Suggestion 1: Seven levels of hackers (for reference only)
Hackers are full of temptation for many people. Many people can find that this field is like any other field. The deeper you go, the more you will be in awe. Knowledge is like an ocean, and hackers also have some levels. Please refer to the sharing of Chuangyu CEO ic (a member of the world's top hacker team 0x557) as follows:
Level 1 Lengtouqing [millions of people]: know how to use security tools, can only scan and decipher passwords simply
Level 2 system administrators [tens of thousands of people]: make good use of security tools, especially familiar with
the development of systems and networks Level 3 large companies Personnel or core security company Da Niu [thousands of people]: very familiar with the operating system, started to develop codes, wrote their own scanner Level
4 can find and exploit vulnerabilities [hundreds of people]: can find loopholes by themselves, find 0DAY by themselves and Write Exp to exploit loopholes, do protocol testing for exploiting loopholes in the system
Level 5 high level [less than a hundred people]: people who defend and build systems
Level 6 elite level [dozens to a dozen people]: have a good understanding of the operating system In-depth
Level 7 Big Niu Niu [Few]: Mark Zuckerberg, Albert Einstein and other people who changed the world
You can see, what level are you at now? You may be wondering which level I am at, my level is not high, and I am on the way to seek a breakthrough. However, I have also practiced the other two skills, which may allow me to make a more interesting breakthrough. As for what it is, I'm sorry, how dare I be presumptuous before I succeed.
Suggestion 2: learn to observe
I often say that the Internet is full of treasures, and observation is the first necessary skill. If you are good at observing and summarizing, you will discover some ways faster, which will make your life easier than others.
Suggestion 3: circle
In the above process, you will definitely become familiar with some IDs. Do you want to make some friends? Show your strengths, sharing is important, no one likes to reach out or troll.
It is especially recommended to understand the classic attributes of all groups in the next circle, and recommend the books "The Selfish Gene" and "The Crowd".
Tip Four: Creativity
I mentioned before that to be creative enough, there are two key points, one is "vision" and the other is "focus". Vision is horizontal, and concentration is vertical. The two need to be balanced, because human energy is limited (the law of energy conservation). As long as either one is out of balance, neither will exist.
For most people, focusing is the most difficult. After all, this is an immediate process of entropy reduction, a process of self-organization of information. Seriously, you accelerated the end of the universe because of your focus. As for why, it will not be expanded here. In short, it is really difficult to focus, and you have to force yourself a lot of times.
Because of selfish genes, human beings are always bursting out their creativity consciously or unconsciously. Some creativity can change the world, some creativity can change the family, and some creativity can change yourself. These are all creativity. How much creativity you need depends on your genes, on who you want to be.
After all, there are "very few" people who can change the world...
Suggestion 5: Some good resources
Open your browser and search for:
i Chunqiu, Wuyun, Zhichuangyu R&D skill table v3.0, FreeBuf, enough!
If these few clues don't open up your hacker world view and make you creative enough, then it's useless to ask more. I suggest that you really savor some of the knowledge they give, follow the vines, and gradually extend your tentacles to the world. As I said earlier, learn to observe.
Suggestion 6: Network security hacker learning route
The first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and study all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF Competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
Fourth, the recommendation of learning materials
Book list recommendation:
Computer operating system:
[1] Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of windows operating system
【4】Linux kernel and implementation
Programming development class:
【1】windows programming
【2】windwos core becomes
【3】Linux programming
【4】Unix environment advanced into
【5】IOS becomes
[6] The first line of code Android
【7】C programming language design
【8】C primer plus
[9] C and pointers
[10] C expert programming
[11] C traps and defects
[12] Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
[16] Linux shell script strategy
[17] Introduction to Algorithms
[18] Compilation principle
[19] Compilation and decompilation technology practice
[20] The way to clean code
[21] Code Encyclopedia
[22] TCP/IP Detailed Explanation
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacking Attack and Defense Technology Collection
【25】Encryption and decryption
【26】C++ Disassembly and Reverse Analysis Technique Revealed
[27] web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology secret
[31] Programmer's application
【32】English Writing Handbook: Elements of Style
Common Internet Security and Forums
Kanxue Forum
Safety Class
Safety Niu
Safety Internal Reference
Green League
Prophet Community
XCTF Alliance
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
video tutorial
SRC&Hacking Technical Documentation
Hacking Tools Collection