what is a hacker
The term Hacker originally referred to computer experts who are enthusiastic about computer technology and have a high level, especially programmers.
What types of hackers have evolved
white hat hacker
White hat hackers refer to hackers who have been authorized or certified to work for governments and organizations by conducting penetration tests to identify network security vulnerabilities. They also ensure protection against malicious cybercrime. They work under the rules and regulations provided by the government, that's why they are called ethical hackers or cyber security experts .
black hat hacker
Black hat hackers can gain unauthorized access to your system and destroy your important data. The attack methods they use are common hacks they have learned before. They are considered criminals because their malicious behavior can be easily identified.
gray hat hacker
Gray hat hackers fall into a category between white hat hackers and black hat hackers. They are not legally authorized hackers. They work with both good and bad intentions; they can use their skills for personal gain.
red hat hacker
They are also known as sharp-eyed hackers. Like white hat hackers, red hat hackers are designed to deter black hat hackers. There is a big difference in how they work. When it comes to dealing with the malware behavior of black hat hackers, they have become ruthless. Red Hat hackers will continue to attack the aggressiveness of hackers who probably know that it too will have to replace the entire system.
Why hacking is hard to teach yourself
There are many things that hackers need to learn, and many things are critical. How far you can go is a test of your execution and interest.
The first is basic theoretical knowledge:
The principle of computer composition, computer network , computer architecture , computer operating system, cryptography, multimedia technology, etc., all need to be mastered. In a word, it is the basic course of university computer.
programming knowledge
Common language foundations such as HTML, CSS, JavaScript, PHP, Java, Python, sql, C, C++, shell, assembly, nosql, powershell, etc. need to be mastered, at least proficient in using Python and mysq|, these languages must learn two Week to two or three months.
Vulnerabilities
There are many types of vulnerabilities, and there will be overlaps according to different standards. Hackers must master the formation principles of most vulnerabilities. How to detect, how to exploit, how to repair. Common website vulnerabilities include sq| injection, XSS, file inclusion, directory traversal, file upload, information leakage, CSRF, account blasting, various privileges, etc. Common binary vulnerabilities include buffer overflow (pwn), heap overflow, integer overflow, format string, etc., and the protection mechanism of the operating system must be bypassed during analysis. There are also loopholes in the protocol, such as denial of service of TCP and UDP, DNS hijacking, ARP spoofing, and now industrial control, Internet of Things, AI, etc. also have various loopholes.
Hackers Master the Tools
There are too many tools. Basically, the current mainstream customer tools must be used proficiently, whether they are commercial or free, such as nmap, burpsuite, sqlmap, msf, IDA, ollydbg, hydra, rainbow table, hashid, various scanners such as openvas , awvs, etc.
Website and newsletter knowledge
Client and server, the user enters the URL and clicks to access to the server to return the knowledge involved in the web page. Such as Js, http request, web server, database server, system architecture, load balancing, DNS, etc. must be mastered. Then there are the mainstream website development frameworks. You need to know the mainstream frameworks of PHP and CMS.
self-study cheats
In fact, becoming a hacker is not difficult. The difficulty is that you don’t have a clear learning path, no one knows, and you don’t know what to learn, which leads most people to think that learning hacker is difficult. This set of detailed mind maps can help you open your mind. Private message me [Learning Route] Get it for free
Hacking career direction
The employment direction of network security is roughly divided into five stages: security consulting, security testing, security implementation, security compliance, and security services. These five stages generally include various companies in the network security industry. From a technical point of view, these five stages can be divided into two directions: "web security" and "binary reverse".
1. Web security jobs
(1) Penetration test engineer job requirements:
①Familiar with the steps, methods, and processes of penetration testing, and have strong penetration testing and vulnerability mining capabilities; ②Familiar with commonly used security tools such as: BurpSuite, Nessus, Wvs, Nmap, Sqlmap, Kali Linux, etc.; ③Familiar with Web security technology, Familiar with the OWASP TOP10 vulnerabilities, and understand the causes and solutions of the vulnerabilities; ④Can independently complete the security testing of the company's related applications and servers, and propose solutions to related vulnerabilities;
(2) Network security engineer job requirements:
①Familiar with the generation principle and repair plan of common web security vulnerabilities, familiar with Linux system and Windows system and related services, and system application security features; ②Have experience in black and white box security testing and business logic vulnerability mining; ③Familiar with various network security devices, such as IPS, IDS, WAF, SOC, Antivirus Wall, etc.; ④Familiar with at least one language such as shell/python/java/php, and those with code security audit experience are preferred; ⑤Certificates such as CISSP, CISA, CISP, CCIE Security, etc. are preferred Consideration; those who have submitted high-risk vulnerabilities on various vulnerability reporting platforms are given priority.
(3) Safety service engineer job requirements:
①Familiar with common Windows&linux, Web application and database attack methods; ②Master the principles and utilization techniques of common web security vulnerabilities (SQL injection, xss cross-site scripting, file upload, csrf cross-site forgery request, file inclusion, unauthorized access, SSRF, etc.); ③Familiar with the process and method of penetration testing, and have rich experience in penetration testing; ④Proficient in at least one programming language.
2. Binary reverse jobs
(1) Requirements for reverse engineer positions:
①Proficient in the Android mobile phone platform, have a deep understanding of the underlying interface of Android, and have experience in Android development; ②Proficient in decompilation, dynamic debugging, encryption, security reinforcement and other technologies of Android App; ③Familiar with the LinuxAndroid system architecture and security mechanism; ④Master various reverse analysis tools ; ⑤Familiar with Android Hook technology, able to deal with hook compatibility issues of various versions of Android ⑥Master the principle and technology of local privilege escalation of LinuxAndroid system. ⑦ Proficient in the capture and analysis of network packets, proficient in using various protocol analysis tools such as tcpdump, fiddler, and wireshark;
(2) Vulnerability/virus analysis engineer job requirements:
①Have a deep understanding of windows security, linux security, network security, and intranet penetration, including attack principles and defense methods; ②Familiar with at least one or more programming languages such as Java, python, shell, and powershell; ③Have Data security analysis ability, or practical programming and development experience in big data real-time computing and distributed computing systems is preferred.
(3) Requirements for security researcher positions:
① Have experience in code auditing, have auditing capabilities for PHP and JAVA, and be familiar with mainstream frameworks; ② Be able to independently analyze public vulnerabilities, and be familiar with the principles and utilization methods of vulnerabilities; ③ Master common white-box audit ideas, and have the ability to track the latest vulnerabilities and reproduce them Ability.