I'm interested in becoming an ethical hacker someday. I've been reading articles saying the Python language is very popular in hacking activity because of the extent of its modules (including network).
Nowadays, lots of applications are web applications or mobile ones and the antivirus software make a great job removing malware written in C. Because of that I'm a bit confused. Is the knowledge of the C language important for the ethical hacker career?
Of course, you don't necessarily have to know C, or the given platform's Assembly (read: instruction set), but knowing them is a great help in figuring out many possible low-level vulnerabilities.
It is not the C language itself that matters, but rather the fact that in order to know C, one must first understand many fundamental computer principles, which is what allows you to then (ab)use them in any other language. You could learn about all of them in theory, but without ever practically experiencing them (which is what you achieve by programming in C), you may not be able to use them very efficiently or even realize where they're best applicable.
Similarly, you don't have to know the exact packet structure of networking protocols. However, if you do, you may suddenly be able to figure out ways to break something, which wouldn't ever occur to those who make, often incorrect, assumptions about how these protocols function solely based on their high-level experience.
It depends what you want to do.
If you want to build tools that can be used to automate tasks that are often performed for ethical hacking (such as penetration testing, port scanning, SSL/TLS testing etc.), then Python can be used for this.
If you want to analyze code to look for bugs in packages that are widely deployed such as the Linux kernel, openssl, apache, etc. - many of these packages are written in C, so a solid understanding of C would be helpful for this.
In ethical hacking (and hacking in general), the more you know about software and hardware in general, the better off you are - keep in mind there's a lot of different solutions written in lots of different languages, running on lots of different hardware.
As most operating systems are written in C, it can definitiely be advantageous to at least be able to understand C code. Most OS modules are written in C and/or Assembly. From this, you can gather valuable intel on any bugs or exploits that may be present in the target OS's various modules.
Regardless of whether you hunt bugs or try to penetrate a system, at least some understanding of C can help you a lot.
In the same vein, knowing at least the more popular languages (Python, Java, C#) can be of immense help as well - lots of systems (including corporate solutions) are written in those languages.
Python does have its own advantages in the hacker toolbox - it gives you the ability to write exploits and programs rather quickly, and has a lot of libraries that can be used to roll your own EH/pentester toolset.
Information security consists many fields and career pathes. Answering your question depends on your goal and target. If you are interested in fields like reverse engineering, malware analysis, software vulnerability analysis and such fields knowing C is essential. But in fields like penetration testing, vulnerability scanning, network security and such fields Python is a good choice. On the other hand, consider that C is a main programming language, knowing C will help you to understand many details of software and system. Also Python is a handy popular language which will help you by providing useful libraries in security.
Python can be the toolset.
It is a high-level language that you can use to write proof-of-concepts, analyze datasets, etc, etc... Writing the same things in some lower-level language makes these things boresome, error-prone and less understandable for others.
C is the knowledge.
Only being literate in C, you can understand how data structures and algorithms are represented at the low level where the interesting stuff happens. Things like buffer overruns, stack corruptions and likes, cannot be understood (and even less, discovered and analyzed) without knowledge of C.
There are pros and cons to all languages, but it sounds like C fits your goals.
An interesting definition of "hacker" is someone who sees and understands the reality behind the abstractions. A butterknife is a very functional screwdriver. A locked door is a mechanical device with numerous components - for example it can be opened by taking the pins out of the hinges. Everything on a computer is just a series of numbers subject to precisely defined behavior. It doesn't matter how people assume or expect software to work, what matters is how it actually does work. If you understand it, you can often do unexpected things.
Assembly language gives the clearest picture and the most direct control over how a computer works, and at some point you might want to get a basic understanding of assembly just to understand computers better. However assembly is generally far too low level and too painful to program anything significant. Seriously. With rare exceptions, I do not recommend assembly as active productive language for programming. Definitely not a first language in any case.
The C language is a widely used and productive language, and aside from Assembly, it gives the closest view of the reality of how the computer works. C gives you the closest control over how the computer works. C is (or can be) a very fast language, a powerful language, but that comes at a cost. C is less friendly, and C makes it easy to make mistakes. Python "protects" you from shooting yourself in the foot in various ways, whereas C just obeys any strange or dangerous code you write. Python has some really neat features, but it hides what's happening under the hood. That's great if you don't want to know.
