a plan, how are you going to learn? Books, Courses? both? Set yourself some easy goals to begin with, for example the basics of the Linux command line and directory navigation. Possible certifications at this level maybe A+ and or CompTIA Network+
Step 2 Fundamentals
Following the basics once you feel comfortable, you can start focusing on the more important technical aspects and methodologies of penetration testing. Focus on learning new techniques, tools, and have a professional testing schema. Reports and note-taking should now be part of your repertoire. You should be really comfortable by now working through some basic vulnerable machines, like the easy boxes on Hackthebox. Certifications to consider at this level maybe CompTIA Security+ or equivalent.
Step 3 Intermediate
Exploit Development, Web & Mobile app testing. DFIR & Threat hunting. Malware analysis and Reverse engineering. When you know, you know. Some have an interest in Bug Bounty, some don't. I feel this is about the level where you explore various paths, you may find yourself in one camp or another, either way, you have made progress, so pat yourself on the back. Check out hackerone. Certifications to consider at this level, CompTIA PenTest+ or similar.
Step 4 Advanced
Advanced penetration testing, custom exploit writing, custom shellcode. For those that may have existing penetration testing experience, this level is more dedicated to advanced and in-depth knowledge of the most prominent and powerful attack vectors. Malware development usually begins at this level. Intro to malware development can be found here Sektor7. Writing your own custom exploits at this level are normal.
Step 5 Professional
You now have a solid foundation of networks, internet protocols, IT security issues, and penetration testing concepts, as well as the ability to read, write and understand code. Focus now on professional certifications like the OSCP. By now you should know your path, most at this level pursue the OSCP.