Preface
First of all, we must understand that the hackers mentioned in this article are not the kind of hackers who steal other people's information and attack other people's systems, but the network security engineers who debug and analyze computer security systems.
One of the cores of hacking technology is penetration attack and defense technology, which is a mechanism provided to prove that the network defense is operating normally according to the expected plan. It is a method to evaluate the security of computer network system by simulating the attack method of malicious hackers.
So what are the techniques that beginner hackers need to master?
Before you can be called a hacker, there are some basic knowledge you must master.
If you want to become a hacker, you must first know the stages of hacking technology:
Stage 1: Script Kiddie
Difficulty: Low
Reaching part of the level of "hacker news", the principles of such groups are not well understood, but the intrusion process and methods are very clear.
Such as: buying an iPhone for a penny, hacking the official website to hang photos of goddesses, etc...
Skill requirements: You must be proficient in using tools, and tools are the guys who eat.
The second stage: infiltration stage
Difficulty: Medium
At this stage, you can rely on technology to get a job and be a technician with a good salary. However, the threshold will become higher and higher, requiring systematic learning, mastering at least one programming language, and knowing the principles and process methods of attack methods. If you learn well, you can develop tools, and you can also look at the corresponding job requirements of major companies. Different companies have slightly different requirements, and the salary is generally very good~
The third stage: engineering and actual combat
Difficulty: slightly higher
At this stage, you need to be proficient in at least one field, have excellent audit experience, and understand scripts, POC, and binary related.
The fourth stage: security expert level
Difficulty: high
One person can support all the demand trees of a certain function of APT if he has penetrated the knowledge points in a certain field and has his own understanding and achievements. This point is related to experience and time.
Many people yearn for the protection of the net, and the offense and defense of the protection net are divided into the red team and the blue team.
So what skills does a red team need?
Intranet penetration, APP penetration, supply chain attack, etc., need to know a variety of means, various bypass means: deformation, statement, script... and have the ability to audit code.
The blue team is relatively simple, and the main thing that needs to be mastered is the partial emergency response killing.
After finishing the study, you can also develop into the primary level of the blue team.
Of course, there is a deeper level, and we have to continue to study in depth, so I won’t make too many descriptions here.
At present, if you want to work in the security industry, the technology in stage one is completely insufficient. The skill points of script kiddies are mainly in the use of hacking tools, which is no longer competent at this stage. Because Party A has money, the WAF firewall can provide basic security protection.
So how do we learn?
There are no more than three ways to learn network security technology:
[One by one to help with safe learning, all resources are obtained one by one]
The first is to apply for a major in network security, which is now called a major in cyberspace security. The main professional courses: programming, computer composition principles, data structures, operating system principles, database systems, computer networks, artificial intelligence, natural language processing, social computing , network security laws and regulations, network security, content security, digital forensics, machine learning, multimedia technology, information retrieval, public opinion analysis, etc.
The second is self-study, which is to find resources and tutorials on the Internet, or find a way to meet some big guys and hold your thighs tightly. However, this method is time-consuming, and there is no plan for learning, and you may feel yourself for a long time Without progress, it is easy to dismiss.
The third is to seek training.