I. Introduction
I have 10 years of work experience, and I am good at attacking and defending web security, infiltration, and have rich practical experience in security in the financial field. Engaged in online education for more than 3 years, trained more than 10,000 students, with clear and thorough explanations, rich courses, and patient and meticulous tutoring
So how do we learn about cybersecurity (hackers) correctly?
First of all, let me talk about the understanding of hackers & network security. In fact, the most important thing is interest. Unlike network security engineers, most of them are trained by training institutions, and they basically have defense and white hat skills. Most people look at wages, they study for employment, and take part in training in order to take shortcuts.
When it comes to finding a job in network security through self-study on network security with zero foundation, in fact, it is still difficult. There are many people who try, but most of them will fail in the end. There are many reasons for failure, including not strong enough desire to learn, the mentality of trying casually, lack of good learning materials and sound learning plans, not knowing the principles of learning programming, and inability to solve problems that lead to low learning efficiency. The main thing is that as a zero-based beginner, there is no one to guide and learn. Therefore, it is not easy for a person with zero foundation to find a job of penetration testing after groping by himself. Such people often have strong willpower and strong learning ability, and they will become the technical leaders in this industry in the future. By
2. Some preliminary preparations for learning network security
1. Hardware selection
I am often asked "Do I need a computer with a high configuration to learn network security?" The answer is no, the computer used by hackers does not need any high configuration, as long as it is stable. Because some programs used by hackers, low-end CPUs are also It can run very well, and it doesn’t take up much memory. There is another one, the hacking is done under the DOS command, so the computer can be used in the best condition! So, don’t re-purchase the machine in the name of learning...
2. Software selection
Many people will be entangled in learning hackers whether to use Linux, Windows or Mac system. Although Linux looks cool, it is not friendly to newbies. The Windows system can also use the virtual machine to install the target machine for learning
As for the programming language, Python is the most recommended because of its good expansion support. Of course, many websites on the market are developed by PHP, so it is also possible to choose PHP. Other languages include C++, Java…
Many friends will ask if they want to learn all languages? the answer is negative! To quote my sentence above: Learning programming is just a tool, not an end, our goal is not to become a programmer
(An extra thing to mention here is that although learning programming cannot get you started, it can determine how far you can go on the road of network security, so I recommend you to learn some basic programming knowledge by yourself)
3. Language ability
We know that computers were first invented in the West, and many nouns or codes are in English. Even some existing tutorials were originally translated from English, and it usually takes a week for a bug to be translated into Chinese. Vulnerabilities may have been patched at this time difference. And if you don’t understand some professional terms, you will have obstacles when communicating technology or experience with other hackers, so you need a certain amount of English and hacker professional terms (you don’t need to be particularly proficient, but you must be able to understand the basics)
For example: broiler, hanging horse, shell, WebShell, etc.
3. Network security learning route
Part 1: Security Basics
1.1.Network security industry and regulations
1.2.Linux operating system
1.3.Computer network foundation
1.4.HTLM foundation
1.5.JavaScript foundation
1.6.PHP introduction
1.7.MYSQL foundation
1.8.Python programming
Part II: Web Security
2.1. Information collection 2.2
. SQL injection vulnerability
2.3. CSRF vulnerability
2.4. XSS vulnerability
2.5. File upload vulnerability 2.6
. File inclusion vulnerability 2.7.
SSRF vulnerability
2.8. XXE vulnerability
2.9. Remote code execution vulnerability
2.10. Password brute force guessing and defense
2.11 .JWT Penetration and Defense
2.12.Logical Vulnerability
2.13.Redis Unauthorized Access Vulnerability
2.14.Deserialization Vulnerability Penetration and Defense
2.15.AWVS Vulnerability Scanning
2.16.Appscan Vulnerability Scanning
2.17.Nessus Vulnerability Scanning
2.18.Burp Suit From Getting Started to Actual Combat
Part III: Penetration Actual Combat
3.1. CVE vulnerability reproduction
3.2. Vulnhub shooting range actual combat series
3.3. Vulnerability digging project actual combat
3.4. Actual vulnerability mining experience sharing
3.5. 2023HW actual combat topic
3.6. Network security interview employment guidance course
Part Four: Enterprise Security System Construction
4.1. Level protection
4.2. Emergency response
4.3. Code audit
4.4. Risk assessment
4.5. Security inspection
4.6. Data security
Part Five: Post Penetration
5.1.MSF-Metasploit Framework
5.2.CS-CobaltStrike
5.3.Intranet penetration
5.4.System privilege escalation penetration and defense
Part VI: Code Audit
6.1.MSF-Metasploit Framework
6.2.CS-CobaltStrike
6.3. Intranet penetration
6.4. System privilege escalation penetration and defense
Part VII: Binary Security
7.1. Assembly language programming
7.2. Introduction to C language programming
7.3. Introduction to C++ programming
7.4. Windows reverse advanced version
7.5. Anti-virus anti-virus technology
7.6. Android reverse
7.7. Web Js reverse
Part VIII: Protocol Vulnerabilities
8.1. DOS and DDOS penetration and defense
8.2. Wireless related penetration and defense
8.3. ARP penetration and defense
Part 9: Advanced Programming
9.1.HTML5+CSS3 zero foundation to actual combat
9.2.Shell programming
9.3.Golang syntax intensive
Part 10: CTF
10.1. CTF Capture the Flag
10.2. Cryptography and Network Security
In general, you only need to study 10 parts for 4-6 months to get a job!
Recommended learning method: video tutorial + book
Because I was a self-taught network security at the beginning, and I have worked in security for nearly ten years now. My current position in the company is a penetration test engineer, so I still have a good understanding of this aspect. The best way to learn with zero foundation should be "video tutorials" with some books on principles to learn. Video tutorials are relatively easy to understand, while books focus on theoretical understanding, which allows you to understand the knowledge points at each stage in principle. A deeper understanding.
Video supporting materials & domestic and foreign network security books, documents & tools
interview questions
We must study network security to find high-paying jobs. The following interview questions are the latest interview materials from Baidu, JD.com, 360, Qi Anxin and other first-tier Internet companies, and some experts have given authoritative answers. A set of interview materials believes that everyone can find a satisfactory job.
Hacking Tools Collection
Study plan:
It is recommended to devote at least 3 hours a day to study, learn new knowledge points for 2 hours, and practice for the remaining 1 hour. Watch the video tutorial every day, and then practice all the actual combat in the video to deepen your impression. Then read the corresponding book chapters, deepen the understanding of theoretical knowledge for the knowledge points learned today, and practice all the actual combat in the book. Generally, the course will be equipped with today's homework, and all the homework should be completed independently. If you can persist in studying every day, this process will last about four to five months. The length of the cycle depends on your learning ability and how much time you can spend every day. In the end, you must master the main technical points. Whether you can succeed in the end depends on whether you can survive the various difficulties you encounter in the process, solve each difficulty, and get a high salary.
Here are two quick solutions to the problem:
Baidu & Google
As a network security learner, you must use search engines well at the beginning. Although the network security ecosystem is not very sound, most of the problems you encounter now have been encountered by predecessors. Many problems are in Just search on Baidu and you will find the answer you want. Try to solve problems independently and gradually form a habit. After a long time, your ability to solve problems will improve rapidly.
ask the boss
Although Baidu has huge data, there are some problems that Baidu cannot solve. At this time, we must seek a more intelligent weapon, that is, "people". If you have a friend doing development around you, you can send your questions to your friends and classmates, and ask him to answer you, or a teacher, which will greatly improve our problem-solving efficiency.
Four. Summary
The above are some of my analysis of network security learning and research on the learning route. I hope it will be of some help and inspiration to you.
It is still quite difficult for beginners to learn network security with zero basics. I have collected a lot of learning materials, and I also have a shooting range for learning network security, and I also have a very complete study plan. Welcome friends who are interested to come to learn and communicate!
