foreword
This is my suggestion on how to become a cyber security engineer, you should learn it in the following order.
A brief description
- First thing you should learn how to program , I recommend python first, then java.
(Not required) It is helpful to learn some algorithms and data structures next, which will help you program better.
- Once you learn how to program, you should learn how to program in c . Focus on the following topics: structure, pointer arithmetic, call by value and call by reference, string IO basics, macros, conditional compilation, program structure.
- Learn UNIX operating system basics : Unix shells, shell variables, file system, common Unix commands, shell scripting, Unix shell environment.
(Optional) Learn assembly language. Understand how assembly language is converted into machine code and then into a program that can be executed by computer hardware. And you should learn how to analyze assembler, it's useful for reverse engineering.
- Understand computer operating system and architecture, process management, memory management, file system interface and implementation, IO system, distributed system, computer network, java network programming, protection and security. Understand the basic components of system administrators and computer systems, and have a macroscopic understanding of the main components and structures of computers.
- Process management: processes, threads, process synchronization, CPU scheduling, java multi-threaded programming, and deadlocks. Memory management: main memory and virtual memory.
- Experience different operating systems such as win unix linux command line and GUI mode.
(Optional) Learning cryptography is also useful, as is the mathematics of cryptography. Traditional symmetric key, modern symmetric key, RSA, digital signature, etc., application layer security: PGP, S/MIME
- Understand computer network and Internet application layer: Web, HTTP, FTP, DNS and socket communication. Transport layer: UDP, TCP, and congestion control, etc. Some other good topics: network administration, WireShark network traffic analysis, penetration testing and network security, you can also dive into computer and network forensics, vulnerability and malware analysis, low-level protocol packet analysis, understanding software engineering. Understand the phases of software development, including requirements, documentation, design, coding, testing, and maintenance, and the strengths and weaknesses of software development models.
- Apart from academics, there are other good things to do: participate in capture the flag battles, attend security conferences with a certain foundation, visit security websites frequently, and try to build your own website after you have learned some website-related knowledge.
This instructable might be a bit harder than others have given, but it's absolutely necessary when you want to be a good hacker or penetration testing expert, you can't go from script kiddie to good hacker, and what I've written doesn't Half my knowledge, I know what I'm doing.
Cyber Security Learning Path
https://mp.weixin.qq.com/s/rB52cfWsdBq57z1eaftQaQThe first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and learn all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
Fourth, the recommendation of learning materials
Book list recommendation:
Computer operating system:
[1] Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of windows operating system
【4】Linux kernel and implementation
Programming development class:
【1】windows programming
【2】windwos core becomes
【3】Linux programming
【4】Unix environment advanced into
【5】IOS becomes
[6] The first line of code Android
【7】C programming language design
【8】C primer plus
[9] C and pointers
[10] C expert programming
[11] C traps and defects
[12] Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
[16] Linux shell script strategy
[17] Introduction to Algorithms
[18] Compilation principle
[19] Compilation and decompilation technology practice
[20] The way to clean code
[21] Code Encyclopedia
[22] TCP/IP Detailed Explanation
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacking Attack and Defense Technology Collection
【25】Encryption and decryption
【26】C++ Disassembly and Reverse Analysis Technique Revealed
[27] web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology secret
[31] Programmer's application
【32】English Writing Handbook: Elements of Style
Common Internet Security and Forums
- Kanxue Forum
- safety class
- safety cow
- Safety internal reference
- Green League
- prophetic community
- XCTF Alliance
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
video tutorial
HVV&Hacking Technical Documentation
interview questions
This full version of online security learning materials has been uploaded. If you need it, you can scan the QR code of the CSDN official certification below on WeChat or click the link to get it for free [guaranteed 100% free]
