So you want to be a Hacker?（所以你想成为黑客？）

本文翻译原文：http://www.treeyhub.com/topics/133/so-you-want-to-be-a-hacker

原文链接：https://netsec.ws/?p=468

 

最近，我读到很多关于参与“信息安全”比赛的问题，还有文章和一般性讨论，在我看来，其中存在着不少使人误导的信息。这个结论可能有点苛刻，我确信他们是出于善意的目的，甚至这些建议也能起到帮助作用(没有一个标准适合所有建议)，但我想我还是把自己的想法写出来，希望能帮助新开始学习黑客的人走得更远。

Recently I’ve been reading a ton of questions, posts and general discussion about getting into the ‘Information Security’ game, and in my opinion at least it’s typically followed up by a fair amount of misleading information. That might be a little harsh considering I’m sure it’s good intentioned, it’s also even possible that the advice worked for them (there is no one size fits all advice) but I thought I’d lay my thoughts out here in the hope of helping a new budding hacker move forward.

我想做体育锻炼，我该如何开始？
这是一个不明确的，开放式的和非常模糊的问题，就和有些人提出的他们该怎么做才能进入信息安全领域的问题十分相似。这里首先要认识到的是，信息安全有大量的领域，在这些数量巨大的领域中，每一个领域都是一个终生的学习内容。就像选择一项运动进行锻炼一样，没有“最好”的运动，有时候你认为是最好的，只是因为你最喜欢它。在我的脑海中，有一些信息安全领域的例子，但它们绝不是最详尽的：

•web应用安全(Web Application Security)
•逆向工程(Reverse Engineering)
•恶意软件逆向工程(Malware Reverse Engineering)
•网络安全(Network Security)
•应急响应(Incident Response)
•标准符合性(Standards Compliance)
•第三方编程/创作工具(Programming / Creating Tools for Others)
•漏洞利用程序开发(Exploit Development)
•取证(Forensics)

其中一些更具有技术性，而另一些则更重点关注理论。我保证无论你喜欢什么总会有一些人觉得无聊，正如你有时会对别人感兴趣的事情一样。现在，如果你读到这篇文章，你可能对这些领域的任何一个都知之甚少，但重要的是你愿意学习，以及你所具有的动力。

I want to play sport, where should I start?
This vague, open ended and very ambiguous question is very similar to someone asking how they should go about getting into information security. The first thing to realize is there is a huge range of information security fields, and within each of those huge fields is a lifetime’s worth of learning content. Just like picking a sport there is no ‘best’, it’s simply sometimes area’s you may enjoy more than others. Off the top of my head here are some example area’s that is by no means exhaustive.

• Web Application Security

• Reverse Engineering

• Malware Reverse Engineering

• Network Security

• Incident Response

• Standards Compliance

• Programming / Creating Tools for Others

• Exploit Development

• Forensics

Some of these are more of a technical nature while others are more of a theoretical focus. I guarantee that whatever you like there are others out there who will find it boring, just as you will with what others are interested in sometimes. Right now it’s expected that if you’re reading this you may know very little about any of these area’s but what’s important is your willingness to learn and what type of motivation you have.

黑客进阶
在这个领域中，一个几乎普遍存在这些人身上的标志就是他们自始至终都专注于独立自主地学习安全技术。不幸的是，在某些方面，安全技术仍然被认为是一种“黑暗艺术”。我想明白的是为什么有些人会想去知道怎么样侵入计算机系统，除非他们本就打算这么做？因此，当很多人在这个错误(有时候是真的)的认知下，遇到有人询问与安全技术相关的问题时，就会对他有直接的敌意和表现出轻蔑的态度——这只不过是一个“脚本小子”想要学习破解系统，而不是为了一个好的目的而学习和使用这些知识。事实上，信息安全的“学习”资源是相当脱节的，没有真正的学习材料的中央存储库。

The Hacking Type
One trademark that is almost universal of people throughout those fields is their focus on independent, self directed learning. Unfortunately in some ways security is still considered a ‘dark art’, I mean why would anyone want to know how to break into a computer system unless they were going to do so? As a result plenty of people will show disdain to outright hostility when asking about security related questions under the false (perhaps sometimes true) assumption it’s merely a ‘script kiddie’ looking to learn to hack systems instead of wanting to learn and use that knowledge for a good purpose. It’s also a fact that the ‘learning’ resources of information security are quite disjointed with no real central repository of learning material.

需要强调的一点是，如果你想顺利并成功地进入信息安全领域，你应该做充分的准备和找到你自己的方法，而不是等待别人拉着你的手，引导你走上正确的道路。可以在Google上搜索一些相关的看起来和听起来都有趣的词条。尽管这有时候似乎是一场持续不断地要找到“最好”的学习领域，或者“最好的”资源，或者“最好”的学习方式的斗争，往往就会花更多的时间去思考这些问题，而不是花时间去真正地学习。也还可以在youtube上查找一些实例视频——如果你不知道其中讲的一些是什么含义的话，那就可以把这些记下来，列出一个清单，然后用google搜索这些知识点。要学会利用感兴趣的点来衍生出你喜欢的话题的知识网络。

The point of highlighting this is that if you wish to prosper and successfully enter into the information security field you should be prepared to jump in and find your way without waiting for someone to hold your hand and lead you down the right path. Google some of the above terms and see what sounds like fun. Despite what sometimes seems like a constant battle to find the ‘best’ field to learn, or the ‘best’ resource, or the ‘best’ way to learn often more time is spent procrastinating wondering these questions rather than dedicating the time to actually learning. Look up video’s on youtube for hacking examples – it’s ok if you don’t know what a lot of it means, but write down a list then google those terms. Use points of interest to spawn out with an ever increasing web of knowledge around topics you’re interested in.

我需要先学什么什么作为基础吗？
当然有了(坏笑~)，在你开始之前，你需要对OSI层有充分的了解。你需要阅读那本关于TCP协议的1000页的书。你还需要在你学习黑客技术之前，精通5种编程语言(至少是！)。你能从源代码编译你自己的Linux内核吗？不会？那就别去接触黑客技术了。事实上…以上这些都是扯淡，但也是那些想要学习信息安全的人所常常认为的。成为一个合格的黑客的话只有一个要求——兴趣。未来真正的黑客和脚本小子直接的区别不是知识的差异，而是学习的意愿。

Do I need to learn X first?
Of course you need to have a full knowledge of the OSI layer before you begin. Yes you need to read that 1000 page book on the TCP protocol. Yes you need to be proficient in 5 programming languages (at least!) before you consider hacking. Can you compile your own Linux kernel from source code? No? Don’t bother learning hacking. Actually…. all that is full of rubbish, yet it’s one of the most common responses given to people looking to learn information security. There is one requirement to becoming a decent hacker – interest. The difference between a future hacker and a script kiddie isn’t knowledge, it’s the willingness to learn.

只要你对如何使用电脑有一个模糊的概念，你就可以开始了。是的没错，就如你没有彻底的搞懂TCP是如何工作的的话，你可以把它列在自己的任务清单上，并寻找查阅有关它的教程。认为自己需要大量的必备知识作为基础才可以开始学习自己感兴趣的话题的想法是很可笑的。当你在查找出登录验证图形在网站上如何运行是使用了javascript的时候，你就会知道javascript是如何工作的。当你阅读缓冲区溢出是如何产生的时候，并且有一个python模板，你将会学到很多python的基础知识。虽然你不会在这基础语言学习结束之后就能找到一份开发人员的工作(就是把这门语言学的很熟的意思)，但是你会找到各类语言之间的通用方法。

As long as you have a vague idea of how to use a computer you’re at the starting point you can work with. Yes if you don’t have a solid understanding of how TCP works you should have that on your to-do list to look up when someone is talking about it in a hacking tutorial – but it’s ridiculous to think you need a ton of prerequisite knowledge before you’re allowed to start learning about topic’s you’re interested in. When you’re looking up how that login puzzle works on a hacking site and it uses JavaScript you’re going to learn how JavaScript works. When you read through how a buffer overflow works and it has a Python template you’ll learn some basics of Python. No, you won’t get a job as a developer in those languages at the end of it but you’ll pick up the common way’s to break the language.

免费学习资源(Informal Learning)

“好吧，我明白了——我需要自己学一些东西，但你至少能给我一个起点吗？”

当然，有大量免费或者廉价的学习资源，这取决于你对什么主题感兴趣，这里有一些例子。

Web应用安全

•  HackThisSite – 一些基于web的基本挑战题(传送门)

•  Enigma Group – 与HackThisSite这个网站类似(传送门)

•  OWASP Top 10 –最常见的漏洞的概念(传送门)

•  OWASP Broken Wep Apps –你可以下载上面的虚拟机来练习黑客技能(传送门)

•  Pentesting Lab –另一个以网络为中心的虚拟机(传送门)

• 事实上，在vulnhub上有任何你感兴趣的东西(传送门)

•  web应用程序黑客手册-关于网络黑客和漏洞的书(传送门)

---

逆向工程/恶意软件逆向

•  Lena’s Tutorials –被称为逆向工程最佳教程之一(传送门)

•  The Legends of Random –另一套可靠的逆向工程教程(传送门)

•  Reversing: Secrets of Reverse Engineering –一本关于逆向工程基础的好书(传送门)

•  Practical Malware Analysis –一本专注于逆向恶意软件的好书(传送门)

•  Malware Analysts Cookbook – 另一本专注于逆向恶意软件的书 (传送门)

Web Application Security

• HackThisSite – Good for some basic web based challenges (link)
• Enigma Group – Similar to Hack this site (link)
• OWASP Top 10 – Idea of what are the most common vulnerabilities (link)
• OWASP Broken Wep Apps – A virtual computer you can load up to practice hacking skills on your network (link)
• Pentesting Lab – Another web focused virtual machine (link)
• In fact anything from vulnhub that interested you is good (link)
• The Web Application Hackers Handbook – The book on web hacking and vulnerabilities (link)

Reverse Engineering / Malware Reversing

• Lena’s Tutorials – Known as pretty much one of the best introductions to reverse engineering (link)
• The Legends of Random – Again another solid set of tutorials for reverse engineering (link)
• Reversing: Secrets of Reverse Engineering – A good book on the foundation’s of reverse engineering (link)
• Practical Malware Analysis – A great book focusing on reversing malware (link)
• Malware Analysts Cookbook – Another book focusing on reversing malware (link)

网络安全

• 虚拟机在这一类别中是主要的，因为它们允许你对真实机器进行练习，前往vulnhub 并下载任何看起来很有趣的VM (传送门)

•  Metasploit Unleashed –通过metasploit测试框架的可靠运行，与VM的连接一起使用。(传送门)

•  The Basics of Hacking and Penetration Testing –对那些完全陌生的人来说，渗透测试是非常基本的。(传送门)

•  Metasploit –渗透测试指南– 另一本关于在渗透测试中使用metasploit的书(传送门)

• 因为这是一个非常大的领域，经常把它分解成一个方面，然后专门研究这方面。博客是你最好的朋友。(传送门)

 

Network Security

• Virtual Machines dominate this category as they allow you to practice against real machines. Head to vulnhub and download any VM that looks interesting (link)

• Metasploit Unleashed – A solid run through of the metasploit testing framework to be used in conjunction against VM’s. (link)

• The Basics of Hacking and Penetration Testing – A very basic look at penetration testing useful for those completely new to the field. (link)

• Metasploit – The Penetration Testers Guide – Another book focusing around the use of metasploit in penetration testing (link)

• Because this is such a huge field often it’s breaking it down into one aspect, then researching that aspect specifically. Blogs are your best friend here. (link)

漏洞利用

•  Corelan –到目前为止，这是学习漏洞利用开发的最好资源(传送门)

•  FuzzySecurity –另一个很好的学习资源,有一些教程(传送门)

•  Exploit-DB –你能做的最好的事情之一就是找到一些漏洞的例子(通常是附加应用程序)，并尝试独立地复制这个漏洞。(传送门)

•  Hacking – The Art of Exploitation –这是一本非常棒的书，涵盖了很多不同的开发技术(传送门)

•  The Shellcoders Handbook –另一本关于漏洞利用开发和shell编程的好书(传送门)

除此之外，谷歌，谷歌，还是谷歌。我遗漏了一些领域，比如取证和规范性，因为我个人对它们不感兴趣所以我没有去寻找资源，但我肯定有一些很棒的资源。

Exploit Development

• Corelan – This is by far the best resource out there for learning about exploit development. (link)

• FuzzySecurity – Another good learning resource with some tutorials available (link)

• Exploit-DB – One of the best things you can do is find examples of exploits (often with apps attached) and try and replicate the exploit independently (link)

• Hacking – The Art of Exploitation – A fantastic book that covers ton’s of different exploitation techniques (link)

• The Shellcoders Handbook – Another fantastic book on exploit development and shellcoding (link)

Other than that, Google, Google, and some more Google. I’ve left off some area’s such as forensics and compliance because personally I’m not interested in them so I haven’t gone looking for resources, I’m sure there are some fantastic ones out there.

专业学习资源(Formal Learning)

在免费资源之外，如果你想把自己的职业生涯转变为职业道路，你也可以开始获得证书，让自己对雇主更有吸引力。如果您对网络安全感兴趣的话，我强烈推荐的一些认证是“Kali Linux的渗透测试”(课程) 。这很容易成为我在这个领域所经历过的最好的学习经历之一，在60天里教会了我比我自己一年学到的更多的东西。他们的“突破边界”也是一个很好的课程，更多地关注漏洞利用开发(传送门).
如果你正在考虑开发你的编程技能，比如SecurityTube的“用于测试人员和黑客的Python” (传送门)，这是一个很好的基础教程，它将教你如何做大量的漂亮事情，比如构建你自己的端口扫描器、密码破解器等等。我并没有从就业的角度对他们的认证给予巨大的价值，但我更倾向于把它看作是一个整合的知识和例子，它仍然是有价值的。

“白帽子(Certified Ethical Hacker)”课程是另一个经常被提及的课程。老实说，这是典型的轻视(关于“道德黑客”的这个说法，译者也持反感态度，没必要这么区分嘛。)，所以我不认为这是值得的——但是如果你需要一个正式的课程来学习，那么它可能是值得你去做的。在这里的ethicalhacker.net的论坛上讨论了很多这样的认证和它们的价值。(传送门)

ormal Learning
Outside of the free resources you can also begin to get certificates to make yourself more appealing to employers if you wish to transition into the field as more of a career path. Some certification’s I’d highly recommend would be the “Penetration Testing with Kali Linux” course from Offensive Security (link) if you’re interested in network security. It’s easily one of the best learning experiences I’ve ever had in the field and taught me more in 60 days than I’d learnt in a year on my own. Their “Cracking the Perimeter” is also a great course, focusing a little more on exploit development (link).

If you’re looking at developing your programming skills things like SecurityTube’s “Python for Pentesters and Hackers” (link) is a great foundation that will teach you how to do plenty of nifty things like building your own port scanners, password crackers etc. I don’t place a huge value into their certification’s that they offer from an employment perspective, but I’d look at it more as a consolidated lump of knowledge and examples for sale which can still be valuable.

The “Certified Ethical Hacker” course is another commonly mentioned. Honestly it’s typically looked down upon so I don’t think it’s necessarily worth the money – but if you need a formal course to learn things then it might be worth the money to you. A lot of these certifications and their value are discussed over at TheEthicalHacker.net’s forums located here.

 

“Just seeing if you can”
黑客攻击的目的是获取信息，但这并不是我们所为的。创建一个exploit，寻找到一处SQL注入，密码破解，所做的这些都是为了让我们能朝着控制我们攻击的目标发展。我敢保证，几乎每一个新学黑客技术的人开始都想着“看看他们是否能”进入那个学校的网站。“看看他们能否”获得邻居的WiFi网络。向他们的朋友发送一个木马病毒只是为了“看看他们是否能”被控制。更糟糕的是，你可能会访问像HackForums.net这样的地方，看到很多人试图用RATs来感染别人，建立僵尸网络等等，在印象中这是黑客行为，或者更可悲的是，这是你唯一可以学习的方法。

我需要强调的是，事实并非如此。任何类型的“只是看看你能不能”的类型练习都可以通过虚拟机、你自己的路由器甚至是CTF或攻防比赛来模拟。即使你能获取到别人的机器的权限，你打算怎么处理它呢？你真的会试图窃取信用卡信息并进行欺诈性交易吗？你真的会窃取密码，并偏执地进行追踪账户的行动，以便偷看别人的电子邮件吗？有很多初学者被起诉的例子,他们没有意识到自己所犯的罪行的严重性。如果你去FBI找工作，在他们看了你文章记录后，你会希望他们读到你问如何主持一个僵尸网络的帖子吗？这是互联网上的一个经典例子，如果你真的想要一个信息安全的职业，你需要一个干净的记录来获得你需要做的任何安全许可。因为愚蠢的东西而被抓住是不值得的。

“Just seeing if you can”
Hacking is all about gaining access to things that we’re not meant to. Creating an exploit, finding a SQL injection, Password Cracking it’s all designed to put us towards the goal of taking control of the box we’re attacking. I guarantee almost every new hacker has started dreaming about “Just seeing if they can” get access to that school website. “Just seeing if they can” gain access to the neighbors WiFi network. Sending their friend a trojan virus “just to see if they can” take control. Worse still you might end up visiting places like HackForums.net and seeing a lot of people trying to infect others with RATs, build botnet’s etc under the impression this is hacking, or sadly that this is the only way you can learn.

I need to emphasize that this is not the case. Any type of “just seeing if you can” type exercises can be replicated through the use of virtual machines, your own routers or even capture the flag / wargame competitions out there. Being realistic even if you can access another person’s machine, what are you going to do with it? Are you really going to try and steal credit card details and make fraudulent transactions? Are you really going to steal passwords and be paranoid that your activity is going to be traced back to you for the sake of peeking at someone’s emails? There have been plenty of examples of newbies being charged, not realizing the seriousness of the crimes they are committing. If you went for a job with the FBI and they had a look through your post history would you like them to read that post about you asking how to host a botnet? It’s a classic example of what’s on the internet is forever, and if you really want a career in information security you need that clean record to obtain any security clearances you’re going to need to do your job. Getting caught for stupid stuff just isn’t worth it.

 

结术语
所以聊了这么多之后，到底什么才是关键？
•黑客会主动寻找信息，而不是等着别人把信息给他。
•脚本小子和新黑客之间的区别在于学习的欲望。
•你需要尝试各种信息安全领域来找到你感兴趣的东西。
•不要听任何人告诉你的有关学习信息安全是有先决条件的说法，事实并非如此。
•不值得”看看你是否能”做任何不合法的事情，所得到的风险和回报是没有意义的。
•有了课程，攻防竞赛，CTF，更重要的是虚拟机，这里有任何你可以合法模拟的黑客攻击场景。
祝你愉快，抱歉，马上接近尾声了，享受 pwning boxes（不知道怎么翻，感觉像是黑客的俚语）吧！信息安全是一个很棒的领域，你每天都会学习新的东西。除了全身心投入敢于尝试之外，没有比这更好的进入信息安全领域的方式。就像开始学习游泳，从弄湿身体，到学会踩水，再到保持漂浮，一点点的尝试，总有一天你会学会它的！

Summary
So after a long ramble, what’s the key points?

• A hacker will actively seek out information, not wait for others to give it to him

• The difference between a script kiddie and a new hacker is the desire to learn

• You need to experiment with a wide range of information security fields to find what interests you

• Don’t let anyone tell you that there are prerequisites for learning information security, there isn’t.

• It’s not worth “just seeing if you can” do anything that isn’t legal, the risk vs reward makes no sense for doing so

• With courses, wargames, capture the flags and more importantly virtual machines there is no hacking scenario that can’t be replicated legally

Have fun, sorry if it got preachy towards the end and enjoy pwning boxes! Information security is an awesome field and you’ll be learning something new every day that you’re involved in it. There is no right answer for getting into the field apart from jumping into it with both feet. Get wet, learn to tread water and stay afloat, one day you might even be able to swim a little!

本文所有链接请到原文查看点击。